New Variant of Dharma Ransomware Discovered

in cmb •  6 years ago 


Once again, the infamous Dharma ransomware appears all set to begin a massive infection campaign. It comes back as a new Dharma ransomware variant that encrypts data files with a different file extension. The malware, after entering the system, now encrypts all files with a .cmb extension.

New Dharma Ransomware Variant Flaunts .cmb Encryption


Researcher Michael Gillespie first discovered the new Dharma ransomware variant after stumbling upon some samples uploaded on ID Ransomware.

https://twitter.com/demonslay335/status/1027649502491160577

Reportedly, the Dharma ransomware is back in the form of a new variant that encrypts all data files with .cmb extension. The attacker accesses a computer via a spam email, or over RDP via TCP port 3389. After that, it installs the malware into the target system, which then begins encrypting all the files with .cmb extension.

According to Bleeping Computer, the malware typically follows the format “.id-[id].[email].cmb” to add as the extension following the actual file name. Whereas, the [email] indicates the attacker’s email address on which the victim should approach the attacker.

Explaining the severity of this malware, Bleeping Computer stated,

“This ransomware will encrypt mapped network drives, shared virtual machine host drives, and unmapped network shares. So it is important to make sure your network's shares are locked down so that only those who actually need access have permission.”
After encrypting the files, the ransomware then displays ransom notes at two different locations. One of them is an Info.hta file that pops up after the user login. Whereas the next ransom note is kept as a .txt file on the desktop.

Besides encryption, the malware also configures itself to start automatically to ensure newly created files are also encrypted with every new session.

Ransomware Variants Keep Appearing


Earlier, we have seen several malware bots and ransomware reappearing with more robust and upgraded features. As these malware keep evolving, the only possible way to protect oneself from such attacks is to ensure all software is kept up to date, appropriate antivirus/antimalware protections are in place, secure practices are utilised and the number one, ensure important data is BACKED UP.
Posted from my blog with SteemPress : https://latesthackingnews.com/2018/08/13/new-variant-of-dharma-ransomware-discovered/

cmb cmbextension cyberattackthreat dharma dharmaransomware
6 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.00
    3 votes
    1
    Authors get paid when people like you upvote their post.
    If you enjoyed what you read here, create your account today and start earning FREE STEEM!
    Sort Order:  
  • Trending