February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2022-41733 – IBM InfoSphere Information Server Vulnerability
January 22, 2023Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
January 22, 2023Rewterz Threat Advisory – CVE-2022-41733 – IBM InfoSphere Information Server Vulnerability
January 22, 2023Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
January 22, 2023
Severity
High
Analysis Summary
Dharma ransomware is a type of malware that encrypts a victim’s files and demands payment in exchange for the decryption key. It is a variant of the CrySIS ransomware family, which was first discovered in 2016. The malware is typically spread through phishing emails, exploiting vulnerabilities in software, or through the use of exploit kits. Once a system is infected, the ransomware will encrypt files and append the “.dharma” or “.wallet” extension to the file name. The malware will then display a ransom note demanding payment in Bitcoin. It’s important to note that paying the ransom does not guarantee the recovery of files, and it is generally advised to not pay the ransom and instead restore from backups or use reputable decryption tools. Additionally, it is important to keep software up to date and to practice safe browsing habits in order to prevent infections. It’s also important to note that the attackers behind Dharma ransomware have been known to use double extortion tactics, where they not only encrypt files but also steal and threaten to publicly release sensitive information if the ransom is not paid.
Impact
- Data Encryption
Indicators of Compromise
MD5
- 9220abc8a4ead7e58bc51c54d1c8343b
- a6de0d47bb017e59aefec6f4b00c2157
- b51dc59f86a48c129a128e04b7444c94
- b178705190001fcb012000eed9ba33d2
SHA-256
- 6a0017262def9565b504d04318c59f55bea136ac3dd48862d1ae90ff6b963811
- 5c2fb1c42f007093be5e463f70ee7e7192990b3385a3cbcc71043980efa312e0
- b557bf11d82d3d64d028a87584657d25dba0480295ed08447f10c7a579dee048
- b3984a2de76eee3ad20c4b13e0c0cbbab2dd6db65e3f6ca34418e79c21cf5c39
SHA-1
- 9a9c96e8d20137c0fc05e47a51f4b05383c9b08d
- a71fe7dc24be53aac39771bcddaa4654fca2a26a
- a243e2ccfad5f60e505e631626cd72fb0e535907
- db6d85f58ad3e6ebb62d92be1dbe7741023a1e7b
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders.
- Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets