Ransomware
Dharma
First seen: 2016-01 • Status: active
Currently Active Threat
Dharma is an old ransomware that still attacks small businesses through remote desktop. Many variants exist under different names.
Overview
Dharma is one of the longest-running ransomware families, spawning many variants. It primarily exploits RDP to target SMBs.
Also Known As
CrySiS
How It Spreads
- • RDP exploitation
- • Brute force attacks
What It Does
- • File encryption
- • Manual deployment
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor RDP brute force
- • Watch for Dharma variants
MITRE ATT&CK Techniques
T1486, T1110
If You're Infected
- 1.
Check for free decryptors
- 2.
Secure RDP access
Related Malware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required