[BreachExchange] A New variant of Brrr Dharma Ransomware has been released

Destry Winant destry at riskbasedsecurity.com
Tue Sep 18 23:41:26 EDT 2018


https://latesthackingnews.com/2018/09/18/a-new-variant-of-brrr-dharma-ransomware-has-been-released/

There are however ways to protect yourself from being infected. The
ransomware is usually installed by using Remote Desktop Services. The
attackers usually scan such networks to find out if the computer is
running RDP on TCP port 3389, they will then attempt to brute-force
the password for the computer. There are many dark websites on the
Internet that provide publicly accessible computers using a Remote
Desktop Connection.

What is the Encrypted File Extension?

When the Brrr ransomware variant is placed on a computer, it will scan
for files and encrypt them. When encrypting a file it will append an
extension in the format of .id-[id].[email].brrr. For example, a file
called test.jpg would be encrypted and therefore have the name changed
to something like test.jpg.id-BCBEF350.[paydecryption at qq.com].brrr.

The ransomware also targets mapped network drives and shared virtual
machine host drives. The ransomware generates two ransomware notes on
the infected computer one of them is a HTML version named Info.hta and
the other called FILES_ENCRYPTED.txt which can be found on the desktop
of the infected computer. The notes contain the Email address for
which the victim needs to contact in order to receive the payment
information.

There are so many different types of ransomware out there. If you want
to help protect yourself from such issues some suggest installing
Malwarebytes or Emsisoft Anti-Malware scanner on ones PC. Also, most
importantly, take back-ups of your data using an off-site storage
network.


More information about the BreachExchange mailing list