Dharma-Ninja Ransomware

The Dharma-Ninja Ransomware is a file-locking Trojan from the family of the Dharma Ransomware or the Crysis Ransomware. The Dharma-Ninja Ransomware can block media throughout your computer and remove their backups. Users should try not to pay the ransom it demands and, instead, restore from a secure backup after uninstalling the Dharma-Ninja Ransomware with a trusted anti-malware product.

Ninjas on the Loose and Stabbing Your Files

Further samples that bolster the numbers of Trojans calling from the Dharma Ransomware family are arriving, which is a particularly active Ransomware-as-a-Service. While old samples go back to the original Dharma Ransomware in 2016 and its immediate ancestors, others also are out in the wild as of 2019, such as the Kr Ransomware, the hardware-referencing Nvram Ransomware, the Group Ransomware and the Dharma-Ninja Ransomware. The last of these Trojans offers all the same problems as the first of them: blocking content with encryption for hostages in an extortion scheme.

The Dharma-Ninja Ransomware uses what's the 'industry standard' in cryptography, AES with an additional RSA key, for locking files, excluding critical program components, but including text documents, pictures, and most other media kinds. While this attack is one that it shares with other families like the STOP Ransomware and the newfound the PureLocker Ransomware, the unlocking solution is unique. It requires information that the Dharma-Ninja Ransomware threat actor retains while awaiting a ransom payment.

Besides the encryption feature, which includes a 'ninja' extension-adding routine for visibility, the Dharma-Ninja Ransomware also wields the usual anti-backup attack. It issues CMD commands for removing the Shadow Volume Copies in Windows environments, which disables one of the universal data recovery solutions that an unprepared user might have on hand. Users also can find ransom notes that recommend contacting the threat actor for ransom-paying information – but making a payment doesn't correlate to any file recovery or unlocking help directly.

Assassination-Proofing Your PC's Data

The Dharma-Ninja Ransomware is a 32-bit program for Windows that includes the usual, tiny size for its executable. While its samples are proving unilluminating concerning its distribution exploits, many threat actors prefer hacking networks or servers that are already vulnerable before dropping the file-locking Trojan onto it. Circumstances serving as 'welcome mats' for such incidents include using inappropriately-fragile passwords, leaving RDP open to the public, having open ports, or not updating the software associated with server infrastructure (such as WordPress).

All users also should make a point of avoiding unsafe download sources that could serve as delivery sources for threats like file-locker Trojans. Malware experts recommend downloading any updates only from definitively-authentic links and refusing illicit downloads, including illegally-distributed media or piracy-related utilities like key generators. All of these themes are recurrent with file-locking Trojans' distribution models.

While unlocking content directly by decrypting them is, usually, impossible, the users also can protect their files with an appropriate backup and anti-malware tools for deleting the Dharma-Ninja Ransomware by default.

The Dharma-Ninja Ransomware offers a reheated plate of leftover payloads from attacks that have gone on since the first Crysis Ransomware infection. If there are any noteworthy differences between it and the Trojans of yore, it's that decryption is even more difficult than ever – making it even more critical that everyone has a backup plan.