Researchers have discovered a new ransomware campaign instigated by a Persian-speaking hacker group supposedly based in Iran.
Hackers are targeting businesses in Russian, Japan, India, and China to deploy Dharma ransomware by leveraging the Remote Desktop Protocol (RDP). Dharma ransomware made headlines in January 2017 after hacking a popular horse racing website in India.
In February 2017 after two Romanian hackers were arrested for hacking DC security cameras before the official inauguration ceremony of President Donald Trump. Both hackers were accused of distributing Dharma and Cerber ransomware.
A Russian company has its network breached because of exposed RDP connections which were exploited by Dharma ransomware actors. The same attack artifacts were later identified in the networks of many other companies in China, India, and Japan.
Hackers identify their targets by scanning the internet for IP address ranges for exposed or weak remote desktop connections. At this stage, they use the open-source port scanner Masscan. The researchers have termed these attacks as unprofessional and financially motivated.
NPAV requests users and organizations to immediately change those default ports that they use for RDP connections and implement account lockout measures. Install NPAV on your devices to avail best in class protection from all kinds of ransomware attacks.
Use NPAV and join us on a mission to secure the cyber world.