Dharma ransomware variant hit garage of canadian domain registration authority

Even the strangest of places can be attacked by ransomware, as is evident by the recent attack on a parking garage used by the Canadian Internet Registration Authority (CIRA).
As a result of the attack, which happened on Tuesday (March 26) people could park there for free. The ransomware behind the strange incident appears to be a variant of the well-known Dharma family.

First of all, what is CIRA? It is a non-profit organization managing the .CA country code top-level domain, and it represents the Canadian domains globally.

Cyberattack Sabotaged Printing and Distribution of Major US Newspapers.
CIRA’s Garage Attacked by Ransomware
As for the attack, it occurred on Tuesday but the issue continued throughout the next day. The garage’s computer systems allowed CIRA’s employees without the need of verification via access cards.

That’s right, this morning the barriers to the CIRA parking garage were lifted and everyone was saved five seconds of their day by not having to scan their parking pass. What a nice little treat to start the day. However, a closer look revealed the true source of the problem, not a power failure, mechanical issue or system crash—the automated parking system had been hit with ransomware, wrote CIRA in an official statement.

It should be noted that CIRA’s parking garage is run by a separate company, meaning that the organization has not been impacted. Nonetheless, dozens of employee credit cards are possibly in that database.

It’s now known that the .ETH version of Dharma was behind the attack, as visible by the ransom note (shared in a tweet) which took over the screens of infected systems.

Even though free parking for a few days might not be all that bad, the cleanup from this hack may end up being the true cost, CIRA said.

The variant was discovered in February, 2019, when users started reporting having their files inaccessible with extensions changed to .ETH.

Dharma ransomware is one of the most active encrypting families, releasing new versions quite often. Due to the continuous evolution of the ransomware family, free decryptors for previous versions have been released by Kaspersky and Eset. However, files encrypted with the latest variants of Dharma ransomware currently cannot be decrypted for free.Even the strangest of places can be attacked by ransomware, as is evident by the recent attack on a parking garage used by the Canadian Internet Registration Authority (CIRA).

As a result of the attack, which happened on Tuesday (March 26) people could park there for free. The ransomware behind the strange incident appears to be a variant of the well-known Dharma family.

First of all, what is CIRA? It is a non-profit organization managing the .CA country code top-level domain, and it represents the Canadian domains globally.

As for the attack, it occurred on Tuesday but the issue continued throughout the next day. The garage’s computer systems allowed CIRA’s employees without the need of verification via access cards.

That’s right, this morning the barriers to the CIRA parking garage were lifted and everyone was saved five seconds of their day by not having to scan their parking pass. What a nice little treat to start the day. However, a closer look revealed the true source of the problem, not a power failure, mechanical issue or system crash—the automated parking system had been hit with ransomware, wrote CIRA in an official statement.

It should be noted that CIRA’s parking garage is run by a separate company, meaning that the organization has not been impacted. Nonetheless, dozens of employee credit cards are possibly in that database.

It’s now known that the .ETH version of Dharma was behind the attack, as visible by the ransom note (shared in a tweet) which took over the screens of infected systems.

Even though free parking for a few days might not be all that bad, the cleanup from this hack may end up being the true cost, CIRA said.

Dharma ransomware is one of the most active encrypting families, releasing new versions quite often. Due to the continuous evolution of the ransomware family, free decryptors for previous versions have been released by Kaspersky and Eset. However, files encrypted with the latest variants of Dharma ransomware currently cannot be decrypted for free.

Virus Removal Guidelines