Following the leak of the source code of the CrySIS/Dharma ransomware family, cybercriminals worldwide continue to spin variants of it and deliver them via phishing attacks masked as genuine software. To gain access to the victim’s machine, CrySIS/Dharma operators abuse exposed RDP servers and also attempt to infiltrate via phishing techniques.