Hunt ransomware is a new sample of the Dharma/CrySis ransomware family that appeared on April 5, 2024. This malware aims at encrypting the files and asking a ransom payment for their decryption. It unselectively targets both home users and corporations, correcting the ransom depending on the target. Jakub Kroustek was the first to discover this… Continue reading Hunt Ransomware ([email protected])
Tag: Dharma
MrB Ransomware (.mrB Files) – Analysis & File Decryption
MrB ransomware is a new Dharma ransomware sample, discovered on February 21, 2024. It is distinctive for applying a complex extension to the encrypted files that ends up with “.mrB”. This ransomware primarily attacks small corporations and asks the ransom only for decrypting the files, i.e. it does not practice double extortion. Jakub Kroustek was… Continue reading MrB Ransomware (.mrB Files) – Analysis & File Decryption
SYSDF Ransomware (.SYSDF Files) – Malware Analysis & Removal
SYSDF is a ransomware-type program that belongs to the Dharma malware family. Such malicious software aims mainly at small companies, aiming at file encryption with further requests for ransom payment for their decryption. It was originally discovered by Jakub Kroustek on February 16, 2024. What is SYSDF Ransomware? SYSDF ransomware is a yet another example… Continue reading SYSDF Ransomware (.SYSDF Files) – Malware Analysis & Removal
Dharma Ransomware Criminals Captured in Ukraine, Europol Reports
On November 28, 2023, Europol claimed successful detainment of ransomware operators, particularly related to Dharma and Hive ransomware. The operation took place in 4 Ukrainian cities, and is most likely a continuation of a similar operation from 2021. Dharma Ransomware Actors Detained in Ukraine In the statement on the official website, Europol claimed searches in… Continue reading Dharma Ransomware Criminals Captured in Ukraine, Europol Reports
Tycoon ransomware uses exotic JIMAGE format to avoid detection
BlackBerry experts have discovered an unusual multi-platform (for Windows and Linux) ransomware Tycoon. It is written in Java and uses JIMAGE image files to avoid detection. Researchers believe Tycoon was used for targeted and very rare attacks, in favor of this theory says number of victims and applied delivery mechanism. Thus, the ransomware was clearly… Continue reading Tycoon ransomware uses exotic JIMAGE format to avoid detection
Dharma ransomware source code put for sale
ZDNet reports that the source code for one of the most profitable ransomware of our time, the Dharma ransomware, was put for sale on two hacker forums last weekend. Sources are sold for $2,000. Let me remind you that this year the FBI called Dharma the second most profitable ransomware in recent years during its… Continue reading Dharma ransomware source code put for sale