Level 9
Content Creator
Dharma Ransomware: A deep dive into the ransomware’s new variants and massive attacks

  • Dharma ransomware made its first appearance in November 2016 after the master decryption keys for the Crysis ransomware was released to the public.
  • Dharma ransomware primarily targets healthcare providers in the United States.
Dharma ransomware made its first appearance in November 2016. The ransomware was spotted encrypting files with extensions such as .wallet, .dharma, .zzz, .brrr, and more.​
Dharma ransomware was observed attacking victims by hacking open RDP ports. The attackers scan for the systems running RDP (TCP port 3389), and then attempt to brute force the password for the systems.​
Once victims are infected with Dharma ransomware, they are presented with a ransom note that instructs them to email the attackers for further instructions. The note states that the price of the ransom depends on how fast the victims respond.​
The note also offers ‘free decryption as guarantee’ option offering victims the chance to get up to three files decrypted for free.​