DUBAI: A Dubai-based contracting firm has been left crippled after being locked out of its own computer systems by a hacker, who is now demanding $300 in bitcoins to get the infected machines up and running again.
Mohammad Ibraheem, who works for a contracting company in Dubai Silicon Oasis, said the ransomware attack took place four days ago when the hacker infected their computers with the dreaded crypto virus, Dharma, which has left all their files encrypted.
Ransomware infections: 'All files now encrypted'
“We don’t know what to do and low long this siege will last. We have tried everything, but nothing seems to work. I have spoken to IT experts in the UAE and India but no one has been able to help. All our computers have been rendered useless,” said the exasperated Indian expat from Puducherry.
Dharma ransomware is one of the most widely spread ransomware infections around the world. The Dharma (. cezar family) decryptor has a complicated decryption process.
No decryptor released
There is no Dharma decryptor released to the public yet from any anti-virus company and there is no known method at this time to decrypt files encrypted by any of the newer variants of Dharma.
Ibraheem said he fears the virus might delete all their backup files, causing irreversible damage to the company.
With no solution in sight, Ibraheem contacted the hacker on Sunday morning via an email mentioned in the ransom note.
The cybercriminal responded immediately.
He emailed back saying he could give a decryptor to unlock the encrypted files provided we first pay him $300 in Bitcoins. He has even sent us a link directing us to a payment gateway.
“He emailed back saying he could give a decryptor to unlock the encrypted files provided we first pay him $300 in Bitcoins. He has even sent us a link directing us to a payment gateway.
"We have been advised not to give into the blackmail as there is no guarantee that he will keep his words. So for now we are not paying him anything, instead trying to figure out a solution,” he said.
What is Dharma ransomware
Dharma ransomware, which first emerged in 2016, has been responsible for a number of cyber incidents, including the takedown of hospital networks in USA.
Like many ransomware campaigns, Dharma attacks start off with phishing emails. The messages claim to be from Microsoft and that the victim’s Windows PC is ‘at risk’ and ‘corrupted’ following ‘unusual behaviour’, urging the user to ‘update and verify’ their anti-virus by accessing a download link.
If the user follows through, the ransomware retrieves two downloads: the Dharma ransomware payload and an old version of anti-virus software from cyber security company ESET.
As the self-extracting archive runs, Dharma begins encrypting files while the user is asked to follow certain installation instructions.
Once the installation is complete, the victim will find themselves confronted with a ransom note, demanding a payment in exchange for unlocking the files.
How to stay protected from Dharma ransomware
- Keep a backup of your data so that it can be restored in the case of a ransomware attack.
- Dharma ransomware attacks happen mostly via Remote desktop services. It’s therefore important to ensure that no computers running remote desktop services are connected directly to the internet.
- Install a security system which scans all attachments.
- Exercise caution while opening attachments from an anonymous sender.