Dharma Ransomware’s primary method of distribution is through the use of unsecured RDP (Remote Desktop Protocol), a port commonly used by employee and/or remote workers to access a company’s network remotely. Hackers use various methods to infiltrate the network via RDP, such as bruteforce attacks, phishing and port scanning.
Once the credentials are compromised, hackers gain access to the entire network, spread Dharma ransomware and eventually end up locking the entire network out of access for the company and their employees.
The problem with RDP is that it’s not safe, and Windows is notoriously known to feature an unsecure version of remote desktop protocol. Thousands of corporate RDP credentials are being sold on the dark web for as little as $3 per credentials.