Dharma Ransomware

What Is Dharma Ransomware?

Dharma ransomware is a virus that’s directly inserted by a hacker into a user’s open or weakly-secured Remote Desktop Protocol (RDP) port. The access becomes available by utilizing email phishing, malicious attachments, downloads, or application patch exploits to remote into the network via an employee’s computer.

Strains of new malware viruses surface daily, according to Kaspersky Labs, the number of cyber threats range around 323,000. Dharma has grown to be the most vindictive virus today, due to its brute force in gaining access and immediate action in encrypting all network files within a server. A company can not regain access of their data until a ransom is paid to the hacker. Once the ransom is paid, a decryption tool is sent to the user who then needs to scan the compromised device.

The steps of Dharma ransomware complicate recovery for companies, due to the increased downtime and various ransoms that may need to be paid if more than one device has been compromised. Each defected device needs its own decryption tool in order to produce its own unique scan key. The hacker needs each scan key for each defected device; only then can a user receive their unique decryption key to gain access back.


According to the Council of Better Business Bureaus, 90% of successful cyberattacks start as phishing emails. Over the past three months, Dharma hackers have used formats or file extensions in the form of phishing directed towards end-users, like employees, to gain remote access into a company’s network. File extensions such as:

.BIP .combo .gamma .arrow .betta .vanss .audit .adobe .fire .bear .back .cccmn .tron .like .gdb .myjob .risk .santa .brrr.

The hackers will turn file names into a variation of the codes above, looking like the example below:

 “MyDocument.docx” into “MyDocument.docx.idBCBEF350[[email protected]].bip.”

Ponemon Institute Research Report: 2017 State of Cybersecurity in Small & Medium-sized businesses, reported that 80% of companies said they had experienced cyberattacks in the form of phishing/social engineering, such as Dharma, followed by an insecure or spoofed website. In order to protect your business from Dharma and other cyberattacks preventive measures must be implemented. Steps should be in place prior to a breach in order to protect your business’s data and crucial information.

Preventive Measures

Most social engineering attacks can be avoided by companies if proper steps are in place. Follow the steps below to ensure your business has strong security IT network protocols.

  1. Secure Remote Desktop Services – Implementing a strong remote desktop service that requires more authentication creates a thicker protection against hackers. Instead of relying on strong passwords, businesses should put in place a two-factor authentication on all remote sessions and all remotely-accessible accounts. Requiring two different forms of identity proof makes it difficult for a hacker to steal or guess credentials. A handful of systems require a password and then sends a code via email or text to the user, providing even more protection from a hacker. Since the hacker would need to know both credentials to gain access to the network.
  2. Complete Backups in Place – Without safeguard data and backup solutions, the only way to remain in business after a breach, is to pay the ransom. However, establishing frequent backups (both in the cloud and on systems located separately from a company’s network) getting breached would not be so much a nightmare as it would be just a bad dream. Companies should remain up-to-date with all their data backups, confirming a proper backup solution is in place.
  3. Take a Security Assessment – Find out if your business has already been victimized or has any vulnerabilities. Completing a security assessment with a Managed IT Services Provider will help your business take the proper steps in securing your IT network and defending against any threats.

If you’re afraid your business is next or need protection and monitoring from cyberattacks, reach out to CPI today. Start approaching cybersecurity in a more effective way by investing in a Managed IT Services Provider. Let us advance your cybersecurity in your marketplace. Check out our next blog on ‘Steps to recover from a Dharma attack’.

Post a Comment