Dharma ransomware had first made an appearance back in 2016 and is still out to target its next victims through another cyberattack method: this time posing as an anti-virus software to trick users into downloading malware onto their computers.
Researchers from Trend Micro discovered this new cyberattack campaign that starts with disguising itself within a phishing email, the hackers stating they are from Microsoft and that a user’s Windows PC is “at risk”. The email prompts the victim to download an “anti-virus” software through the link provided. Once the link is clicked, two download processes take place simultaneously: the Dharma ransomware as well as an old version of an ESET anti-virus software remover.
Regardless of whether the user interacts with the anti-virus software installation or not, Dharma works behind the scenes to encrypt files on the user’s computer. Hackers have bundled both the malware and software in order to distract the victim and to make it seem as if nothing malicious is occurring in the background.
After the anti-virus software is finished installing, the user is left with the ransomware encrypting files as well as a screen asking for bitcoin payment for a decryption key.
New variants of ransomware attacks are constantly being created and implemented by cybercriminals. As blogger Raphael Centeno explains in his Trend Micro post, “...many malicious actors are still trying to upgrade old threats and use new techniques…[and] [r]ansomware [still] remains a costly and versatile threat…”
Trend Micro researchers recommend always keeping your operating systems up to date, as well as securing email gateways to avoid receiving spam emails. Another important step in cyber hygiene involves backing up all files regularly.
For a hassle free 30 day trial, click the "Free Trial" button, download and deploy a copy of the appliance. No Credit Card required.