RDP Used by Iranian Actors in International Dharma Ransomware Attacks

RDP Used by Iranian Actors in International Dharma Ransomware Attacks

Iranian actors leveraged the Remote Desktop Protocol (RDP) as part of an international campaign to target companies with Dharma ransomware. Group-IB uncovered the campaign while conducting an incident response engagement for a ...
defense contractors FTCode

Dharma Ransomware Continues to Evolve

Since 2016, the Dharma family of ransomware has continued to net its operators ransom after ransom. Its continued effectiveness is due to several factors, from the number of attack vectors used to ...
Security Boulevard
Ransomware Hit Garage Used by Canadian Internet Registration Authority

Ransomware Hit Garage Used by Canadian Internet Registration Authority

The parking garage used by employees of the Canadian Internet Registration Authority (CIRA) suffered a ransomware infection. At the end of their morning commute on 27 March, employees of CIRA arrived at ...
New Phobos Ransomware Using Same Ransom Note as Dharma

New Phobos Ransomware Using Same Ransom Note as Dharma

A new strain of ransomware known as “Phobos” is using the same ransom note employed by Dharma to demand payment from its victims. Ransomware incident response provider Coveware found that Phobos’ ransom ...