Dharma/Crysis: Overview and Adversary Tracking

malware + Intelligence Cluster25 todaySeptember 17, 2021

Dharma, a family of ransomware first spotted in 2016, is a malicious program that encrypts a victim’s files and takes as hostage the data on demand for the ransom payment to restore the data back. It belongs to a fairly widespread ransomware family that has been successful over time, especially due to
the many variants related to it and the fact that it has often represented the basis for R-a-a-S
(Ransomware-as-a-Service) programs.

C25 Intelligence reports from where Dharma variants have been operated during 2020, its evolution and how to defend against this threat.

Download Cluster25 Report

Written by: Cluster25

Tagged as: , , .

Previous post

APT Cluster25 / September 10, 2021

A RattleSnake in the Navy

Recent geopolitical events are leading to an increase in cyber operations in the Central Asian region. Among the actors involved in these activities there are certainly those believed to be close to the Indian government, such as RattleSnake. It is [...]


Similar posts

APT Cluster25 / May 13, 2022

Cozy Smuggled Into the Box: APT29 Abusing Legitimate Software for Targeted Operations in Europe

Cozy Bear (aka Nobelium, APT29, The Dukes) is a well-resourced, highly dedicated and organized cyberespionage group that is believed to work in support of the decision-making process of Russian government since at least 2008. Nobelium primarily targets western governments and related organizations, with a particular focus on government, diplomat, political and think tank sectors.  Recently ...

Read more trending_flat

APT Cluster25 / May 3, 2022

The strange link between a destructive malware and a ransomware-gang linked custom loader: IsaacWiper vs Vatet

NOTICE After additional reviews, the team at Cluster25 has determined that the code commonality identified in the two analyzed samples contained in this blog post was coincidental. The code they had in common is aligned with Microsoft standard libraries, and therefore common for use. In this blog post, Cluster25 outlines a code match between two ...

Read more trending_flat