CISA Warns Government Agencies About Phobos Ransomware Group

The Cybersecurity and Infrastructure Security Agency issued an advisory on Thursday about ransomware deployed by the Phobos hacking group.

According to CISA, Phobos is a ransomware-as-a-service group that targets municipal and county governments, emergency services, educational institutions, public health agencies and other critical infrastructure sectors. The agency also noted that Phobos targets state, local, tribal and territorial governments using phishing and Remote Desktop Protocol compromise techniques.

CISA urged agencies to secure their RDP, use strong passwords, implement account lockup policies, use multifactor authentication and practice good cyber hygiene to prevent future Phobos compromises, StateScoop reported.

The Phobos advisory follows other warnings CISA issued in recent months to protect agencies against malign cyber actors.

In February, CISA and its domestic and international partners issued a joint advisory about Volt Typhoon, a China-backed hacking group that targets U.S. critical infrastructure. The advisory noted that Volt Typhoon compromises communications, energy, transportation and waste and wastewater entities.

In January, CISA, the FBI and the Environmental Protection Agency issued guidance to help the waste and wastewater systems sector combat cyberthreats using collaboration, information exchange and rapid response and remediation techniques.