By Matt Lipman | November 20, 2018 | 0 Comments
IBM at their Security Intelligence blog reported something worrying. Researchers discovered a brand new strain of Dharma ransomware that’s able to evade detection by nearly all of the antivirus solutions on the market.
In October and November 2018, researchers with Heimdal Security uncovered four strains of Dharma, one of the oldest ransomware families.
Dharma appends various extensions to infected files and is a variant of CrySiS. What’s more concerning, the threat actors behind the ransomware continue to release new variants which are not decryptable.
Unfortunately, one of the strains evaded fifty three antivirus engines listed on VirusTotal and fourteen engines utilized by the Jotti malware scan.
Only one of the scanners detected the strain’s malicious behavior. This is concerning, especially because ransomware has been wreaking havoc lately. There have been over 3 dozen ransomware attacks on municipalities, corporations, and individuals. They’ve resulted in million dollar losses.
However, now these new strains of ransomware are being evaded by antivirus engines altogether.
In its analysis of the hybrid strain, Heimdal found a malicious executable born through a .NET file and another associated HTML Application (HTA) file that, once unpacked, directed victims to pay a ransom in bitcoin.
Ransomware asking for bitcoin has increased due to it’s secure and anonymous features that make it perfect for hackers.
As a result, people have begun to face ransomware’s dilemma: Should you ever pay the ransom?
New strains of ransomware are developing faster than the technology we use to evade them.
However, there are a few ways we recommend you battle this threat: