Threat Database Ransomware Dharma-Ninja Ransomware

Dharma-Ninja Ransomware

Ransomware threats are among the most popular malware types nowadays, undoubtedly. There are ransomware-builder kits, which have made the creation of ransomware threats easy exceptionally and have thus lowered the entry bar allowing an ever-growing number of cybercriminals to create and propagate this malware kind. One of the newest spotted ransomware threats is called the Dharma-Ninja Ransomware. The Dharma-Ninja Ransomware is a variant of the very popular Dharma Ransomware.

Propagation and Encryption

It is not known how the Dharma-Ninja Ransomware is being spread exactly. Some researchers believe that the authors of the Dharma-Ninja Ransomware may be using mass spam email campaigns, fake software updates, and bogus pirated variants of legitimate applications to propagate this nasty file-locking Trojan. The Dharma-Ninja Ransomware makes sure first to scan the system, as soon as it compromises the targeted host. The objective of this is that the threat can locate the files of interest successfully. The Dharma-Ninja Ransomware targets a long list of popular file types, as this makes it more likely for the victim to consider paying up. Upon completing the scan, the Dharma-Ninja Ransomware starts the encryption process. When a file is locked by the Dharma-Ninja Ransomware, its name will be changed. This data-encrypting Trojan appends a '.id-.[].ninja' extension at the end of the filename of a locked file.

The Ransom Note

Much in the fashion of most ransomware threats that belong to the Dharma Ransomware family, the Dharma-Ninja Ransomware drops a ransom note named 'FILES ENCRYPTED.txt.' The note is rather brief and vague, but it informs the users that their data has been encrypted, and the only way to retrieve their files is to pay a ransom fee. There is no specific sum mentioned, and it is likely that the attackers will only disclose this information when the victim contacts them. To get in touch with them, the authors of the Dharma-Ninja Ransomware provide and email address – ‘'

You are counseled to keep your distance when it comes to cyber crooks. Such shady individuals deliver on their promises rarely, and you will likely never receive the promised decryption key. This is why it is safer to trust a reputable anti-virus application to remove the Dharma-Ninja Ransomware from your system and protect it in the future.


Most Viewed