Dharma Ransomware Attack Emerged Again in Wide with New Variant & Extension [gbhackers]

Re-emerging Dharma Ransomware distributed with new variant that developed to attack various organisation and individual systems and encrypting the victim files to demand the ransom amount.

It added various futures and tactics to infiltrate the victims computer when compare old version of Dharma Ransomware.

Unlike old version, it using various infections vectors such as Spam and phishing emails, Exploit Kits, SMB vulnerabilities and dropped by other malware.

Old variant of Dharma Ransomware appends the .dharma extension but newly emerged variant change the files using .arrow extension after completing the encryption.

There are two main types infection vectors which mainly used by the Dharma Ransomware.

  • RDP Brute Force Attack
  • Other Suspicious means

Attackers targeting RDP Protocol that running on the port 3389 and  brute force attack to gain the administrative credentials and later the obtain to perform various malicious activities with in the system.

Other suspicious activities comes under the chain of attacks that perform various modification in system registry once it get executed and autorun PowerShell script entries in the registry that leads to drop the and execute multiple malicious components.

For more, click here.