Dharma Ransomware Uses AV Tool to Distract from Malicious Activities

From Botnets.fr
Revision as of 16:13, 12 May 2019 by Eric.freyssinet (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Dharma Ransomware Uses AV Tool to Distract from Malicious Activities
Botnet Dharma
Malware
Botnet/malware group Ransomware
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2019 / 2019-05-08
Editor/Conference TrendLabs Security Intelligence Blog
Link https://blog.trendmicro.com/trendlabs-security-intelligence/dharma-ransomware-uses-av-tool-to-distract-from-malicious-activities/ (Archive copy)
Author Raphael Centeno
Type Blogpost

Abstract

The Dharma ransomware has been around since 2016, but it has continued to target and successfully victimize users and organizations around the world. One high profile attack happened in November 2018 when the ransomware infected a hospital in Texas, encrypting many of their stored records; luckily the hospital was able to recover from the attack without paying the ransom. Trend Micro recently found new samples of Dharma ransomware using a new technique: using software installation as a distraction to help hide malicious activities.

Bibtex

 @misc{Centeno2019BFR5368,
   editor = {TrendLabs Security Intelligence Blog},
   author = {Raphael Centeno},
   title = {Dharma Ransomware Uses AV Tool to Distract from Malicious Activities},
   date = {08},
   month = May,
   year = {2019},
   howpublished = {\url{https://blog.trendmicro.com/trendlabs-security-intelligence/dharma-ransomware-uses-av-tool-to-distract-from-malicious-activities/}},
 }