Dharma: A Malicious Ransomware In The Skin of an Anti-Virus Software

A family of
ransomware has been infecting organizations around the globe and now has a new
trick up its sleeve. A file-locking malware is being distributed disguised as anti-virus
“Dharma” happens to
be the name of the infamous ransomware which has been linked to tens of
cyber-crime episodes.
Dharma’s “executive
working team” is all about creating and fabricating state-of –the-art attacks
that are lucrative to the highest extent.
And by way of the
recent stunt they’ve pulled they stand a handsome chance of extorting ransom
payments in exchange for decrypting files and locked networks on the Windows
Actually, the
ransomware poses to be an anti-virus software and hence the users are tricked into
downloading and installing it.
The attacks like many
others begin with “phishing emails” that claim to be from Microsoft and stating
that the victim’s PC is under some risk, threat or is corrupted.
Luring the user into
downloading the anti-virus by assessing a download link, if the user goes
through with it, two downloads are retrieved.
According to sources,
they are Dharma ransomware payload and an old version of anti-virus software
from cyber security company ESET.
After the
self-extracting archive runs, Dharma starts the file encrypting process. The
user is guided to follow the installation instructions for ESET AV remover.
The interface gets
displayed on their desktop but still requires user interaction during the
installation process all the while distracting the user from the actual con.
The victim would
immediately be confronted with a ransom note, once the installation gets done
with, demanding crypto-currency in exchange for unlocking the file.
Malware have usually
been hidden under skins of actually legitimate applications and software, in
the above scenario an official unmodified ESET AV Remover was made use of.
Any other potential
application could be exploited and used in this way to fool the not so well
cyber-educated and even tech savvy users.
The file-locking malware
is relatively new in the market but powerful nonetheless and with the enhanced
tendencies of tactic and work being done on it.
Various cyber-cons
still try to upgrade old threats and make use of latest techniques to wreak as
much havoc as possible.
Ransomware happens to
be an especially costly and dynamic threat which could hit in more than one
The only way to not
fall prey to such devastating attacks is securing email gateways, embracing
better cyber-security manoeuvres, backing up files and constantly patching and

Share this with Your friends:

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *