• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • Ransomware Services
    • Ransomware Removal
    • Ransomware File Recovery
  • News
  • Tutorials
  • Ransomware TV

New Variant of Dharma Ransomware is Detected

May 18, 2018Simeon Georgiev

To streamline their ransomware removal measures, cyber security folks are constantly hunting for new strains on the cyberspace. Lately, a group of them have discovered another variant of Dharma/Crysis.

The new Dharma variant is using a different extension (.bip) to lock down the files. Researchers have yet to find out the delivery method of this new variant. It is important to note that the previous versions of Dharma ransomware mostly used remote desktop services to deliver their payload. In some cases, manual installation of ransomware is also used to encrypt files on the targeted device.

A Lengthy Extension

Aside from appending Bip extension to the files, a lengthy email ID also becomes part of every encrypted file name. Let’s have a look at how a file encrypted by the new variant of Dharma ransomware looks like.

Normal file: Name.pdf

Encrypted file: Name.jpg.id-BCBEF350.[[email protected]].bip

The new variant can be very damaging for shared networks because it particularly targets mapped network drives, shared host drives, and network shares. Infection of new Dharma variant can cause a lot of trouble for organizations with unlocked shared networks. They will need extensive ransomware removal measures to disinfect their systems.

To make sure that ransomware removal measures go in vain, new dharma also deletes shadow copies of the data that can be used to recover the encrypted files. Moreover, it is configured to automatically run to encrypt all the remaining files whenever you turn on the infected device.

Even though the operators leave ransom notes in two different formats – with ‘hta’ and ‘txt’ extensions- both of them don’t mention the amount of money they are asking for ransomware removal. The note simply directs the affected user to send a message to the email that is part of the extension of every encrypted file.

It is important to note that no decryption key is publically available to unlock Dharma-affected files. If you haven’t created any backups, then you will definitely require professional ransomware removal. You can also try your luck with the remaining shadow volume copies to recover some of your data.

To ensure your device connected to remote desktop services doesn’t become a victim of a malware attack, always establish an internet connection through VPN.

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]
Previous post Ransomware Strain Hit Australian Family Planning Company Next post A Cloud Backup With Anti-Ransomware Feature is Released

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

January 27, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Ransomware: 4 Types of the Latest Trend in Cybercrimes

February 1, 2018Simeon Georgiev
Ransomware: 4 Types of the Latest Trend in Cybercrimes

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

February 1, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • How to protect your organization against ransomware reinfections
  • AuKill Helps Ransomware Operators Disable EDR and Security Tools
  • AI-ransomware is a real threat, just not a realistic one yet
  • Rorschach is the new speed king in the ransomware space
  • The Role of Supply Chain Breaches in Ransomware Attacks

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.