A New variant of Brrr Dharma Ransomware has been released

  • 139

Brrr Dharma Ransomware has released a new variant of their ransomware. The ransomware appends the .brrr extension to files it encrypts. The variant was first found by Jakub Kroustek.

There are however ways to protect yourself from being infected. The ransomware is usually installed by using Remote Desktop Services. The attackers usually scan such networks to find out if the computer is running RDP on TCP port 3389, they will then attempt to brute-force the password for the computer. There are many dark websites on the Internet that provide publicly accessible computers using a Remote Desktop Connection.

What is the Encrypted File Extension?

When the Brrr ransomware variant is placed on a computer, it will scan for files and encrypt them. When encrypting a file it will append an extension in the format of .id-[id].[email].brrr. For example, a file called test.jpg would be encrypted and therefore have the name changed to something like test.jpg.id-BCBEF350.[[email protected]].brrr.

The ransomware also targets mapped network drives and shared virtual machine host drives. The ransomware generates two ransomware notes on the infected computer one of them is a HTML version named Info.hta and the other called FILES_ENCRYPTED.txt which can be found on the desktop of the infected computer. The notes contain the Email address for which the victim needs to contact in order to receive the payment information.

There are so many different types of ransomware out there. If you want to help protect yourself from such issues some suggest installing Malwarebytes or Emsisoft Anti-Malware scanner on ones PC. Also, most importantly, take back-ups of your data using an off-site storage network.

Take your time to comment on this article.


Harikrishna Mekala

I am a programmer and tech enthusiast who loves to use my creative skills to solve complex problems. I also love to stay abreast of what is happening in the world of technology, reach me at: [email protected]

Do NOT follow this link or you will be banned from the site!