Dharma-Gate Ransomware

The Dharma-Gate Ransomware is an encryption ransomware Trojan that was developed using a ransomware creation kit associated with the Dharma family of ransomware. The Dharma-Gate Ransomware was first observed on April 4, 2019. The Dharma-Gate Ransomware is similar to most encryption ransomware Trojans from the Dharma Ransomware family, designed to take victims' files hostage and then demand a ransom payment. Threats like the Dharma-Gate Ransomware are typically delivered using corrupted spam email attachments and similar malware delivery methods.

How the Dharma-Gate Ransomware Infection Works

Once the Dharma-Gate Ransomware is installed on a computer, it will scan the victim's computer for the user-generated files. These may include media files, databases, documents, and numerous user-generated data containers. The following are examples of the files that threats like the Dharma-Gate Ransomware target in their attacks:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Dharma-Gate Ransomware uses the AES and RSA encryptions to make these files inaccessible, renaming them by incorporating the file extension '.id-[8 random chars].[lockhelp@qq.com].gate' to each file's name. The Dharma-Gate Ransomware will then deliver a ransom note in the form of a text file dropped in various locations on the infected device and through an HTA version of this file. These files are named 'FILES ENCRYPTED.txt' and 'Info.hta' and deliver the following message to the victim:

'All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail: lockhelp@qq.com
Write this ID in the title of your message <8 characters>
In case of no answer in 24 hours write us to these emails: lockhelp@qq.com
You have to pay for decryption in Bitcoins.
The price depends on how fast you write us. After payment, we will send you the decryption tool that will decrypt all your files.'

Protecting Your Device from Threats Like the Dharma-Gate Ransomware

Unfortunately, once the files have been enciphered by the Dharma-Gate Ransomware attack, they cannot be recovered without file backups. This is why it is especially necessary that computer users have backup copies of their files stored on guarded locations. Apart from file backups, computer users need to have a security program installed on their computers, which is used to scan their devices and intercept threats like the Dharma-Gate Ransomware regularly. A combination of good security practices, a security program, and file backups can help protect from almost all encryption ransomware Trojan attacks, including the Dharma-Gate Ransomware.