Dharma ransomware
-
Any one have any experience with this bugger? I am involved (board member) with a non-profit agency that was recently his with a variant of this. All files have been encrypted and now end with "india.com.wallet".
They have fired their existing IT "professional" and hired a replacement company that is working to resolve the situation. At this state, they have decided not to pay the ransom. Backups are not up-to-date, so they will need to recreate some of the data.
Thoughts or suggestions?
-
Sounds like they have things well in hand. Are you wondering if there is anything to do now that the ransom is required?
-
Lots of user training for the entire staff. The only way to prevent these infections is to keep Janet in accounting from clicking every damn thing she sees. Training and better backups... which they may actually have to pony up some $$$ to do properly.
-
@scottalanmiller I learned of the encryption last night and just now received a copy of the critical incident report to review. They are proceeding with the understanding that the files can't be unencrypted without paying the ransom.
I know that solutions have been to decrypt other ransomware. From my brief research, I haven't seen a solution for this one.
-
@RojoLoco My understanding is that this wasn't an end-user issue. Rather, the prior IT guy left a router protected by a weak password.
-
@Danp said in Dharma ransomware:
@RojoLoco My understanding is that this wasn't an end-user issue. Rather, the prior IT guy left a router protected by a weak password.
Ouch. Then they will need to hire at least 1 competent IT person. Hopefully they won't become a target after being successfully attacked (not paying the ransom helps with this).
-
Found this post from earlier today on bleepingcomputer.com.
It would be wonderful if these can be used to build a decryption tool.
-
@Danp said in Dharma ransomware:
Found this post from earlier today on bleepingcomputer.com.
It would be wonderful if these can be used to build a decryption tool.
yes and no.
yes because someone doesn't have to start over - no because the company not might really step up their IT game.
-
@Dashrender Oh.. they are definitely stepping up their IT game. New MSP is hired already. I'm reviewing their $26K proposal, which includes new security devices, new server, new backup appliance, etc.
Some of their recommendations call for solutions that I don't have experience with, so I'll start another thread to seek input on that.
-
OK so I just updated my lab copy of XO, and it worked without issue. I'm gonna snapshot, and try the update again and see if it breaks.
-
In my best JB voice -- "FFS. WTF does this have to do with the current discussion?!"
<gd&r>
-
@Danp whoops wrong topic.
-
-
@Danp said in Dharma ransomware:
@Dashrender Oh.. they are definitely stepping up their IT game. New MSP is hired already. I'm reviewing their $26K proposal, which includes new security devices, new server, new backup appliance, etc.
Some of their recommendations call for solutions that I don't have experience with, so I'll start another thread to seek input on that.
Now thing is to make sure they don't over spend....
-
@Dashrender Exactly see new thread here.
