| Category | Details |
|---|---|
| Threat Actors | Phobos Ransomware group; key figure: Russian National Evgenii Ptitsyn. |
| Campaign Overview | Conducted ransomware attacks over five years, targeting U.S. federal contractors, healthcare, education, and law enforcement. Generated $16M globally. |
| Target Regions | Primarily U.S., including federal contractors, healthcare providers, public school systems, and a law enforcement union. |
| Methodology | Ransomware-as-a-service (RaaS); affiliates purchased decryption keys for $300; targeted smaller organizations with low ransom demands. |
| Product Targeted | Computer systems of healthcare providers, schools, law enforcement unions, and federal contractors. |
| Malware Reference | Phobos ransomware; associated variants include Elbie and Eking. |
| Tools Used | Phobos ransomware distributed via dark web RaaS platform. |
| Vulnerabilities Exploited | Lack of robust cybersecurity measures in targeted organizations; exploited remote access vulnerabilities. |
| TTPs | - Initial Access (T1190): Exploited weak access points. - Impact (T1486): File encryption for ransom. - RaaS monetization model. |
| Attribution | Evgenii Ptitsyn identified as a Phobos administrator; linked to over 1,000 ransomware infections globally. |
| Recommendations | Strengthen cybersecurity defenses, maintain offline backups, use multi-factor authentication, and adhere to FBI guidance against paying ransoms. |
| Source | The Record |
Read full article: https://therecord.media/phobos-ransomware-indictment-five-years-under-the-radar
Disclaimer: The above summary has been generated by an AI language model.
Leave a Reply