- Iranian cybercriminals have been perpetrating ransomware attacks on victims, using “Dharma Ransomware” and a combination of publicly available hacking tools. They have been mainly targeting companies headquartered in Russia, Japan, China, and India.
- The ransomware is infamously known as Crysis, which has been sold or distributed as a RaaS (ransomware-as-a-service) model since the year 2016.
- It appeared to researchers that criminals did not have a well-defined plan of action regarding what to do with the networks they had infiltrated. After establishing RDP connections, the hackers determined the tools to be used to move ahead with the attack.
- They took the help of Defender Control and Your Uninstaller to disable the pre-existent antivirus software present in the victim’s system.
– Ahona Rudra | September 9, 2020