Dharma ransomware as-a-service (RaaS), which is among the world's most popular, is being used predominantly to target small and medium-sized businesses (SMBs), according to a new report from Sophos.
Offers as a service, Dharma ransomware is available to whoever is willing to pay for its use. User groups (called affiliates) rely “almost entirely” on a menu-driven PowerShell script that installs and launches the components needed to distribute the ransomware across the victim network.
The report also states that the vast majority of Dharma attacks (85 percent) exploit exposed access tools like Remote Desktop Protocol (RDP), while the average ransomware demand hovers at around $8,620 (which is considered “quite low”).
“Dharma is fast-food franchise ransomware: widely and easily available to just about anyone,” said Sean Gallagher, Senior Threat Researcher at Sophos.
“Dharma’s ransomware-as-a-service offerings expand the range of people who can execute devastating ransomware attacks. That’s worrying enough in itself in normal times. But right now, with many businesses adapting to the pandemic and accommodating a need for rapid support for remote workers, and IT staffs stretched thin, the risks from these attacks is magnified.”