• About
  • Advertise
  • Careers
  • Contact
Saturday, June 3, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

Dharma Ransomware Installs Antivirus On PC Only To Encrypt Files Later

by Cyber360 News
November 11, 2019
in Security
0
Dharma Ransomware Installs Antivirus On PC Only To Encrypt Files Later
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Dharma Ransomware is out on the loose and is evolving by the minute. The latest report from Trend Micro has spotted instances of Dharma Ransomware encrypting files by distracting users with an antivirus installation.

Dharma ransomware is a version of Crysis, which is another dangerous malware. Dharma encrypts user files using Asymmetric Cryptography. It is a method in which bits present inside the file are encrypted. In the Asymmetric Cryptography process, the output of encryption is text, even if the input is non-text.

jamf now

Dharma Ransomware Uses Real Anti-Virus For Malware Attack

In the latest attempt to cause havoc online, Dharma Ransomware is spamming users with an e-mail titled ‘MSC-ALERT-IMPORTANT!’. The e-mail contains a system corrupt warning which prompts the user to click and download an older version of ESET Antivirus.

The e-mail prompts the user to download and verify their anti-virus using an attached password. The download file is a self-extracting archive called Defender.exe. It contains two files and the antivirus software installer.

The two malicious files are taskhost.exe and Defender_nt32_enu.exe. The first file activates the Dharma Ransomware itself as RANSOM.WIN32.DHARMA.THDAAAI.

Ransomware does its best job to keep users busy with anti-virus installations as it encrypts files in the background. The ESET antivirus installer is absolutely real and works just fine.

Furthermore, the installation process of ESET antivirus is in no way related to Dharma Ransomware. It is to be noted that the encryption of files due to ransomware attacks and anti-virus installations occur separately.

jamf now

This is how Dharma Ransomware works:

  1. User receives MSC-ALERT-IMPORTANT spam e-mail
  2. The email prompts the user to click and download the anti-virus that has attached Dharma ransomware.
  3. User opens a password protected archive using the attached password in the e-mail
  4. Installation window of ESET antivirus appears to activate Defender.exe
  5. Defender.exe drops Taskhost.exe and Defender_nt32_enu.exe
  6. Taskhost.exe is Dharma ransomware posing as RANSOM.WIN32.DHARMA.THDAAAI
  7. It encrypts the file while the antivirus installation continues in the background

SHA256 Codes of Dharma Ransomware Files

SHA256 Codes of Dharma Ransomware
Image: Trend Micro

Current State of Ransomware Attacks

Over the past few months, we have observed the changing face of ransomware attacks. The hackers have changed their tactics and are now heavily camouflaging their ransomware as useful tools to deceive users.

For instance, ransomware called VxCrypt improves the performance of a user’s PC while encrypting its files. Some hackers link malware in torrent files of popular TV shows like Game of Thrones.

Another ransomware called Robinhood ransomware encrypts your files with a message. It assures users that their data will be deleted once they pay the ransom.

Even though Ransomware is changing, its fundamental steps remain the same — tricking users into downloading malicious files.

How To Avoid It

Users can protect themselves by following the golden steps of regularly backing up their files offline, limiting administrative access and keeping their anti-virus updated. However, most users can start by changing their password to a strong one because another ransomware called Xwo is out there to get you.

jamf now

Ransomware attacks are also causing their ill-effects in the real world — from encrypting hospital documents to shutting down industrial plants and even the entire city government. All of us need to take important steps before someone gets hurt for real.

Also Read: ‘Sodinokibi’ Is A New Ransomware That Exploits Oracle Zero Day Flaw
Cyber360 News

Cyber360 News

Next Post
Google Atones For Overlooking Privacy For Years. It Still Needs To Do More.

Google Atones For Overlooking Privacy For Years. It Still Needs To Do More.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In