Ο source code of the popular Dharma ransomware found towards sale in two russian hacking forums the weekend.
The FBI has stated that Dharma ransomware is This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. second most profitable ransomware in recent years, having received from victims more than $ 24 million between November 2016 and November 2019.
Now, his source code is being sold on hacking forums for just $ 2.000, which has baffled researchers. security.
Many ransomware experts believe that the sale of Dharma ransomware code will likely lead to wider leakage in the Internet. This, in turn, will lead to its widespread spread across multiple crime groups at cyberspace. Therefore The attacks will increase.
The only time ransomware was "decrypted" was when a group of people leaked the key decryption keys. That is, the decryption was not made possible by some error in the encryption template.
A brief history of Dharma ransomware
Dharma ransomware first appeared under the name Crysis in the summer of 2016.
CrySis was one Ransomware-as-a-Service (RaaS) business. Their creator CrySiS created a service where customers (other criminal gangs) could create their own versions of ransomware to distribute it to victims - usually via spam campaigns, exploit kits and brute-force attacks.
However, in November 2016, someone leaked the CrySiS decryption key so CrySiS RaaS reappeared two weeks later under the name Dharma.
Some Dharma decryption keys also leaked in March 2017, but the hackers did not change their name this time around and continued to work undisturbed, making Dharma Ransomware-as-a-Service one of the most powerful and profitable businesses.
For years, there have been many versions of Dharma, as ransomware has received many updates and new customers have wanted to distribute it across the globe, creating their own unique variations.
The last two years, the ransomware attacks have become more targeted. This pattern of attack was followed by Dharma.
In the spring of 2019, a new ransomware named Phobos he appeared. Security investigators from Coveware and Malwarebytes found that Phobos was identical to Dharma ransomware.
However, Dharma continued to be used in its original form. During 2019, the attacks were 50-50.
Jakub Kroustek, head security of Avast, he found three new releases of Dharma ransomware just this week, which means that criminal groups are still using it fanatically even today.
John Fokker, Head of Research at McAfee, said that the ransomware source code has been leaked for some time, but has now been published in the most popular hacking forums.
Fokker now hopes that Dharma's source code will eventually be in the hands of researchers to find a way to decrypt it.
"If we can get the source code, maybe we can find some flaws," Fokker said today.