New Variant of Dharma Ransomware Discovered
Posted by Geoff - SSBG on 03 September 2018 11:24 PM
Once again, the infamous Dharma ransomware appears all set to begin a massive infection campaign. It comes back as a new Dharma ransomware variant that encrypts data files with a different file extension. The malware, after entering the system, now encrypts all files with a .cmb or .combo extension.
The attacker accesses a computer via a spam email, or over RDP via TCP port 3389. After that, it installs the malware into the target system, which then begins encrypting all the files with .cmb or .combo extension.
The malware typically follows the format “.id-[id].[email].cmb” or “.id-[id].[email].combo” to add as the extension following the actual file name. Whereas, the [email] indicates the attacker’s email address on which the victim should approach the attacker to pay in return for decrypting the files.
As of this date, there is no decryption key discovered for this new variant of the Dharma ransomware and the only way to get your data back for free is to have solid and valid backups of your data.
SSBG would like to kindly remind all of our customers to make sure that your Anti-Virus software and Windows OS are all up to date with the latest patches, that your corporate firewalls are locked down enough to prevent public RDP access to your internal servers, that your backups are running as intended and also to refrain from clicking on suspicious (sometimes tempting) links in emails or on the web. Should you need any assistance with checking your Anti-Virus, Windows Patches, backup schemes, firewall policies or have doubts on questionable email/web links, please do not hesitate to contact us either by phone (021 - 54043999), email (firstname.lastname@example.org) or our helpdesk portal at https://helpdesk.ssbg.com.cn
Helpdesk - SSBG IT Solutions