Brrr Dharma Ransomware has released a new variant of their ransomware. The ransomware appends the .brrr extension to files it encrypts. The variant was first found by Jakub Kroustek.
A new variant of the #CrySiS / #Dharma ransomware: ".[[email protected]].brrr" + "FILES ENCRYPTED.txt" + "Info.hta". https://t.co/fctTtjOC3m pic.twitter.com/KHwLiAeFbJ
— Jakub Kroustek (@JakubKroustek) September 9, 2018
There are however ways to protect yourself from being infected. The ransomware is usually installed by using Remote Desktop Services. The attackers usually scan such networks to find out if the computer is running RDP on TCP port 3389, they will then attempt to brute-force the password for the computer. There are many dark websites on the Internet that provide publicly accessible computers using a Remote Desktop Connection.
What is the Encrypted File Extension?
When the Brrr ransomware variant is placed on a computer, it will scan for files and encrypt them. When encrypting a file it will append an extension in the format of .id-[id].[email].brrr. For example, a file called test.jpg would be encrypted and therefore have the name changed to something like test.jpg.id-BCBEF350.[[email protected]].brrr.
The ransomware also targets mapped network drives and shared virtual machine host drives. The ransomware generates two ransomware notes on the infected computer one of them is a HTML version named Info.hta and the other called FILES_ENCRYPTED.txt which can be found on the desktop of the infected computer. The notes contain the Email address for which the victim needs to contact in order to receive the payment information.
There are so many different types of ransomware out there. If you want to help protect yourself from such issues some suggest installing Malwarebytes or Emsisoft Anti-Malware scanner on ones PC. Also, most importantly, take back-ups of your data using an off-site storage network.
Take your time to comment on this article.