If the user clicks on the link, the ransomware unloads the Dharma ransomware cargo and an old version of ESET anti-virus software. The ESET AV Remover installer automatically launches after executing the self-extracting archive, gaining the victim's concentration while the Dharma ransomware encrypts the hard drive unobserved.

According to Danny Palmer, writing for ZDNet, "Dharma first emerged in 2016 and the ransomware has been responsible for a number of high-profile cyberincidents, including the takedown of a hospital network in Texas late last year." The group behind Dharma regularly seeks to update their campaigns to guarantee the attacks remain effective and have the greatest probability of extorting ransom payments in exchange for decrypting inaccessible networks and files.

"Dharma is proof that the traditional methods to prevent or detect threats are just not working," Mehul Patel, director of product marketing at Palo Alto, Calif.-based Menlo Security. Patel added perfect prevention of breaches is impossible, so a key part of the strategy needs to be isolation and containment of an attacker's ability to do damage. "Though ransomware attacks have not made as many headlines in 2019, this attack could be a foreshadowing of more to come."

Upon conclusion of the installation, the target faces the bill, a ransom note, insisting on cryptocurrency imbursement to unbolt their files.

A malware attack on Wolters Kluwer, a popular tax and accounting software platform, left many in the accounting world unable to work during a during a busy filing period in early May; and sparked concerns about the security of the tax return and financial information stored on the company's cloud servers.

The $4.8 billion company The Netherlands-based Wolters Kluwer provides software and services to the top 100 accounting firms in the U.S., 90% of top global financial institutions and 93% of Fortune 500 companies, according to its web site. After the attack, Wolters Kluwer took many of its systems offline to thwart the malware from spreading leaving many tax and accounting services, as well as vital storage services, immobilized to work, access client tax returns or personal data.

A written statement issued by the company, said it saw no evidence of stolen customer data or a breach of confidentiality. "Our investigation is ongoing."

Patel weighed in again. "Professional services companies are especially vulnerable because many have not invested in a comprehensive security strategy that can respond and contain attacks quickly." In addition, Patel noted many companies believe that security is just buying the best products. "What they need to realize is that many of the leading vendors cannot protect them from some of the advanced attacks out there, and this is a perfect example of how this approach can fail and lead to disastrous results."