Today, CISA, the FBI, and MS-ISAC released a joint Cybersecurity Advisory (CSA), #StopRansomware: Phobos Ransomware, to disseminate known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs), which are from incident response investigations tied to Phobos ransomware activity from as recently as February, 2024.

Using a ransomware as a service (RaaS) model, Phobos Ransomware actors have targeted entities including municipal and county governments, emergency services, education, public healthcare, and other critical infrastructure.

CISA and partners encourage critical infrastructure organizations to review and implement the mitigations provided in the joint CSA to reduce the likelihood and impact of Phobos ransomware and other ransomware incidents. For more information, access CISA, CISA’s #StopRansomware webpage, and the #StopRansomware Guide.