Source Code of Dharma Ransomware Put up For Sale on Russian Hacking Forums

  • The source code is offered for a price as low as $2000.
  • Dharma, also known as Crysis, was first spotted on the threat landscape in February 2016.

The source code of one of the most profitable ransomware families, is available for sale on two Russian-language hacking forums. The source code is offered for a price as low as $2000, as reported by ZDNet

Timeline of the ransomware
Dharma, also known as Crysis, was first spotted on the threat landscape in February 2016. The ransomware has infected systems in Russia, Japan, South Korea, North Korea, and Brazil. 

The Crysis authors had created a service where customers could generate their own version of the ransomware to distribute to victims. The propagation method varied from spam campaigns to exploit kits or brute-force attacks on RDP endpoints. 

While decryption keys for some ransomware were leaked online in March 2017, Dharma operators continued to operate silently, building their Ransomware-as-a-Service (RaaS) model into one of the biggest ransomware networks in the cybercrime world. 

According to the FBI, the ransomware operators have made over $24 million from its victims between November 2016 and November 2019. 

What to expect?
Three new versions of Dharma ransomware were discovered in the last week alone. This indicates that criminal groups are still relying on Dharma’s code to launch new attacks. Now, with the availability of the source code online, threat actors will able to create their own versions of the ransomware and start distributing them, thereby increasing its threat level.