{"id":543,"date":"2018-09-17T09:44:42","date_gmt":"2018-09-17T09:44:42","guid":{"rendered":"http:\/\/esolutions.lt\/blog\/?p=543"},"modified":"2018-09-17T09:44:42","modified_gmt":"2018-09-17T09:44:42","slug":"dharma-ransomware-activity-two-new-versions-in-less-than-a-week","status":"publish","type":"post","link":"https:\/\/esolutions.lt\/blog\/dharma-ransomware-activity-two-new-versions-in-less-than-a-week\/","title":{"rendered":"Dharma ransomware activity: two new versions in less than a week"},"content":{"rendered":"<h2>Dangerous ransomware releases fifteen\u00a0 versions in less than two years<\/h2>\n<p>Esolutions have spotted two new versions of <a href=\"https:\/\/www.2-spyware.com\/remove-dharma-ransomware-virus.html\">Dharma ransomware<\/a> attacking people all over the world. These newly coded variants emerged less than a week apart. Bringing two new file extensions in the similar pattern as previous intruders, these crypto extortionists encrypt data using both RSA and AES encryption algorithms. This makes encoded files even more difficult to decrypt. However, we are not suggesting to contact these hackers because people behind threats like this are not trustworthy and the alleged decryption tool may not even exist.<\/p>\n<p>The second week of September came with the news about Brrr ransomware that has .[paydecryption@qq.com].brrr file extension added on encoded files. This pattern of an\u00a0appendix is similar to other versions of the Dharma family. Less than a week after, Gamma ransomware was discovered with\u00a0.id-.[bebenrowan@aol.com].gamma file extension as a marker for encrypted photos, videos,\u00a0and documents. Another similar feature is two files for ransom note that has the same names since 2016: Info.hta\u00a0and FILES ENCRYPTED.txt.<\/p>\n<h2>Same ransomware family has more than ten variants<\/h2>\n<p>The main ransomware family activity started with Dharma and the first attack in November 2016. Since then, there is a new version discovered every few months because CrySis\/Dharma developers are not sleeping. Every new version has code slightly changed, so <a href=\"https:\/\/en.wikipedia.org\/wiki\/Encryption\">encryption<\/a> is different and not so easily decryptable with previously developed decryption tools. Various cybersecurity experts have developed decryption tools for some versions, but since the code is changed with each release, it is not possible to use one decryptor for a few different versions.<\/p>\n<p>There is as many different extensions, contact emails,\u00a0and ransom notes as there are variants of ransomware. However, the content of the ransom message slightly changes while the main name of these files is not differing from the first one. Unfortunately, it looks that the hackers behind this cyber threat are not going\u00a0to stop shortly.<\/p>\n<h2>Blocking Dharma ransomware before it is too late<\/h2>\n<p>Since this is a cyber threat, it comes to your computer\u00a0in various ways. Most common is <a href=\"https:\/\/searchsecurity.techtarget.com\/definition\/spam\">spam email<\/a> attachments used to spread malware that installs ransomware or file attachments with the\u00a0direct malicious script. Because of this reason, various antivirus programs identify\u00a0the same threat in different <a href=\"https:\/\/www.virustotal.com\/#\/file\/71cd600842eb786f9800a1ebc98337e78a35380724cb1d464d3b8bb3a1daa4d9\/detection\">names<\/a>:<\/p>\n<ul>\n<li>TR\/Kryptik.whocg<\/li>\n<li>Trojan.IGENERIC<\/li>\n<li>Trojan.Win32.Krypt<\/li>\n<li>Trojan.Encoder.ar<\/li>\n<li>Ransom.Crysis<\/li>\n<li>Trojan.Gen.2<\/li>\n<li>TR\/Dropper.Gen<\/li>\n<li>Ransom.Crysis.Generic<\/li>\n<\/ul>\n<p>This fact that antivirus and anti-malware tools can detect this virus means that the best way to remove this virus from your device is the same malware-fighting programs. Using anti-malware tools can be beneficial for various parts of the system because the full system scan indicates what intruders you have on the computer, which software needs updates and what system vulnerabilities can be fixed. This automatic ransomware removal help improve the overall performance of your computer and avoid more significant damage if you do it as soon as you notice encrypted files.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dangerous ransomware releases fifteen\u00a0 versions in less than two years [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":544,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/posts\/543"}],"collection":[{"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/comments?post=543"}],"version-history":[{"count":2,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/posts\/543\/revisions"}],"predecessor-version":[{"id":546,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/posts\/543\/revisions\/546"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/media\/544"}],"wp:attachment":[{"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/media?parent=543"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/categories?post=543"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/tags?post=543"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}