Please register to access this content.
To continue viewing the content you love, please sign in or create a new account
Dismiss
This content is for our paying subscribers only

UAE Crime

Hacker paralyses Dubai firm’s computer systems, seeks ransom

Attack renders computers useless: Ask for money to get machines up and running again



A screen shot of the infected computer systems of the Dubai Silicon Oasis company.
Image Credit: Supplied

DUBAI: A Dubai-based contracting firm has been left crippled after being locked out of its own computer systems by a hacker, who is now demanding $300 in bitcoins to get the infected machines up and running again.

Mohammad Ibraheem, who works for a contracting company in Dubai Silicon Oasis, said the ransomware attack took place four days ago when the hacker infected their computers with the dreaded crypto virus, Dharma, which has left all their files encrypted.

Ransomware infections: 'All files now encrypted'

 

“We don’t know what to do and low long this siege will last. We have tried everything, but nothing seems to work. I have spoken to IT experts in the UAE and India but no one has been able to help. All our computers have been rendered useless,” said the exasperated Indian expat from Puducherry.

Dharma ransomware is one of the most widely spread ransomware infections around the world. The Dharma (. cezar family) decryptor has a complicated decryption process.

Advertisement

No decryptor released

There is no Dharma decryptor released to the public yet from any anti-virus company and there is no known method at this time to decrypt files encrypted by any of the newer variants of Dharma.

Ibraheem said he fears the virus might delete all their backup files, causing irreversible damage to the company.

With no solution in sight, Ibraheem contacted the hacker on Sunday morning via an email mentioned in the ransom note.

The cybercriminal responded immediately.

He emailed back saying he could give a decryptor to unlock the encrypted files provided we first pay him $300 in Bitcoins. He has even sent us a link directing us to a payment gateway.

- Mohammad Ibraheem, who works for a contracting company in Dubai Silicon Oasis
Advertisement

“He emailed back saying he could give a decryptor to unlock the encrypted files provided we first pay him $300 in Bitcoins. He has even sent us a link directing us to a payment gateway.

"We have been advised not to give into the blackmail as there is no guarantee that he will keep his words. So for now we are not paying him anything, instead trying to figure out a solution,” he said.

What is Dharma ransomware

Dharma ransomware, which first emerged in 2016, has been responsible for a number of cyber incidents, including the takedown of hospital networks in USA.

Like many ransomware campaigns, Dharma attacks start off with phishing emails. The messages claim to be from Microsoft and that the victim’s Windows PC is ‘at risk’ and ‘corrupted’ following ‘unusual behaviour’, urging the user to ‘update and verify’ their anti-virus by accessing a download link.

If the user follows through, the ransomware retrieves two downloads: the Dharma ransomware payload and an old version of anti-virus software from cyber security company ESET.

Advertisement

As the self-extracting archive runs, Dharma begins encrypting files while the user is asked to follow certain installation instructions.

Once the installation is complete, the victim will find themselves confronted with a ransom note, demanding a payment in exchange for unlocking the files.

How to stay protected from Dharma ransomware

  • Keep a backup of your data so that it can be restored in the case of a ransomware attack.
  • Dharma ransomware attacks happen mostly via Remote desktop services. It’s therefore important to ensure that no computers running remote desktop services are connected directly to the internet.
  • Install a security system which scans all attachments.
  • Exercise caution while opening attachments from an anonymous sender.
Advertisement