Active Hackathon

Why Dharma Ransomware Is More Dangerous Than Ever

Lately, ransomware has become very popular among hackers. It not only causes severe downtime but also leads to a significant amount of data loss. Ransomware is basically is a malware that is used to encrypt user data and block access to it. The data can only be accessed a ransom is paid to the hacker or the ones behind the attack. Over the past couple of years, ransomware has evolved and today it has several variants. Also, the main reason behind its popularity is its effectiveness — it is practically very difficult to break the encryption and sometimes it’s even impossible.


Sign up for your weekly dose of what's up in emerging technology.

Dharma is one such ransomware that is considered to be one of the most notorious.   Since 2006, this ransomware is continuously evolving and has become increasingly active lately. According to a source, it has increased by a margin of 148% from February 2019 to April 2019.

In this article, we are going to have a deep look at this filthy ransomware — how it works and why it is one of the most dangerous ransomware in the family.  

How does Dharma Ransomware Work?

Dharma is a family of encryption ransomware Trojan that has compromised numerous computers all across the world till date. This ransomware targets mainly directories inside the Users directory on Windows. Every time a file is added to the directory, this malicious thing encrypts the file and adds a suffix [].dharma.

One of the unique things about Dharma is that it doesn’t affect the entire computer, but it hides inside the system and keeps encrypting files every time they are added to the directory. So basically, one has to remove it in order to decrypt the files. The ransomware usually has a ransom not; however, it changes depending on the variant.

But you must be wondering — how this ransomware ends up being inside a computer? So, what basically happens is, the ransomware is spread across the world through email campaigns claiming to be legit (the email is usually about being the Windows machine under risk) and asking the user to download a password protected attachment named Defender.exe. Talking about the password, it is listed in the email itself along. The entire process is so effective that numerous people over the years have ended downloading it.

That is not all, the real game starts when the user executes the downloaded file. It is basically a self-extracting archive that drops the malicious file called taskhost.exe along with an old version of ESET AV Remover renamed as Defender_nt32_enu.exe. Once the extraction is done, the ESET AV Remover installer automatically launches and makes the victim feel that the entire process is legit and distracts him/her from noticing Dharma encrypting the contents of the hard drive in the background.

Pulling out such an effective trick through email campaign is not something really easy. No doubt, the ransomware is notorious and dangerous enough. But, the hackers behind are seemed wittier and experts of social engineering as it’s not just technology behind Dharma but the convincing campaigns that lead to the installation of malicious software.

How To Stay Safe?

As we know that email campaign is one of the major ways of distributing this notorious ransomware, so the first thing we need to do is to see that the email we are receiving is coming from an authentic source. Also, if the attachment is a tool that would sort out the problem in your system then check the tool is legit, updated — a legit vendor would never distribute an outdated tool.

If that doesn’t work for you and you still want to keep your files safe, then adopt the habit of backing up files. Back up is considered to be one of the best practices in cybersecurity. So, even if your files get affected or encrypted by any ransomware, you always have a different set to work.

Cyber-attacks will keep happening as the technology is not only empowering innovative organisations, but also the wrongdoers. Be prepared to tackle cyber threats — prepared enough to at least mitigate the consequences.

More Great AIM Stories

Harshajit Sarmah
Harshajit is a writer / blogger / vlogger. A passionate music lover whose talents range from dance to video making to cooking. Football runs in his blood. Like literally! He is also a self-proclaimed technician and likes repairing and fixing stuff. When he is not writing or making videos, you can find him reading books/blogs or watching videos that motivate him or teaches him new things.

Our Upcoming Events

Conference, Virtual
Genpact Analytics Career Day
3rd Sep

Conference, in-person (Bangalore)
Cypher 2022
21-23rd Sep

Conference, in-person (Bangalore)
Machine Learning Developers Summit (MLDS) 2023
19-20th Jan, 2023

Conference, in-person (Bangalore)
Data Engineering Summit (DES) 2023
21st Apr, 2023

Conference, in-person (Bangalore)
MachineCon 2023
23rd Jun, 2023

3 Ways to Join our Community

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Telegram Channel

Discover special offers, top stories, upcoming events, and more.

Subscribe to our newsletter

Get the latest updates from AIM

Data Science Skills Survey 2022 – By AIM and Great Learning

Data science and its applications are becoming more common in a rapidly digitising world. This report presents a comprehensive view to all the stakeholders — students, professionals, recruiters, and others — about the different key data science tools or skillsets required to start or advance a career in the data science industry.

How to Kill Google Play Monopoly

The only way to break Google’s monopoly is to have localised app stores with an interface as robust as Google’s – and this isn’t an easy ask. What are the options?