A new variant of the Dharma Ransomware was discovered that appends the .bip extension to encrypted files. It is not known exactly how this variant is being distributed, but in the past Dharma is typically spread by hacking into Remote Desktop Services and manually installing the ransomware.
The Windows Remote Assistance tool that ships with all Windows distributions can be can be abused for clever hacks in targeted attacks.
Today a reader sent me info regarding the LockCrypt Ransomware still being actively distributed over hacked remote desktop services. This variant, when installed, will encrypt a victim's files and then append the .1btc extension to encrypted file names.
Today we are going to take a quick look at a new ransomware called RSAUtil that was discovered by Emsisoft malware researcher xXToffeeXx. RSAUtil is distributed by the developer hacking into remote desktop services and uploading a package of files.