New Phobos ransomware exploits weak security to hit targets around the world

A prolific cybercrime gang behind a series of ransomware attacks is distributing a new form of the file-encrypting malware which combines two well known and successful variants in a series of attacks against businesses around the world.

Dubbed Phobos by its creators, the ransomware first emerged in December and researchers at CoveWare have detailed how it shares a number of similarities with Dharma ransomware.

Like Dharma, Phobos exploits open or poorly secured RDP ports to sneak inside networks and execute a ransomware attack, encrypting files and demands a ransom to be paid in bitcoin for returning the files, which in this case are locked with a .phobos extension.

Read more…
Source: ZDNet