Demo Video Transcription:
"In this video, we will be detonating Phobos, a well-known ransomware family named after the Greek god of fear. This ransomware utilizes the same infection vectors as many others such as RDP, stolen credentials, or the traditional phishing email, primarily affecting businesses of all sizes.
We have obtained a fresh sample from August 31st and configured this machine in audit-only mode to allow the file to run. Upon execution, Phobos disables the host firewall and copies itself to two other locations on the hard drive, finally presenting the ransom note to the victim with information on what has happened and next steps for them to take.
If we go into BlackBerry Optics, our AI-based Endpoint Detection and Response (EDR) solution, we can see all the different actions taken by this malware, such as the use of Netsh to disable the firewall, and multiple ways to delete the shadow copy via WMIC, VSSadmin, and WBadmin to make sure operating system recovery is not as simple as performing a quick restore.
Phobos also comes with password-stealing functionality that tries to dump credentials from browsers and multiple commonly used applications.
Making an inspection, if we go into root-cause analysis, we can also see that Phobos creates persistence points by modifying entries in the registry.
Administrators can configure automated response within our Context-Analysis Engine (CAE) to proactively respond to each one of these tactics, techniques, and procedures (TTPs) and stop this threat in the earliest stage possible. But nothing beats the BlackBerry Temporal Predictive Advantage, which allows us to prevent these threats from executing in a matter of milliseconds, with no reliance on cloud connectivity or frequent virus-signature updates.
Let's travel back in time to 2015 (using a Cylance mathematical model not updated since 2015) and test this sample, along with an additional 85 samples of Phobos, to see what could have happened. We will execute a loop to go ahead and try to execute each file inside this folder.
As you can see, our Cylance® AI models that power BlackBerry Protect could have prevented all these variants many years before they ever existed.
Prevention is Possible, with BlackBerry."