Source code of Dharma ransomware pops up for purchase on hacking forums

Written by Connor

March 29, 2020

The source code of one of the most profitable and innovative breeds of today is up for sale on two hacking forums.

A ransomware strain’s source code-named Dharma was put up for sale.

The FBI, in a discussion at the RSA security conference this season, rated Dharma the second most rewarding ransomware operation lately, having extorted greater than $24 million in payments from sufferers between November 2016 and November 2019.

Its source code has been sold for a price as low as $2,000.

Today ransomware experts who spoke with ZDNet said the sale of the Dharma ransomware code would result to a broader audience, and in its flow on the internet. This, in turn, would lead to a surge in attacks, and the proliferation among cybercrime groups.

The main reason for the worries of everyone is that Dharma is a ransomware strain, made by a knowledgeable malware writer. Its encryption scheme has been undecryptable and is extremely complex.

To be more exact, the only times the ransomware was”decrypted” was unknown individuals leaked the master decryption keys — rather than due to an encryption flaw.

The Dharma ransomware operation has a history that is long and sinuous. It started under CrySiS’s title in the summer of 2016.

The CrySiS writer created a service where clients (other criminal gangs) could create the variations of their ransomware to distribute to victims — typically via spam campaigns, exploit kits or brute-force strikes on RDP endpoints.

While some Dharma master decryption keys were also leaked online in March 2017, Dharma operators did not rebrand this time around and continued to function undisturbed, building their RaaS into one of the greatest ransomware turnkey solutions from the criminal underworld.

There was a constant stream of Dharma versions since the ransomware received upgrades and new clients signed up to distribute it all around the planet, each dispersing its Dharma variation that is distinctive.

In the spring of 2019, a ransomware breed named Phobos appeared online, used in attacks.

After the Phobos branch was published but Dharma did not die out. Michael Gillespie, a malware researcher in Emsisoft, and the founder of ID-Ransomware told ZDNet that uploads to the ID-Ransomware service stayed about 50-50 for both Dharma and Phobos during this past year.

These stats are also supported by cyber-security company Coveware, which said in a report which Dharma accounted for 9.3percent of ransomware episodes in Q4 2019, while Phobos accounted for 10.7%.

Jakub Kroustek, threat intel direct at Avast, seen three new Dharma variations this week, which means criminal groups are finding Dharma’s code dependable and continue to use it even now, over three years since its launch.

Gillespie, who released a huge number of ransomware decrypters previously and has even obtained an FBI award for his efforts, told ZDNet he has been unable to find decryption flaws in Dharma previously.

Fokker expects that the Dharma source code finds its way.


Leave a Reply

Related Articles

Coronavirus: Hackers are now launching Heaps of email scams Daily

Coronavirus: Hackers are now launching Heaps of email scams Daily

Hackers and crooks, from amateurs to professionally organized criminals, are employing the COVID-19 coronavirus outbreak as a chance to progress their aims in a time when a lot of their targets find themselves distracted, stressed and working from home....

Faster Load Times and better social media integration

Faster Load Times and better social media integration

In its current form, TheHackLabs is virtually finished, the search engine itself is now fully formed with our technology lookup tool working great! Work on the site has been more to improve the user experience over building out more features, we have closely...