Dharma Ransomware Attacks Italy in New Spam Campaign

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,154
Content source
https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/
Threat actors are distributing the Dharma Ransomware in a new spam campaign targeting Windows users in Italy.

The Dharma Ransomware has been active for many years and is based on another ransomware family called Crysis. It is not common, though, to see this ransomware family distributed through malspam as it is more commonly installed via hacked remote desktop services.

Security researchers JAMESWT, TG Soft, and reecDeep all noticed a new spam campaign today that is infecting users with the Ursniff keylogger or the Dharma Ransomware.The spam emails use mail subjects like 'Fattura n. 637 del 14.01.20' and pretend to be a sent invoice.

Spam Email

Spam Email
Click to expand...
 
  • Like
  • +Reputation
  • Wow
Reactions: Solarquest, upnorth, Andy Ful and 3 others
Sampei Nihira

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
Whoever falls for it is a donkey.
A decree (Decreto) is,
a deliberative or ordinatory act issued by an administrative or judicial authority.
Such as the government, a judge, a prefect.

Certainly not a supplier of a customer.

Furthermore, if we consider the most realistic hypothesis, i.e. that this customer is not a private individual, in Italy apart from a single case (flat-rate accounting) there is the obligation of the electronic invoice sent via PEC or via another platform.
 
  • Like
  • Applause
  • Thanks
Reactions: [correlate], plat, Jack and 2 others
Sampei Nihira

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
Other irregularity.
Usually attachments such as invoice contain the customer's name, the wording invoice n°. ........
Who would open a zip file with a text partially in English ie new instead of "nuovo".

And still who would open an invoice with vbs extension !!!
 
  • Like
Reactions: [correlate] and Dhruv2193
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
If users and possible even the networks their on is infected, it's a pretty poor comfort as it's too late anyway.

Spam have and always will work to a certain extent either one like it or not and personal I try avoid disparage users. It actually exist better ways.
 
  • Like
  • Applause
Reactions: silversurfer and [correlate]
Sampei Nihira

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
This is not about denigrating users.
It is the article that is poorly written.
No mention of possible spelling mistakes.

Mistakes that would make one suspect that something is wrong.

I only remedied this superficiality, since I'm Italian.
 
  • Applause
Reactions: [correlate]
You must log in or register to reply here.

Similar threads

vtqhtr413
    • Like
    • +Reputation
New ransomware targets systems in the U.S.
Replies
5
Views
657
News Archive
Andy Ful
Andy Ful
CyberPanther
    • Like
Iran-Linked ‘Newbie’ Hackers Spread Dharma Ransomware Via RDP Ports
Replies
1
Views
969
News Archive
[correlate]
[correlate]
Gandalf_The_Grey
    • Like
    • +Reputation
Emsisoft Blog: Ransomware statistics for 2021: Q2 report
Replies
1
Views
1,585
News Archive
SeriousHoax
SeriousHoax

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top