BleepingComputer cybersecurity experts: The malware group submitted a ZIP archive with the decryptors to VirusTotal and now it plans to switch to cryptojacking.
ZDNet: Dharma (CrySIS) ransomware source code has been put up for sale online on two hacker forums.The cyber security experts: The malware costs $2,000. There could be a broader proliferation among groups, and an eventual surge in attacks. Furthewrmore, it’s undecryptable
Dharma (CrySIS) ransomware source code has been put up for sale online on two Russian hacker forums over the weekend. It has been denounced by ZDNet. The price is just $2,000, and cyber security researchers are on alarm. Several malware experts, in fact, said the malicious code sale would most likely result in its eventual leak on the public internet, and to a wider audience. This, in turn, would result in the broader proliferation among multiple cybercrime groups, and an eventual surge in attacks. The reason for the infosec community warning is that Dharma is an advanced ransomware strain. Its encryption scheme is very advanced, and has been undecryptable since 2017. The only times the malware was “decrypted”, was after unknown individuals leaked the master decryption keys — and not because of an encryption flaw.
Dharma was first spotted in summer 2016 as CrySIS. Then it became a Ransomware-as-a-Service (RaaS) operation with unique variations. it’s used for mass-distribution and targeted attacks (via Phobos)
The Dharma ransomware was first spotted in the summer of 2016, as CrySIS. It was a so-called Ransomware-as-a-Service (RaaS) operation, and the author created a service where customers (other cybercrime groups) could generate their own versions to distribute to victims. After someone leaked its master decryption keys online in November the same year, the RaaS relaunched under the name of Dharma two weeks later. For years, there has been a constant flow of new Dharma versions, as the malware received updates and new customers signed up to distribute it all over the globe, each spreading its own unique variation. As the criminal underground adapted from mass-distribution to targeted attacks, so did Dharma. In the spring of 2019, a new ransomware strain called Phobos emerged. Cyber security researchers from Coveware and Malwarebytes pointed out that Phobos was nearly identical with Dharma. But this one is not dead.