Researcher reveals how Dharma ransomware to spread

Researchers recently analyzed the attack methods of Dharma ransomware. Dharma is a ransomware software that uses multiple attack vectors. From February to April this year, the total number of ransomware attacks has grown by 148%.

Experts pointed out that Dharma’s main attack methods are three methods:

  • Distribution via malicious spam emails with compromised files or links.
  • Distribution of the ransomware via what appears to be compromised legitimate downloads and file installation software, including anti-virus software packages.
  • Targeted attacks exploiting weak or stolen RDP credentials. This is by far the most popular attack vector employed historically by those behind Dharma.

RDP was developed by Microsoft, allowing users to connect two computers over the network. Once hackers gain remote access, they can use the tool for privilege escalation, embedding malware, and creating system backdoors. However, users can block such attacks by using strong passwords, enabling network-level authentication, and restricting remote access authorization.

In a spam attack, the hacker will claim in the email that the victim device has been infected with the virus and attaches an anti-virus download link. After the user clicks on the link, fake anti-virus software and Dharma will be downloaded to the device at the same time. When Dharma successfully encrypts all the files, the hacker will leave a statement asking the victim to pay 1 bitcoin to unlock the file.

Via: securityboulevard