What is Dharma Ransomware?
Numerous computers around the world have been infected by the Dharma Ransomware. Dharma came to lime light by few malware analysts' attention in November 2016 but as time passed it was believed it died down in the first quarter on 2017.Nevertheless, after a couple of months of silence, a new variant of the virus has been spotted –. onion file extension virus. This ransomware mainly targets the directories inside the user’s directory on Windows, with encrypted files receiving the suffix [bitcoin143@india.com]. dharma added to the end of each file name. The Dharma Ransomware not only affects the computer from working properly, but every time a file is added to infected computer and directories, it will encrypt the present files unless the Dharma Ransomware infection is removed. These programs are created with the single purpose of harassing you, blackmailing you, disturbing your online experience and extorting money from you.
The Dharma ransomware is reported to target and infect terminal and exchange servers. It encrypts important and substantial data like documents, images, audio files, video files, Microsoft Office files, PDF files and database files. Post the infection the encrypted files get two extensions in a line, appended to their original names. The suffix conforms to the pattern filename’.(email).dharma’.However, various emails might be employed for the extension. In case that your system is infected you might have one of the following extensions attached to the encrypted files:
.[bitcoin143@india.com].dharma
.[worm01@india.com].dharma
.[supermagnet@india.com].dharma
.[amagnus@india.com].dharma
Also read - MBR-ONI-Bootkit Ransmware
Tricks used for ransomware distribution
To infect systems with this malware, its developers spread this ransomware actively through phishing. This is the most common method considered for the delivery of this Trojan virus by infected email messages. The cyber scammers use nasty spam campaigns to spread fraudulent emails with attached malware and unfortunately, the users often fall for their tricks.
- If you, are the only recipient of such an email from some unknown sender, company or institution, carefully investigate it.
- Think about whether you were expecting any such an email in the first place, if you have no idea why it has reached your email – it might be that you are being targeted by extortionists.
- Stay away from any unreliable attachments that might be added to the email and delete it immediately. Otherwise, Dharma can sneak in its malicious payload with some fake plane ticket, speeding ticket or any other documents that might look convincing enough to be taken for granted.
How the Dharma Ransomware Infection Works in your computer?
PC security analysts believes that Dharma Ransomware is one of the many variants of the infamous Crysis Ransomware family, which was accountable for frequent attacks since Summer of 2016. The Dharma Ransomware and its variants were spread through corrupted email attachments that exploit vulnerabilities in macros on the victim's computer. The Dharma Ransomware infection is honestly characteristic of these encryption ransomware attacks in the recent past. The Dharma Ransomware uses the same old method of AES-256 encryption to govern over the victim's data, preventing computer users from accessing their saved files. The Dharma Ransomware attacks will aim the following directories:
%UserProfile%\Desktop
%UserProfile%\Downloads
%UserProfile%\Documents
%UserProfile%\Pictures
%UserProfile%\Music
%UserProfile%\Videos
Post the infection in the computer, Dharma’s text file consists of a very short message stating that the victim's computer is unprotected, and that cyber hacker can solve this problem and restore the encrypted files. To restore the locked files, victims must contact Dharma's developers via an email address provided (bitcoin143@india.com). Further instructions are then provided. As mentioned, Dharma encrypts files using asymmetric algorithm and, therefore, public (encryption) and private (decryption) keys are generated during the process. The private key is stored on a remote server controlled by the its creator. Decryption without this key is not possible and a ransom demand is made to receive it. The cost is currently unknown, however, cyber pundits responsible for the development of ransomware usually demand $500-$1000 Bitcoins. Be careful, because most of the times, these cyber criminals often ignore victims, although the payments made. Therefore, you should never attempt to contact these people or pay any ransom. There is a high probability that you can be a victim of this scam. Manually restoring files encrypted by Dharma is currently impossible (there are no tools capable of performing this function). Therefore, the only resolution is to create your files/system from a backup.
Download Free Removal Tool
Also read - How to remove Kovter Trojan virus
How can Dharma Ransomware get into the computer?
1. Never click on a link or attachment in an email from a suspicious source.
2. Never download and install suspicious files with a double extension such as .txt.vb or .jpg.exe.
3. Never get access to illegal online contents such as gambling or porn.
4. Never download unknown “free” software from reliable source.
5. Keep a reputable and powerful antivirus program and keep it updated.
Tips to Prevent Dharma Ransomware from Infecting Your System:
1. Enable your popup blocker: Pop-ups and ads in the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs. So, avoid clicking uncertain sites, software offers, pop-ups etc.
2. Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update. By doing this you can keep your device free from virus. According to the survey, outdated/older versions of Windows operating system are an easy target.
3. Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
4. Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection. Thus always backup important files regularly on a cloud drive or an external hard drive.
5. Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like McAfee or a good Malware Removal Tool like Free Malware RemovalTool
6. Install a powerful ad- blocker for Chrome, Mozilla,and IE.