Skip to main content

Dharma Ransomware-as-a-Service poses major threat to SMBs

(Image credit: Shutterstock)

Small businesses are facing a growing number of ransomware threats as the programs needed to launch such attacks become more widespread.

Called the “fast food franchise of cybercrime”, Ransomware-as-a-Service enables even low-level and inexperienced hackers to purchase a ready-made solution for attacking small and medium-sized businesses, according to cybersecurity firm Sophos.

The firm named Dharma as one of the most popular offerings around, saying it provides a “paint by numbers” solution that cybercriminals have already used to extort millions of dollars from businesses.

In most cases, it’s the use of remote desktop software that serves as a point of ingress for hackers who then steal, encrypt, and hold for ransom files that are either critical to a company’s functioning or contain proprietary information that businesses are willing to pay for to keep private. 

The coronavirus pandemic left thousands of businesses scrambling to hastily implement remote working protocols, resulting in the widespread adoption of remote access software, but not necessarily the right practices for ensuring its secure use. As a result, the use of ransomware has skyrocketed in recent months, leaving many SMBs paying hand over fist to recover sensitive or mission-critical information. 

“Have fun, bro!”

Businesses can thus greatly reduce the probability of having to pay out thousands of dollars to cybercriminals by enforcing strong password management and multi-factor authentication, setting up a business VPN, and providing simple but effective security training to employees at all levels.

The Ransomware-as-a-Service model provides an off-the-shelf alternative for hackers and cybercriminals looking to wreak havoc, and greatly reduces the skill and knowledge required to attack businesses. As a result, Dharma and tools like it pose a major threat to SMBs: one need only purchase the software and gain access to a company’s network to launch an attack. Cybercriminals are then encouraged by Dharma to “Have fun, bro!” at the expense of business. 

However, there are a few simple measures companies can adopt to limit the risk of attack. According to a study by Coveware, a company that specializes in helping businesses successfully navigate and recover from ransomware attacks, 85% of such attacks are made possible by poor security around remote access.