Malware News New Brrr Dharma Ransomware Variant Released

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/new-brrr-dharma-ransomware-variant-released/

Distributed through hacked Remote Desktop Services

The Dharma Ransomware family, including this Brrr variant, is manually installed by attackers who hack into Remote Desktop Services connected directly to the Internet. These attackers will scan the Internet for computers running RDP, usually on TCP port 3389, and then attempt to brute force the password for the computer.

There are also underground sites that sell known credentials for publicly accessible computers running remote Remote Desktop Services that attackers can buy.

Once they gain access to the computer they will install the ransomware and let it encrypt the computer. If the attackers are able to encrypt other computers on the network, they will attempt to do so as well.

It should be noted that this ransomware will encrypt mapped network drives, shared virtual machine host drives, and unmapped network shares. So it is important to make sure your network's shares are locked down so that only those who actually need access have permission.

You can see an example of a folder encrypted by the Brrr Ransomware variant below.