• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
AskCyber Home » News » News » Iranian Cyber Criminals Attack with Dharma Ransomware

Iranian Cyber Criminals Attack with Dharma Ransomware

2020-09-09 by Michelle Dvorak

Iran Dharma Ransomware

Dharma Ransomware Used to Steal Money by Exploiting RDP Access

Iranian hackers are using Dharma ransomware and remote control software to compromise computers. The goal of the attacks is to steal money from victim corporations across the globe. The Iranian threat actors continue to leverage new exploitable vulnerabilities to attack organizations running that are running their businesses remotely. 

The cyber criminals that attack with Dharma ransomware target companies that use remote desktop protocol (RDP) software for tech support. RDP software is a common application used by computer tech support personnel to remote control a user’s computer. RDP software typically uses port 3389 to remotely connect to an employee’s computer anywhere in the world.

Some attackers even attempt to increase their success by exploiting CVE-2013-0213  – Samba Web Administration Tool (SWAT) that allows remote attackers to conduct click jacking attacks via a FRAME or IFRAME element.

READ: 5 Reasons Why Cyber Security Certification Is Worth It

Ransomware attacks are a major concern for corporations. The increase in people working from home gives cyber criminals more opportunities to compromise corporate assets. Phishing emails, malicious websites, and infected USB flash drives are all common ways to infect a computer or IT network with ransomware.

The typical employee working from home has little useful cyber security training, and even a basic course like cyber security essentials could help prevent an attack on corporate servers .

What is Dharma Ransomware?

Dharma, also known as Crysis, is a RaaS (ransomware-as-a-service) model. In the RaaS model threat actors write and maintain malware, however, the malware is distributed by other cybercriminals who pay a percentage of the ransom as a fee for using the ransomware.

Industries attacked with Dharma Ransomware

  • Academic
  • Automotive
  • Energy
  • Extractive
  • Financial Services
  • Government
  • Healthcare
  • Hospitality
  • Legal
  • Logistics
  • Manufacturing
  • Media
  • Retail
  • Technology
  • Telecommunications
  • Transportation

 “The fact that Dharma source code has been made widely available led to the increase in the number of operators deploying it. It’s surprising that Dharma landed in the hands of Iranian script kiddies who used it for financial gain, as Iran has traditionally been a land of state-sponsored attackers engaged in espionage and sabotage.” Oleg Skulkin, Senior Digital Forensic Specialist says. 

Threat actors exploit the knowledge of the typical RDP configuration and attack users who use weak passwords. Brute force password attacks are used to gain access to the machine.

Once the threat actor gains access to the target’s computer through the RDP software, they can remote control the compromised computer to edit, delete, or install anything they want.

Dharma ransomware was first seen in the wild in 2016. This wave of attacks started in June 2020 and has targeted companies in Russia, Japan, China, and India. 

“Despite these cyber criminals use quite common tactics, techniques, and procedures they have been quite effective,” says Skulkin.

How Does a Cyber Security Training Program Work?

A robust security policy and device management can help prevent ransomware attacks. All employees should have at least basic security training to recognize phishing emails and understand the consequences of clicking on links in emails or downloading malicious attachments.

While traditional training includes in-person sessions, a modern cyber security training program can be provided through online courses that are cost-effective for employers and convenient to schedule for employees.

Employees can take additional cyber security training to expand their knowledge or to earn certifications.

Filed Under: News Tagged With: Iran, ransomware

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version