Originally reported by ZDNet, the cyber security firm Group-IB has identified a group of low-skilled hackers launching attacks against companies using a Dharma ransomware variant for file encryption. In the report published by Group-IB, researchers advised that the attacks have targeted companies located in Russia, Japan, China, and India. These attackers have used many different open-source or otherwise free reconnaissance tools. These tools include:
- Masscan
- NLBrute
- Advanced Port Scanner
- Defender Control
- Your Uninstaller
These attackers have been using Remote Desktop Protocol (RDP) exposed to the Internet as an initial access point and running ransom schemes ranging from 1 to 5 bitcoins in ransom payment, which is approximately equivalent to between $11,000 and $58,000 USD at the time this was written. This ensures that the hackers are getting paid, but also helping them fly under the radar because their demands are much lower than those of so-called “big game” ransomware teams, which typically extort companies for millions of dollars.