Malware
Dharma
aka Arena · Crysis · Wadhrama · ncov
According to MalwareBytes, the Dharma Ransomware family is installed manually by attackers hacking into computers over Remote Desktop Protocol Services (RDP).
Dharma, also known as Arena, Crysis, Wadhrama, ncov, is a Windows malware family.
Background
MalwareBytes reports that operators deploy the Dharma ransomware by hand after breaking into systems via Remote Desktop Protocol Services (RDP). They sweep the internet for hosts exposing RDP, typically on TCP port 3389, then brute-force the account password.
After obtaining access, they drop the ransomware and allow it to encrypt the host, and where possible they extend the encryption to additional machines reachable on the network.
Source: Malpedia (Fraunhofer FKIE).