The source code for ransomware-as-a-service (RaaS) strain Dharma could now be in the hands of more cybercriminals, as hackers have reportedly put it up for sale for just $2,000.

Dharma evolved from the CrySIS RaaS variant after an anonymous source posted the CrySIS decryption keys online in 2016, and again several times through 2017. Dharma is commonly delivered via spam email as a Trojan in software installers. It is also commonly installed over RDP connections via leaked credentials. Said to heavily target the US healthcare sector, its developers have frequently updated it to produce encrypted files with different extensions. It sometimes uninstalls security software on the victim’s system as part of its attack.

Dharma victims have even included security surveillance cameras in Washington DC, but according to anti-ransomware consulting company Coveware, the ransomware hits small businesses especially hard and charges as little as $1,500 for file recovery.