A new version of the Dharma ransomware has been detected by researchers. This new version poses as a legitimate antivirus program called ESET AV remover as a smokescreen to fool users into downloading ransomware to their systems. Scammers are sending phishing emails claiming that the user’s systems are at risk and that the user needs to download the antivirus program to prevent the problem. The attacker also sends a password to the user for the antivirus download. If a user does download it, then ransomware automatically starts encrypting the user’s files and sending them to the attacker. The email of the attacker was found by researchers and is Enigma1crypt@aol.com. Currently, specialists are attempting to identify the owner of the email address. ESET, the owner of the legitimate AV software, was contacted and they said that this is not an uncommon practice by attackers and that the only trusted source of ESET AV remover is directly from their site and not to trust third-party sites.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased