Ransomware Group

Dharma/CrySis

Also known as: CrySis, Crysis

Status: active • First seen 2016-025,000+ known victims

Dharma is one of the oldest ransomware still being used today. It is relatively simple but effective - hackers manually break into small businesses through remote desktop and run the ransomware themselves.

Overview

Dharma is one of the oldest active ransomware families. It primarily targets small businesses through manual RDP attacks and has spawned numerous variants including Phobos.

Target Industries

SMB, Healthcare, Education, Retail

How They Attack

  • RDP exploitation
  • Manual deployment
  • SMB targeting
  • Low ransom demands

Notable Victims

Small businesses globally (ongoing), Healthcare clinics

Is your business exposed?

How to Protect Against Dharma/CrySis

  1. 1.

    Block RDP on internet-facing systems

  2. 2.

    Enable basic cyber hygiene practices

  3. 3.

    Maintain regular backup schedule

MITRE ATT&CK Techniques

T1021.001, T1486, T1059, T1078

Related Groups

Phobos

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices