Threat Watch

Dharma Ransomware

A new version of the Dharma ransomware has been detected by researchers. This new version poses as a legitimate antivirus program called ESET AV remover as a smokescreen to fool users into downloading ransomware to their systems. Scammers are sending phishing emails claiming that the user’s systems are at risk and that the user needs to download the antivirus program to prevent the problem. The attacker also sends a password to the user for the antivirus download. If a user does download it, then ransomware automatically starts encrypting the user’s files and sending them to the attacker. The email of the attacker was found by researchers and is Enigma1crypt@aol.com. Currently, specialists are attempting to identify the owner of the email address. ESET, the owner of the legitimate AV software, was contacted and they said that this is not an uncommon practice by attackers and that the only trusted source of ESET AV remover is directly from their site and not to trust third-party sites.

ANALYST NOTES

The most important practice a user can do concerning ransomware is to back up the user’s data to a secure system. If a user has a complete backup, then the affected systems can simply be deleted and replaced with the backup. Users should also invest in antivirus software that includes ransomware detection systems. Users should update their systems on a regular basis, many software manufacturers will include the newest security updates in their updates.