diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 1eae530..5ec6e9e 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -13449,7 +13449,18 @@
       },
       "uuid": "24bd9a4b-2b66-428b-8e1c-6b280b056c00",
       "value": "Sodinokibi"
+    },
+    {
+      "description": "Phobos exploits open or poorly secured RDP ports to sneak inside networks and execute a ransomware attack, encrypting files and demanding a ransom be paid in bitcoin for returning the files, which in this case are locked with a .phobos extension.",
+      "meta": {
+        "payment-method": "Bitcoin",
+        "refs": [
+          "https://www.zdnet.com/article/new-phobos-ransomware-exploits-weak-security-to-hit-targets-around-the-world/"
+        ]
+      },
+      "uuid": "6cfa554a-1e1b-327a-605f-025d761570b1",
+      "value": "Phobos"
     }
   ],
-  "version": 62
+  "version": 63
 }