RANSOMWARE OPERATION💰 FINANCIAL

faust

1
aliases

Intelligence Profile

Faust is a variant of the well-known Phobos ransomware, part of a Ransomware-as-a-Service (RaaS) ecosystem active since around May 2019. Faust employs a double-extortion model, encrypting victim files and threatening to release stolen data if ransom demands are not met. It's distributed via Office document payloads using VBA scripts and known for its fileless attack delivery, enabling stealth and evasion.

Threat Analysis

faust is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.

Financially motivated threat actors like faust prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

External References

Quick Facts

TypeRansomware Operation
Motivation💰 financial
Aliases1

Also Known As

faust

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.