This week there were three new Dharma Ransomware variants released that affix either the .Gamma, .Bkp, & .Monro extensions to encrypted files.
Dharma is a new variant of Crysis which is a high-risk ransomware-type virus. After successful infiltration, Dharma encrypts stored files using asymmetric cryptography. It is not usual for this ransomware family to release so many variants within a short time period. Normally a variant is used for a month and then a new variant is released. But here we see three new variants released in the same week.
All three variants were discovered by security researcher Jakub Kroustek, who had posted the samples on Twitter.
When a victim is infected with these variants his files will be encrypted and renamed. After that these infections will place a ransom note named FILES ENCRYPTED.txt that contains payment instructions.
Ways to protect yourself from the Dharma Ransomware
In order to protect yourself from Dharma or any kind of ransomware, it is best to adopt a good computing habit and security software. The first important thing is to always have a reliable and tested backup of your data that can be restored in case of any emergency like a ransomware attack.
Since the Dharma Ransomware is usually installed via hacked Remote Desktop services, it is very important to make sure its locked down correctly. This includes making sure that the computers running remote desktop services are not connected directly to the Internet. Instead use computers running remote desktop behind VPNs so that they are only accessible to those who have VPN accounts on your network.
Setup proper account lockout policies so that it makes it difficult for accounts to be brute forced over Remote Desktop Services.
You should also have security software that incorporates behavioral detection to combat ransomware and not just signature detection or heuristics.
Finally make sure to practice the following good online security habits
- Keep regular backup of data
- Don’t open attachments send from an unknown user.
- Open attachments only after confirming that the person actually sent them to you.
- Scan attachments with tools like VirusTotal.
- Regularly install Windows updates as soon as they are out. Update all programs, especially Java, Flash, and Adobe Reader. Older programs contain security vulnerabilities that are commonly exploited by malware distributors. So, it is important to keep them updated.
- Install a good security software
- Use strong passwords and do not use the same password at various sites.
- When using Remote Desktop Services, do not connect it directly to the Internet. Make it accessible only via a VPN.