faust

ransomware group

Faust is a variant of the well-known Phobos ransomware, part of a Ransomware-as-a-Service (RaaS) ecosystem active since around May 2019. Faust employs a double-extortion model, encrypting victim files and threatening to release stolen data if ransom demands are not met. It's distributed via Office document payloads using VBA scripts and known for its fileless attack delivery, enabling stealth and evasion.