%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 15 0 R ] /Count 2 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 14 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250713014121+00'00') /ModDate (D:20250713014121+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 5301 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 90.596 521.469 656.138 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 90.596 l 565.984 90.596 l 565.984 745.984 l f 45.266 746.734 m 45.266 90.596 l 46.016 90.596 l 46.016 745.984 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(NEW VARIANT OF BIP DHARMA RANSOMWARE FOUND)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(November 06,2018)] TJ ET BT 183.083 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 197.591 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F1 9.0 Tf [(WHAT IS RANSOMWARE?)] TJ ET BT 61.016 617.431 Td /F4 9.0 Tf [(Ransomware, for example, CryptoLocker, WannaCry or )] TJ ET 0.373 0.169 0.255 rg BT 285.080 617.431 Td /F4 9.0 Tf [(BIP Dharma)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 285.080 616.280 m 334.094 616.280 l S 0.153 0.153 0.153 rg BT 334.094 617.431 Td /F4 9.0 Tf [(,is a type of malware that installs itself on a device, )] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [(takes files on the device or network storage, encrypts them, and then extorts money from the user to unlock the files.This )] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(type of programme can be installed by means of an e-mail attachment, an infected programme or unsafe website with )] TJ ET BT 61.016 584.464 Td /F2 9.0 Tf [(malware)] TJ ET BT 95.018 584.464 Td /F4 9.0 Tf [( installed on it.)] TJ ET BT 61.016 564.475 Td /F4 9.0 Tf [(The software "kidnaps" your data by encrypting or limiting your access to it and then sending you a message demanding )] TJ ET BT 61.016 553.486 Td /F4 9.0 Tf [(money to regain your access. The only way access is possible again is by acquiring an encryption key from the creator of )] TJ ET BT 61.016 542.497 Td /F4 9.0 Tf [(the )] TJ ET BT 76.028 542.497 Td /F2 9.0 Tf [(ransomware)] TJ ET BT 125.537 542.497 Td /F4 9.0 Tf [(at a fee. However, paying this fee doesn't guarantee that you will have access to your data again, so )] TJ ET BT 61.016 531.508 Td /F4 9.0 Tf [(doing this is a huge risk.)] TJ ET BT 61.016 511.519 Td /F4 9.0 Tf [(According to Sophos security ransomware is one of the most widespread and damaging threats that internet users face )] TJ ET BT 61.016 500.530 Td /F4 9.0 Tf [(today.)] TJ ET BT 61.016 480.541 Td /F1 9.0 Tf [(HOW TO AVOID BECOMING A RANSOMWARE VICTIM)] TJ ET BT 61.016 460.552 Td /F4 9.0 Tf [(You can practice the following security practices to avoid falling victim to ransomware.)] TJ ET BT 61.016 440.563 Td /F1 9.0 Tf [(1. Make backups)] TJ ET BT 61.016 420.574 Td /F4 9.0 Tf [(Ensure that you always have the latest backup of your work somewhere else, preferably off-site. If you do fall for a )] TJ ET BT 61.016 409.585 Td /F4 9.0 Tf [(ransomware attack, you will still have your data. Having your data off-site also protects it from events such as a fire, flood )] TJ ET BT 61.016 398.596 Td /F4 9.0 Tf [(or theft or damage to your device. Additionally, you can encrypt your device to ensure that if it ends up in the wrong hands, )] TJ ET BT 61.016 387.607 Td /F4 9.0 Tf [(they won't be able to access it.)] TJ ET BT 61.016 367.618 Td /F1 9.0 Tf [(2.Do not open attachments)] TJ ET BT 61.016 347.629 Td /F4 9.0 Tf [(If you receive an attachment from someone you don't know. And even if you do know the person, first confirm whether )] TJ ET BT 61.016 336.640 Td /F4 9.0 Tf [(they did send it to you. Just because it's from someone you know, it doesn't mean it's safe. Your colleague or friend's )] TJ ET BT 61.016 325.651 Td /F4 9.0 Tf [(account could have been hacked.)] TJ ET BT 61.016 305.662 Td /F1 9.0 Tf [(3. Scan attachments)] TJ ET BT 61.016 285.673 Td /F4 9.0 Tf [(There are tools such as VirusTotal available for scanning attachments to ensure that they are safe to open. VirusTotal is )] TJ ET BT 61.016 274.684 Td /F4 9.0 Tf [(an online scanning tool and can be found athttps://www.virustotal.com/#/home/upload.)] TJ ET BT 61.016 254.695 Td /F1 9.0 Tf [(4.)] TJ ET BT 71.024 254.695 Td /F1 9.0 Tf [(Keep Windows updated)] TJ ET BT 61.016 234.706 Td /F4 9.0 Tf [(Make sure all Windows updates are installed as soon as they come out. Also make sure you update all programmes, )] TJ ET BT 61.016 223.717 Td /F4 9.0 Tf [(especially Java, Flash, and Adobe Reader. Older programs contain security vulnerabilities that are commonly exploited by )] TJ ET BT 61.016 212.728 Td /F4 9.0 Tf [(malware distributors. Therefore it is important to keep them updated.)] TJ ET BT 61.016 192.739 Td /F1 9.0 Tf [(5. Security software)] TJ ET BT 61.016 172.750 Td /F4 9.0 Tf [(Make sure youhave some sort of security software installed. If you are unsure whether you have adequate protection on )] TJ ET BT 61.016 161.761 Td /F4 9.0 Tf [(your device, contact us to assess your security.)] TJ ET BT 61.016 141.772 Td /F1 9.0 Tf [(6. Difficult password)] TJ ET BT 61.016 121.783 Td /F4 9.0 Tf [(Use hard passwords and never reuse the same password at multiple sites.)] TJ ET BT 61.016 101.794 Td /F4 9.0 Tf [()] TJ ET q 225.000 0 0 126.750 61.016 362.582 cm /I1 Do Q endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 285.0797 616.5982 334.0937 625.7557 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (https://www.bleepingcomputer.com/news/security/new-bip-dharma-ransomware-variant-released/#.Wx4aKd0pSsY.twitter) >> endobj 14 0 obj << /Type /XObject /Subtype /Image /Width 300 /Height 169 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 6079>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$," }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?(AK@ ( \R \E4QFi3@ Fi3FhsFi3FhsFi3E.h%fLњZ(QKI@ LS 7tRPQA(4 (P!)E:R Q@ KIK@1@Xmmm3S@XJ((ZJ)vNFmmh@ E.)1@P )h,!ii)M4搚ni(SS pS P)@SJ4-.xZ\P6ѶK"Ih @ytyu>6;(RQh=mLvf:((RF40 JZJJJZ() : 40M%)p" 8H}h+Njh_ K޴"Voy4ĩKeƏ=WJQ2VOhkHfOjb S:Үh$4QF I<+_|fi)&1a$[åR'C^߇:}pQ:UyA9=>cޣ|ICܥԓ@ ~hLO9U=_EklFJBI O^m\k u{5]:cyrI&*BÂz\\-nyf".VWp`09^e~Z}+_7"ۻX3G) .e֟@ATm!",Vfh2JO0WV!?t+JO:h1yIk+)S iMY͝sFqh ѹǥYm=.iYٔqҀ"45zŮ$ Z_ 9`)@P]K3FhF\@ 6ҊMmffd%>%3]Ɵlx+u_olv"(ie=VMBo\J3g@ԭY4)&'aGՏKA7MB7%qwWgcgO͸mؙ5rO4>nAP.=\cҫPcs+ϼOhR@H`M+20_$qD.:TyBaQvq ćVI٠ 󚫏j~S0 kЭ05/KKL-xSJӗ*b"oJ'|U/j>!zC{(q S@cRI{rh[)q5"8KR tG'xᶕigM3R\x}G o XI^~c5W@Ƞz}wYX\p>J<=^-R>W']cBuh:moPݫ-Pm&qRh;gD:sb m1 gTw֠I Z~g$q\6up08bp [m*=r4LoS@T@1];ee ($ ֨^;W;šqis#eFJ1M.A&̣{P|y5(-#wCQg^3N{}ѯw$Օ-%1=yW jkZt;O`2smm/(k*}[:LJWj1isGYs_x͉:}G)@7<烿k,hU.|_2i'qҼUg@vah A񾡣7 Ez+?iͧjپ\;OZ31 V5ؙeY @Z- I<t;.Bo 8nl/DjYJʜͺ:XP mԖLW麔Mtͷ-ֻMiIWAwjXm66]փk -d@ 9qZfKrVNϧIu1x@Y]+$lOO׆\xSO#^sS.廐vxڞF -^+o0!ƞ< nh _J:]}Ǝx>G2^ K8c8yw wssks{>V{zşNinh JM&FuR1W& zъ? Mݹ}h%–cPlU?1VAlt]YݷPywp6 g>-2H"7o³@&.^Ѥh6ijTq^%9S޽^Y1iJt~g%\O@!pJu&2׊&%٠? *Ael\kWZ. >Z]5ij1*`13g#MLe2_ave5A$De&s&~I=iFGL) bdñ_M9!7hmHz3]G<3>lJ7@d-}hع1/ZS]HBH|ڲVL)61@lDW__-A.fF}+`q RGa@aKV+/]cG؀dzU ;%ܛȚF(]Q394J8QN(7Rn4 (tGP͚l"7 R0nA(ddn:&[2x#?4dWV@%\/3jdHL P!aK#IH?3ڶiJbnjU =Mб[ זGFSԮY-Tvc曫ccZĴj07V$rmÏ¢K;T(cZಎ+\W;O&Ii0yT )^y2ba8Pj ץxV*I[ZV*ȬUZ6e14E@!(MxaGVV"hUzVgM46+j8uAo hqWW>LJ}}I`kh5)jt 5jh: Zc^ϥ] CMRHZw}{'΀![vNd\ɤjKq!I?[SP(!atݥ5mgk5 J^pO5vg\q^5^.@q,wy~ǽtZ5HB\A^[}jEzazmsfj~ V%H"_Q~'TIC]ͿV@+U0UR_Y׿pK? l5?uȯP?Mf y$r*E > endobj 16 0 obj << /Length 919 >> stream 0.153 0.153 0.153 rg 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 671.767 521.469 86.217 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 671.767 m 566.734 671.767 l 565.984 672.517 l 46.016 672.517 l f 566.734 757.984 m 566.734 671.767 l 565.984 672.517 l 565.984 757.984 l f 45.266 757.984 m 45.266 671.767 l 46.016 672.517 l 46.016 757.984 l f 61.016 687.517 m 550.984 687.517 l 550.984 688.267 l 61.016 688.267 l f 0.153 0.153 0.153 rg BT 431.959 740.193 Td /F4 9.0 Tf [([SOURCE:)] TJ ET 0.373 0.169 0.255 rg BT 477.967 740.193 Td /F4 9.0 Tf [(www.sophos.com])] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 477.967 739.042 m 550.984 739.042 l S 0.153 0.153 0.153 rg BT 61.016 720.204 Td /F4 9.0 Tf [()] TJ ET 0.400 0.400 0.400 rg BT 61.016 701.715 Td /F2 9.0 Tf [(Posted in:E-mail,Security | | With 0 comments)] TJ ET endstream endobj 17 0 obj << /Type /Annot /Subtype /Link /A 18 0 R /Border [0 0 0] /H /I /Rect [ 477.9673 739.3606 550.9843 748.5181 ] >> endobj 18 0 obj << /Type /Action /S /URI /URI (https://community.sophos.com/kb/en-us/120797) >> endobj xref 0 19 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000339 00000 n 0000000376 00000 n 0000000514 00000 n 0000000596 00000 n 0000005949 00000 n 0000006061 00000 n 0000006176 00000 n 0000006296 00000 n 0000006404 00000 n 0000006532 00000 n 0000006695 00000 n 0000012942 00000 n 0000013026 00000 n 0000013997 00000 n 0000014125 00000 n trailer << /Size 19 /Root 1 0 R /Info 5 0 R >> startxref 14221 %%EOF New variant of BIP Dharma ransomware found « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

«
»

New variant of BIP Dharma ransomware found

WHAT IS RANSOMWARE?

Ransomware, for example, CryptoLocker, WannaCry or BIP Dharma, is a type of malware that installs itself on a device, takes files on the device or network storage, encrypts them, and then extorts money from the user to unlock the files.  This type of programme can be installed by means of an e-mail attachment, an infected programme or unsafe website with malware installed on it. 

The software “kidnaps” your data by encrypting or limiting your access to it and then sending you a message demanding money to regain your access. The only way access is possible again is by acquiring an encryption key from the creator of the ransomware at a fee. However, paying this fee doesn’t guarantee that you will have access to your data again, so doing this is a huge risk.

According to Sophos security ransomware is one of the most widespread and damaging threats that internet users face today. 

HOW TO AVOID BECOMING A RANSOMWARE VICTIM 

You can practice the following security practices to avoid falling victim to ransomware.

1. Make backups

Ensure that you always have the latest backup of your work somewhere else, preferably off-site. If you do fall for a ransomware attack, you will still have your data. Having your data off-site also protects it from events such as a fire, flood or theft or damage to your device. Additionally, you can encrypt your device to ensure that if it ends up in the wrong hands, they won’t be able to access it. 

2. Do not open attachments

If you receive an attachment from someone you don’t know. And even if you do know the person, first confirm whether they did send it to you. Just because it’s from someone you know, it doesn’t mean it’s safe. Your colleague or friend’s account could have been hacked. 

3. Scan attachments

There are tools such as VirusTotal available for scanning attachments to ensure that they are safe to open. VirusTotal is an online scanning tool and can be found at https://www.virustotal.com/#/home/upload.

4. Keep Windows updated

Make sure all Windows updates are installed as soon as they come out. Also make sure you update all programmes, especially Java, Flash, and Adobe Reader. Older programs contain security vulnerabilities that are commonly exploited by malware distributors. Therefore it is important to keep them updated.

5. Security software

Make sure you have some sort of security software installed. If you are unsure whether you have adequate protection on your device, contact us to assess your security.

6. Difficult password

Use hard passwords and never reuse the same password at multiple sites.

 

[SOURCE: www.sophos.com]

 

Email

This entry was posted on Monday, June 11th, 2018 at 10:21 am and is filed under E-mail, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.