New Phobos ransomware variant implicates VX-Underground

Widely known malware-sharing community VX-Underground has been implicated by a new Phobos ransomware variant to be the developer of the updated strain, reports BleepingComputer. Such incrimination by the novel Phobos variant includes the addition of a ".VXUG" suffix to encrypted files and the creation of two ransom notes that include references to VX-Underground, as well as its logo and contact details, according to ransomware researcher Pcrisk. S imilar tactics emulating cybersecurity and infosec communities online have already been implemented by other threat actors in previous attacks, with REvil ransomware predecessor GandCrab discovered to have used ESET, Emsisoft, NoMoreRansom, and BleepingComputer as the names for its command-and-control servers. Last year, Azov ransomware also sought to frame BleepingComputer, MalwareHunterTeam, Hasherazade, ransomware expert Michael Gillespie, and late security researcher Vitali Kremez. Kremez, along with SentinelOne, had also been implicated by the developer of Maze ransomware in 2020, while malicious comments regarding ransomware expert Fabian Wosar had also been used by the Apocalypse ransomware developer in 2016.