Dharma
RDP Used by Iranian Actors in International Dharma Ransomware Attacks
Iranian actors leveraged the Remote Desktop Protocol (RDP) as part of an international campaign to target companies with Dharma ransomware. Group-IB uncovered the campaign while conducting an incident response engagement for a ...
Dharma Ransomware Continues to Evolve
Since 2016, the Dharma family of ransomware has continued to net its operators ransom after ransom. Its continued effectiveness is due to several factors, from the number of attack vectors used to ...
Ransomware Hit Garage Used by Canadian Internet Registration Authority
The parking garage used by employees of the Canadian Internet Registration Authority (CIRA) suffered a ransomware infection. At the end of their morning commute on 27 March, employees of CIRA arrived at ...
New Phobos Ransomware Using Same Ransom Note as Dharma
A new strain of ransomware known as “Phobos” is using the same ransom note employed by Dharma to demand payment from its victims. Ransomware incident response provider Coveware found that Phobos’ ransom ...