![]() Those transfers aren’t necessarily from the malware’s original authors, either-in March, a collection of source code for one variant of Dharma was offered for sale on Russian-language crime forums for $2000 through an intermediary. This pre-packaged toolkit, combined with back-end technical support, significantly extends the reach of the Dharma RaaS operators, allowing them to profit while their afililates do the hands-on-keyboard work of breaching networks, dropping ransomware, and managing “customer service” with the victims.ĭharma, formerly known as CrySis, has many variants, due to the sale and modification of its source code to multiple malware developers. The Dharma operations we’ve documented use a combination of internal Windows tools, legitimate third-party “freeware” software, well-known security tools and publicly-available exploits, integrated together through bespoke PowerShell, batch, and AutoIT scripts. The actors using this particular RaaS are equipped with a package of pre-built scripts and “grey hat” tools that requires relatively little skill to operate. In part that’s because actors with access to the source code continue to innovate around delivering the ransomware as a packaged business for less-sophisticated criminal operators. The Dharma RaaS we’ve investigated is targeted at entry-level cyber-criminals, and provides a paint-by-the-numbers approach to penetrating victims’ networks and launching ransomware attacks. While other, newer ransomware families have grabbed recent headlines with high-profile victims and multi-million-dollar demands, Dharma has continued to be among the most profitable. Three recent attacks documented by SophosLabs and Sophos MTR have revealed a toolset used by Dharma “affliliates” that explains why attacks from so many different Dharma actors seem so identical, down to the tools and commands they use. ![]() ![]() ![]() Part of the reason for its longevity is that its variants have become the basis for ransomware-as-a-service (RaaS) operations-the fast-food franchise of cybercrime. ![]() Dharma, a family of ransomware first spotted in 2016, continues to be a threat to many organizations-especially small and medium-sized businesses. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |