Ransomware, Threat Intelligence

Phobos ransomware operation uncovered by indictment against suspected admin

November 21, 2024

Share

Ransomware attack alert on monitor screen in data center, network security concept

(Adobe Stock)

More than $16 million have been amassed by the Phobos ransomware-as-a-service group from its nearly a thousand victims, including U.S. health providers, federal contractors, and public school systems, during the past five years, according to The Record, a news site by cybersecurity firm Recorded Future.

Included in the Phobos-hit organizations that paid a ransom were a California public school system, a North Carolina children's hospital, a Maryland-based accounting and consulting service provider, and health organizations in Pennsylvania and Maryland, revealed an unsealed indictment against suspected Phobos administrator Evgenii Ptitsyn. While Phobos activity has significantly declined earlier this month amid the arrest of Ptitsyn, the RaaS operation was noted by Recorded Future ransomware expert Allan Liska to have outlasted ALPHV/BlackCat, LockBit, and other ransomware gangs due to its lower profile. Ptitsyn's arrest has also resulted in reduced activity for the 8Base ransomware gang, which has been spun off from Phobos.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

SC Staff

Related

Ransomware attacks primarily caused by poor cyber hygiene

SC StaffNovember 21, 2024

Aside from primarily leveraging basic usernames for their accounts, organizations impacted by ransomware intrusions from July to September — including those in the government and healthcare industries — also mostly failed to implement multi-factor authentication that could have deterred brute-force attacks.

Law and Justice concept. Mallet of the judge, books, scales of justice. Gray stone background, reflections on the floor, place for typography. Courtroom theme.

US charges suspected Scattered Spider hackers, disrupts PopeyeTools

SC StaffNovember 21, 2024

Alleged Scattered Spider hackers Ahmed Hossam Eldin Elbadawy, Noah Michael Urban, Evans Onyeaka Osiebo, Joel Martin Evans, and Tyler Robert Buchanan have been indicted for their involvement in a prolonged cryptocurrency theft operation that involved SMS phishing, corporate system compromise, and further phishing intrusions.

Joint US, Australian advisory sheds more light on BianLian ransomware

SC StaffNovember 21, 2024

Attacks by the BianLian, which have been completely exfiltration-based extortion since the beginning of the year, have involved the exploitation of Windows and VMware ESXi security vulnerabilities for initial access, with the ransomware gang leveraging various other tools to facilitate lateral movement and data compromise.

Related Events

Related Terms

DNS Spoofing Deauthentication Attack Deepfake Distributed Scans Fault Line Attacks Google Hacking Hybrid Attack Information Warfare Password Cracking Reconnaissance

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news