MrB Ransomware (.mrB Files) – Analysis & File Decryption

MrB is a novice ransomware sample. Remove it before recovering the files

MrB ransomware is a new Dharma ransomware sample, discovered on February 21, 2024. It is distinctive for applying a complex extension to the encrypted files that ends up with “.mrB”. This ransomware primarily attacks small corporations and asks the ransom only for decrypting the files, i.e. it does not practice double extortion. Jakub Kroustek was… Continue reading MrB Ransomware (.mrB Files) – Analysis & File Decryption

SYSDF Ransomware (.SYSDF Files) – Malware Analysis & Removal

New Dharma sample encrypts user files and adds .SYSDF extension to them

SYSDF is a ransomware-type program that belongs to the Dharma malware family. Such malicious software aims mainly at small companies, aiming at file encryption with further requests for ransom payment for their decryption. It was originally discovered by Jakub Kroustek on February 16, 2024. What is SYSDF Ransomware? SYSDF ransomware is a yet another example… Continue reading SYSDF Ransomware (.SYSDF Files) – Malware Analysis & Removal

Dharma Ransomware Criminals Captured in Ukraine, Europol Reports

Another successful operation of law enforcement lead to the detainment of the Dharma ransomware group leader

On November 28, 2023, Europol claimed successful detainment of ransomware operators, particularly related to Dharma and Hive ransomware. The operation took place in 4 Ukrainian cities, and is most likely a continuation of a similar operation from 2021. Dharma Ransomware Actors Detained in Ukraine In the statement on the official website, Europol claimed searches in… Continue reading Dharma Ransomware Criminals Captured in Ukraine, Europol Reports

Tycoon ransomware uses exotic JIMAGE format to avoid detection

BlackBerry experts have discovered an unusual multi-platform (for Windows and Linux) ransomware Tycoon. It is written in Java and uses JIMAGE image files to avoid detection. Researchers believe Tycoon was used for targeted and very rare attacks, in favor of this theory says number of victims and applied delivery mechanism. Thus, the ransomware was clearly… Continue reading Tycoon ransomware uses exotic JIMAGE format to avoid detection

Dharma ransomware source code put for sale

ZDNet reports that the source code for one of the most profitable ransomware of our time, the Dharma ransomware, was put for sale on two hacker forums last weekend. Sources are sold for $2,000. Let me remind you that this year the FBI called Dharma the second most profitable ransomware in recent years during its… Continue reading Dharma ransomware source code put for sale