Dharma Ransomware Uses AV Tool to Distract from Malicious Activities | Cell Phone Spy and Mobile Tracking Software
by Raphael Centeno The Dharma ransomware has been around since 2016, but it has continued to target and successfully victimize users and organizations around the world. One high profile attack happened in November 2018 when the ransomware infected a hospital in Texas, encrypting many of their stored records; luckily the hospital was able to recover from the attack without paying the ransom. Trend Micro recently found new samples of Dharma ransomware using a new technique: using software installation as a distraction to help hide malicious activities. Dharma ransomware actors abuse AV tool New samples of Dharma ransomware show that it is still being distributed via spam mail. Typical of spam, the message pressures users into downloading a file. If a user clicks on the download link, they will be prompted for a password (provided in the email message) before getting the file. Figure 1. Dharma ransomware infection chain The downloaded file is a self-extracting archive named Defender.exe