The developers of the Phobos ransomware have added new fileless and evasive techniques to their arsenal. Constantly keeping their attack up to date helps them bypass detection technologies through several distinct approaches, the latest of which we detail in this blog.
The following provides details on a new Fair variant of Phobos. The Morphisec IR team identified this variant during an incident response engagement in early March, provided as part of Morphisec’s new IR services offering. The affected company enlisted our services, and as a result, we identified this newest Phobos variant (compiled in November 2020) in their system. The technical details of the attack follow.