In the post-pandemic world, there has been an unprecedented spike in cyber attacks. While large enterprises have the requisite financial and human resources to secure their networks, the same can’t be said about Small to Medium Sized Businesses (SMBs).
So, it makes perfect sense for cybercriminals to focus on the soft targets, namely SMBs. One of the world’s leading cybersecurity companies, Sophos, has warned about the increasing use of “Dharma” ransomware to target SMBs globally.
Dharma ransomware has evolved into a wide range of source codes, each purpose-built to do one thing, encrypt all your valuable data once access to your network has been gained. As per security experts, Remote Desktop Protocol (RPP) is the most common attack vector.
The emergence of RDP as the most commonly used attack vector highlights the vulnerabilities found in poorly configured remote access tools. Cybercriminals are using brute force attacks and stolen credentials over the dark web to break into SMB networks.
The sheer scale of Dharma ransomware attacks is mind-boggling, making it one of the most sought after ransomware codes for launching cyber attacks. The decryption process is quite complex and often results in permanent data loss.
For this very reason, once SMBs have become a victim of Dharma ransomware, it is strongly recommended not to use third-party decryption tools. As the attacker appends a specific file extension to your encrypted data files, also never attempt to rename those files.
This will also reduce your odds of recovering your data without affecting its integrity. Secondly, renaming the already encrypted files will otherwise have no impact and it is highly recommended not to do so.
On average, the ransomware payment for decrypting Dharma ransomware is around $8,500, as opposed to the prevailing average for all ransomware payments that sits in the range of $44,000. These stats relate only to the first quarter of year 2020.
The most effective safeguard against Dharma ransomware is deactivating all internet facing Remote Desktop Protocols (RDP) that are widely used for remotely accessing systems. The other obvious defense is keeping all network devices updated in terms of security.
Another strategy that can prevent you from paying ransom is maintaining regular backups of mission critical data at offline storage silos that are neither connected to the internet, nor the organizational network.
To protect our valuable cloud users, dinCloud is already offering Sophos Intercept X for Endpoints and Servers alongside its leading cloud services.