New Ransomware Looks Like An Anti-Virus Installation
Dharma is a highly successful ransomware strain.
It recently has been made even more successful by a change in the way the hackers controlling it are deploying it.
The first part of their latest campaign remains unchanged. They rely on well-crafted phishing emails to lure employees in.
The key difference, however, lies in the particulars of the newly crafted emails.
In a nutshell, the group has begun imploring email recipients to protect their systems by installing the latest antivirus software. The emails include a helpful link to the antivirus, which of course doesn’t point to antivirus software at all. Rather, it is the ransomware they’re trying to deploy inside corporate networks.
Worst of all, the emails claim to be from Microsoft, one of the biggest, most recognizable and most trusted names in the industry. So, there’s a good chance that at least one of your employees will take the bait. In a bid to be good, proactive employees, they will seek to install what they think is antivirus software.
Once they start the installation, the damage is done. It will lock every file on the victim’s system, demand ransom, and seek to spread itself to as many other systems inside your network as it can reach.
Raphael Centeno, a security researcher at Trend Micro had this to say about the new twist on the malware strain:
“As proven by the new samples of Dharma, many malicious actors are still trying to upgrade old threats and use new techniques. Ransomware remains a costly and versatile threat.”
As ever, the best way to guard against this type of threat starts with employee education. Employees should not be in the habit of installing their own antivirus software in the first place, so a gentle reminder to that effect should go a long way toward limiting the threat, but it still pays to be very much on your guard.