If a demand is met in a market, this can be successful. So-called fast food franchise ransomware is a successful business model based on the ransomware-as-a-service model.
The Sophos Labes recently published the new report "Color by Numbers: Inside a Dharma Ransomware-as-a-Service (RaaS) Attack" released. For the first time, the report gives a deep insight into the automated attack script and the toolset made available to cybercriminals by the ransomware creators, including the back-end infrastructure and other malicious tools. The report also illustrates how Dharma is targeting small and medium-sized enterprises (SMEs) in 2020.
Dharma has been known since 2016 and is one of the most profitable ransomware families ever due to its service-based mass market business model. Various iterations of its source code have been published online or for sale, so many variants of the code exist today.
Dharma Ransomware-as-a-Service
According to Sophos' analysis, the main targets of the Dharma RaaS attacks are small and medium-sized enterprises (SMBs). 85 percent of attacks in 2020 were focused on tools with unprotected access, such as the Remote Desktop Protocol (RDP). These findings were made by ransomware recovery company Coveware, which also found that Dharma ransom demands are quite low, averaging $ 8.620.
Dharma is a fast food franchise ransomware. It is widespread and easily available to almost everyone. Dharma Ransomware-as-a-Service offers significantly expand the number of people who can carry out ransom attacks. In normal times, this is worrying enough. But especially now, when many companies have to adapt to the COVID-19 pandemic, many employees work remotely or in the home office and IT staff is few and far between, the risks of these attacks are even greater. The need to provide employees with remote workstations results in vulnerable infrastructures and devices, especially in smaller companies. The urgency of the situation prevents IT staff from adequately monitoring and managing systems.
$ 8.000 ransom note
With so many millions of dollar ransom demands, high profile targets, and advanced adversaries like WastedLocker, threats like Dharma are very timely too. They allow a whole different group of cybercriminals to hit multiple smaller targets and make a fortune, eight thousand dollars at a time.
More on this on the blog at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.