Home Malware Programs Ransomware Java NotDharma Ransomware

Java NotDharma Ransomware

Posted: April 16, 2018

The Java NotDharma Ransomware is a Trojan that imitates the Dharma Ransomware branch of the Crysis Ransomware, which is a family of Ransomware-as-a-Service threats. Like them, it can block your files from opening by encrypting them and creates text messages recommending negotiating a ransom for the unlocking service. Malware experts recommend backing up all media non-locally and having anti-malware products quarantine or delete the Java NotDharma Ransomware.

A Trojan Remake Gone Slightly Askew

The handful of campaigns operating under the Dharma Ransomware's version of Ransomware-as-a-Service continues expanding, albeit slowly. However, malware analysts also confirm a new 'copycat' of it for this month, just after the variants of the Blammo@cock.li Ransomware, the Arrow Ransomware and the guardbtc@cock.li Ransomware. The latest arrival, the Java NotDharma Ransomware, uses some of the ransoming components and symptoms of that family, but not the same code.

The Java NotDharma Ransomware's campaign is attacking business-oriented servers with vulnerabilities such as weak passwords or lax RDP settings, and also may use other infection methods, such as e-mail attachments. The Java NotDharma Ransomware operates similarly to a revision of the Dharma Ransomware but incorporates several differences, including cases of omitting the file marker that its family is notable for inserting into the internal data of the files that it locks.

The key features of the Java NotDharma Ransomware include:

  • The Java NotDharma Ransomware uses AES-based encryption for locking your files, removes the '.' between their names and extensions, and adds its customized extension onto the end. For instance, 'flower.jpg' would convert into 'flowerjpg.java' afterward.
  • The Java NotDharma Ransomware creates Notepad files in multiple directories, although the only information in them is an e-mail address for negotiating the ransoming of the file-unlocking decryption app. However, users may be capable of decrypting their files freely and should contact a trusted anti-malware organization or researcher for additional help.
  • The Trojan also takes precautions against the victim's local backups by erasing them automatically. This attack accounts for both the Windows Shadow Copies and the StorageCraft media.

Turning Ransomware-as-a-Service into Ransomware-as-Nonprofitable

Even though the Java NotDharma Ransomware isn't a 'child' of the Crysis Ransomware family, its attacks are very similar. This threat attacks the default Windows locations for media, such as the desktop and user profile-related folders, and can lock pictures, documents, etc., permanently. Since it includes features for deleting local backups, saving your backups non-locally, such as on a detached USB, is the easiest way to guarantee that your data survives.

Other than confirming a victim of its campaign, malware researchers have limited information for analysis on the Java NotDharma Ransomware's infection strategies. E-mail attachments, browser-attacking exploit kits, and brute-force hacking of logins are three of the most relevant techniques in use for this year. Anti-malware programs can delete the Java NotDharma Ransomware or prevent an infection, but can't decrypt, or otherwise recover your files.

The Java NotDharma Ransomware is holding up to the theme of Trojans looking like something that they're not. Trying the wrong decryption solution for any file-locking Trojan is an easy way to make your files lost forever.

Loading...