Dharma, a significant ransomware strain’s source code has been put up for sale on two Russian language hacking forums over the weekend, at a low price of $2,000 which has put several security researchers on alert.
Between the year 2016 and 2019, the Dharma has been used to extort more than $24 million as payment from victims and has been ranked as the second most lucrative ransomware ware operation by the Federal Bureau of Investigation (FBI) at the RSA security conference held this year.
Surfaced for the first time in the year 2016 as CrySiS, Dharma was a Ransomeware-as-a-Service (RaaS) operation and was created for criminals who could generate different versions of the ransomware to attack victims via spam campaigns or brute-force attacks on RDP entry points. As per a confirmed report by cybersecurity organization Coveware, Dharma has successfully contributed to 9.4 per cent ransomware attacks in the Q4 of 2019 alone.
The recent update over the weekend about Dharma’s source code could result in a number of more massive attacks by criminal organizations as the source code is likely to be leaked on the public internet and could be accessed by a vast amount of audience. The update has become a grave concern for security personnel since the Dharma is considered as an advanced ransomware strain with an advanced encryption scheme. The ransomware has remained undecryptable since 2017 and has been decrypted once so far after an unknown individual leaked the master description keys, and not because of an encryption flaw.
Dharma’s code is still found to be reliable by criminal organizations and is more often now than it was used three years ago. The source code going on sale is not only a recent update that has been witnessed but threat intel lead at Avast, Jacub Kroustek was able also to trace three new Dharma versions this week alone. With the source code becoming more public, security researchers hope to find a flaw to decrypt the ransomware soon.
