March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Tofsee Malware – Active IOCs
November 15, 2022Rewterz Threat Advisory – ICS: Hitachi Content Platform Vulnerability
November 15, 2022Rewterz Threat Alert – Tofsee Malware – Active IOCs
November 15, 2022Rewterz Threat Advisory – ICS: Hitachi Content Platform Vulnerability
November 15, 2022
Severity
High
Analysis Summary
Phobos Ransomware is based on the Dharma malware that first appeared at the beginning of 2019. It spreads into several systems via compromised Remote Desktop Protocol (RDP) connections. This malware does not use any UAC bypass methods. Unlike other cybercrime gangs that go after big hunts, Phobos creators go after smaller firms that don’t have sufficient funding to pay massive ransoms. This ransomware usually targets healthcare providers, with victims in the United States, Seychelles, Portugal, Brazil, Indonesia, Germany, Romania, and Japan. Its perpetrators demand a little ransom payment, which appeals to victims and enhances the chances of payment. The average Phobos ransom payment in July 2021 was $54,700.
Impact
- File Encryption
- Data Exfiltration
Indicators of Compromise
MD5
- 760b7e6a810644e590d70673b6f5e63a
SHA-256
- fe1b479880db7637fc96d334f216e5e966879a77fac1b85d1fd892a050fbe638
SHA-1
- f60f8a4a666d7c3226f30dddfe69472e1a88b579
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Maintain cyber hygiene by updating your anti-virus software and implement patch management lifecycle.
- Maintain Offline Backups – In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders.