Once again infamous Dharma ransomware hits the headlines with its new variant. This new cmb extension variant of Dharma ransomware is all set to begin an immeasurable infection campaign.
This detrimental ransomware family was first discovered by Michael Gillespie when he noticed samples uploaded to ID Ransomware.
ID Ransomware is a website that enables victims identify the ransomware that has encrypted their files. The Identification is done with specialized techniques. This includes assessing:
This cmb variant of Dharma ransomware encrypts the system files and appends the infected file name with .cmb extension. The entire format of the extension appears as .id-[id].[email].cmb.
For instance, a file called Happy.jpg after encryption would be renamed as Happy.jpg.id-BCBEF350.[email@example.com].cmb.
Once the system is infected user is informed about the encryption via 2 ransom notes. These are:
Both the notes inform users that there system files have been encrypted and contain the email contact details. Users are instructed to email at firstname.lastname@example.org to receive payment guide to get the decryption key.
Victims are recommended not to fall in the trap as once the payment is made they are ignored. Instead you are advised to undertake preventive measures to avoid the Dharma Cmb Ransomware invasion in the system.
Dharma Ransomware family including its cmb variant is distributed via Remote Desktop Protocol Services.
Remote Desktop Protocol is a communication protocol developed by Microsoft that allows two computers to be connected over a network connection. For Windows Operating system RDP server listens on TCP (Transmission Control Protocol) port 3389 and UDP (User Datagram Protocol) port 3389.
To infect the system with Dharma Ransomware family cyber miscreants scan the Internet for systems that are running RDP usually via TCP port 3389.
Once the system is identified, threat actors gain unauthorized access to the system and install this ransomware. Other systems present on the network are also targeted.
Once infiltrated this ransomware will configure system settings to achieve persistent installation. This allows the ransomware to encrypt newly created files since its last execution.
There is no way the encrypted files can be resorted. However we can follow some alternative measures to protect the system against Dharma Cmb Ransomware.
Name: Dharma Cmb Ransomware
Targeted Operating System: Windows
Symptoms: User’s files are encrypted. All locked files are appended with “.cmb” extension after the encryption and hence cannot be accessed by the user.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.