Dharma Ransomware weaponizes itself with fresh Cmb variant

December 28, 2018
Dharma Ransomware weaponizes itself with fresh Cmb variant

While security experts are still not finish decrypting newer variants of Dharma ransomed files (which terrorizes the digital landscape with its prolific Ransomware releases lately), it again strikes back using a .cmb encryption.

It appears as if this malicious malware is expected to surface for a while, for currently no decryption method is working as a suitable fix. Common (and much faster) solution involves just paying the ransom then getting the decryption keys from the attackers themselves. Although it isn’t really advisable, since there’s already a circulating report of a victim paying $4000 (in 4BTC) to the attackers. Unfortunately for the victim, they just took the money and proceeded to demand more money, double the price.

To give background in regards to the prolific evolution of this particular malware strain, Dharma’s recent variants include .zzzzz, .cezar, .cesar, .arena, .cobra, .java, .write and .arrow file extensions.

As usual for Dharma malware strains, its source was confirmed to be through a hacked RDP, or Remote Desktop Protocol Services. These are software that allow a user to remotely access a specific computer via a terminal server. It’s usually employed for convenience purposes.

Once Dharma find an unsecured RDP, more specifically at TCP port 3389, it forces itself inside the unsuspecting computer; what’s worse, Dharma also has the capability to penetrate local networks or servers the infected computer is connected into.

From there, everything goes downhill afterwards: it encrypts all the victim’s files with an extension format of “.id-[id].[email].cmb“. This makes sample.png forcefully renamed to “sample.png.id-BCBEF350.[[email protected]].cmb“.

Since there are no fix yet from the security side besides obeying the attackers’ wishes, it is strongly mandated that prevention should be prioritized more than ever.

Employing VPN services on top of your RDP is strictly encourage. As this will put more security against Dharma. Also, always keep a lookout for new releases from Dharma; as they say preemptive knowledge is key.

About the author

Leave a Reply