Skip to main content

Dharma RaaS is 'targeting and menacing' SMBs

(Image credit: Image source: Shutterstock/Martial Red)

Dharma ransomware (opens in new tab)as-a-service (RaaS), which is among the world's most popular, is being used predominantly to target small and medium-sized businesses (SMBs), according to a new report from Sophos.

Offers as a service, Dharma ransomware is available to whoever is willing to pay for its use. User groups (called affiliates) rely “almost entirely” on a menu-driven PowerShell script that installs and launches the components needed to distribute the ransomware across the victim network.

The report also states that the vast majority of Dharma attacks (85 percent) exploit exposed access tools like Remote Desktop Protocol (RDP), while the average ransomware demand hovers at around $8,620 (which is considered “quite low”).

“Dharma is fast-food franchise ransomware: widely and easily available to just about anyone,” said Sean Gallagher, Senior Threat Researcher at Sophos.

“Dharma’s ransomware-as-a-service offerings expand the range of people who can execute devastating ransomware attacks (opens in new tab). That’s worrying enough in itself in normal times. But right now, with many businesses adapting to the pandemic and accommodating a need for rapid support for remote workers, and IT staffs stretched thin, the risks from these attacks is magnified.”

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.