The Dharma ransomware malware family is one of the most popular viruses that are used in hacker attack campaigns, continue reading to find out more about the threats. In this article we will explain the reasons why this exact virus has been one of the most popular tools in the hacker arsenal for the last few months.
The Dharma Ransomware Revealed
The Dharma ransomware is one of the most popular ransomware families as it has spawned a lot of strains. It can be easily recognized by looking at the renaming scheme – its most popular versions one of the following extensions – dharma, wallet, zzzzz or [email protected]. Depending on the exact strain of the Dharma ransomware the virus engine may institute one of the following actions:
The strain may either affected only selected folders (such as all files and folders belonging solely to the user) or the whole system, including network shares and removable storage devices.
A majority of the virus infections craft ransomware notes which do not specify a fixed ransomware sum. This gives the hackers an opportunity to quote a different price depending on the “sensitivity” and the amount of the compromised data.
The encryption engine uses a very powerful cipher which makes recovery very difficult.
Some of the strains also delete all Volume Shadow Copies of the infected machine. This makes data recovery impossible without the use of specialized backup solutions.
The virus may cause dangerous system modifications which can severely lock down the system or make it partially or fully unusable.
Some of the Dharma ransomware strains feature built-in commands that can be used to kill any running processes that might interfere with the encryption process.
How The Dharma Ransomware Infects Target Machines
Depending on the ransomware strain there are multiple infection strategies that hackers utilize. Here is a list of some of the most popular virus distribution tactics:
Spam messages with malicious attachments – These types of email messages are sent in bulk to the targets and they include infected binaries as file attachments. Various social engineering tricks are used to make the computer users download and open the file. The files may pose as financial documents, important messages or other types of data that may be of interest.
Spam messages with malicious links – They are similar to the above-mentioned messages however they feature links to various hacked and malicious sites that host the binaries instead of offering them as attachments. This is done to prevent the automatic virus scanners from discarding the message.
Spam messages that deliver both malicious links and attachments – A widely used strategy by computer criminals
Dangerous Redirects – All sorts of malicious ads and browser hijackers can lead to dangerous infections.
Infected Software Installers – Ransomware are often bundled with infected software installers. The most likely spot for finding such programs are pirate and illegal download sites and BitTorrent trackers. The viruses are often found alongside counterfeit copies of popular applications and computer games.