Author: Emanuele De Lucia Pubblication date: 17/09/2021 This report presents an overview about Dharma/Crysis ransomware. This piece of malware is often observed as late-stage payload in attacks against internet-facing systems, such as RDP. The initial intrusions usually take place via existing vulnerabilities or stolen legitimate credentials. C25 Intelligence finally reports from where Dharma variants have been operated during 2020 and how to defend against this threat. What is dharma/crysis ransomware Dharma, a family of ransomware first spotted in 2016, is a malicious program that encrypts a victim’s files and takes as hostage the data on demand for the ransom payment to restore