The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums.
The source code of one of the most profitable ransomware families, the Dharma ransomware, is up for sale on two Russian-language hacking forums.
The Dharma ransomware first appeared on the threat landscape in February 2016, at the time experts dubbed it Crysis.
The CrySis ransomware was first spotted in by experts at ESET, the malware has infected systems, mostly in Russia, Japan, South and North Korea, and Brazil.
At the time, threat actors were spreading the ransomware via email attachments with double file extensions or via malicious links embedded in spam emails.
In November 2016, the master decryption keys for Crysis were released online, victims of CrySis versions 2 and 3 were able to recover their files.
The decryption keys for the CrySis ransomware were posted online on the BleepingComputer.com forum by a user known as crss7777 who shared a link to a C header file containing the actual master decryption keys and information on how to utilize them. The popular expert Lawrence Abrams speculates the user crss7777 could be a member of the development team.
A few weeks later, the CrySiS RaaS was re-launched under the name of Dharma.
The source is offered for a price as low as $2,000, as reported by ZDNet.
“Several ransomware experts who spoke with ZDNet today said the sale of the Dharma ransomware code would most likely result in its eventual leak on the public internet, and to a wider audience.” reads the source dharma ransomware surfacing public hacking forums
