Robion3090

.Dharma Crypto Variant - I have a working KEY

Recommended Posts

Hello World ! ,

I work for a MSP/SOC, One of our customers has been severely infected across a large file share server that has poisoned their Ability to work, The customer is a non profit adoption organization based out of the West Coast.

As of now Our company has paid for the 9000~$ (12BTC) ransom for this company as they could not afford to pay. However, as of now, they have managed to compromise approximately 17TB's worth of data. The Ransomware " Support" as we will refer to them as temporarily, Had provided me with a Decryptor and a key to decrypt the files with that I am currently in possion of, and was able to use to free up approximately 10TB's of data, However it appears there is still a TON of data that needs decrypted, Due to what appears to be a " Logic Bomb" as I will call it for the time being, it appears some kind of integer or time frame was allowed on this specific decrypor they provided to prevent us from using it after a period of time or switch was flipped. and is now requesting more money, ( Approximately 10 more bitcoins ) again thats too much money.

I attempted to use the EMSISoft Decrypter with the private key provided to us However it does not appear to allow us to use this (feature does not appear to allow us for use) If i can provide or work with your team to develop a new decryptor for this it can be mutually beneficial to us all

I will go ahead and attach the key for this ransomware, and a copy of the infected file, as well as any other supporting documentation that you will need. Please do to not hesitate to call me, I have sent my phone number with this same post to [email protected]

I would love to help out the community and our customers were possible by helping the cause to crack down on these cryptographers

Ron Ratliff,

A+, Net +, CCNA,C|EH, MCP

Share this post


Link to post
Share on other sites

This is the key they told us to use: and it worked, However the application does not work they provided us, If somone can use another application to crack the encryption let me know. 

EAAAAOBCpNdfDO5c8lD5BcmFYKoFz1qs9ic9JMv138gxRl9FTKkFhO8IdrSx/X1NX/qT1d0m7Usg6G57Qm4VHmA8qU7FTeCT5jQAKHhrds0v5nrjckCLJ7eDQLZjfHnDRgOuLpFPGqnH/ISPpp8n+SKO/v3suQ30Kd+1KWTv3+sEs2IXnvqNBUJVr2UoF94f44o2LleU7x5ArRvrnVpbl17sPO359QC/O06rYb3zwNkfxgDM5QLlbRZmloNvfL566VXik/qGsxHPSDjh2aMl6fTXBx6dNSvP1KasmU+7LmdmM7qXOVZ+H0ie4/vkmf0VzqT6TH7ZRQRWrQBmiNN5zvZCWZtaR6JereN2APTQLc2lP0I14q9z/PAUjubpuCSI4Ert8Gge/MIrLRkRTPDDZ0lepAPHCIZqpTBzwVL93wUHSJO305Nb7y/3Ryhc5Cq1GayOV3If2cs57q6QRn1XNfGXbZXj/OyjzLQ2zv7kER6jpvdqGcbxqIg36y83kUjgLcposu42oDNn3tYCsZ51P1W2H44upvlgE/tNh7ceZn93SEw4/htBh1YAlTaQ+ufZgkV0nqqSwM123DhM9FaDXuM9rZTk78ZK1c6FQuwBT4xuVIzWQLMIw4pAetzCbMsU27sCo/h+CgdTUffDCekzroZpDWtboOSn/4eIitWE82PDequEgVXy9aDG1ylQM4Go1evSfEoYBccf6eORDYQACYGj1zG2ccqCSEXcK+bzesFdTos2io67Nss7fHggJi0mOLpirU3dI/NTAIvXBmkUeRsBp4s1BCFRGfueq1t3zHjVM0FluUoXAl8NKx9ZEe4+Deer+W3KtM7Oc/O3Kv74PnmERGAstOqthpc7nfg8m/cSeELUsDL8myr+TApn6MhE+2BYr4YHJ3sDzo/PbjB5Lwr72q5n9bc0E8nOMXcnYxM8fYun2otNyZhgqhuPrjHrPPj9cGN8r3LzLsZEHPzljYiD4WLu5KLVmuJieexn21WNp9SlJ2KEpg53I1HKASsGVF9M19mZo7JCmJpNjO5Vj4eeY093VGmasYKBTfGW4NETqSN0PLq8EbTYfFBM0P/8SjUu1Hjk2z7wuOdmdY3daL0Z5YONIIUWGUIaEwTUVGH3S6DqTyFvz1aZ8jpw5/ni1fSvIn9Tkrkq5PLCDxvKg/sMsHZzFUy8oTzhFkacAHajikxsytygi4bNRZmSIhBEB5Bdq8Fwiu4AJ8lH5Noe8ndQxZNohU3kfoEe/eYkbvNVwTdzHFwBeTbzzEPNtt2W6mPXXsEKIq0OAmnt2wFnEpwaUNHRCzNLS8ku54N/2z7hhWuxfqCJ5cGaiJ+hDHssC2zt+F/07YYPhK3pQEcwaSDRmMzbeCOnb502ai2O2BcD+A3WBlpxFogLxEIGcvBbEzF7A2zvwqYWtsomtV3d/Z5Fetfyv0DuJqMmkjfy2xTJJbCC9V6ScmsHC4arPFZ/M1FhHEzi2lvOxYHygt/W0g3bTul6IXb7hmGjdNXLYHhDtJSom+1wRDveR1ASLic/gTekNpaoEInRgqnLvhEsMOojOLm//cP86AxY4lzEBSZJ6gEdIXZDFt/gdpTfDC4reA+PMqkHpoQ5UZwYeNLxGlRXc/t0l1bYPpu80hCIJxwf9tiDZ/+KxsncetRlGrWMFVkD2FYvChYOYZN9Y0RiLD/8t1yIRw0+oFEpDG6yCYAkbMhccmZkRxF0VpK4ecu/ZTGFhvdwBsU1DtYCjqElxpLQalBcv1jAsNKOZdzLeHwbVeP4dQ4QJsmLcKhU3vUMkf3PMWz8GHTP5YCZyLGAAJoGldsivZvBEHgUqTxOG/BZm3686Qntk9RuGlO24DLtN83LQDjcolGhkyMD672qTPrPBKZ2V0vM7e07XAVmTEjASM3K/P5Z/GpA3xvPq2EZV+Fh/sPzNCJkNj0nW5EGVqZ+csJyi3Cy4FQW8ZW3xP5DK0ZOS8biEMYFAYe3B+fOC27zl1mMoCudpWTZ3s4sTEDYSB8MQf9S4R8qU731Yui+zNtpxWrg8Q7m5ikZnsxOSCpGdeJ5bK4KNlbYjaflc1Iyo7oUD/dDzDsypZw+DCITAkNt7gtT7aG//GtfbEHYOzHAJvXQbJT8zxVWYpuZVknTned32WEIejobMZAEaItkg3rNv9EiiSXjbnliIU4fuwz3URuOguNbkPlHKmDJCVG6PJV+GZFmjJu8aM2rscctxmfNhZ5IS6tqBw2zqV8Q4qxJ71cMHJ0NtFUhKLMG0wQtzVVAyfOeL8MEWe0CJO7MGqKAWxtlrehSYTHgB3+QZdnXZhiitpGW5YG9ePfnsEW66GXNvZC0DCJ6tefIw8BubmRovACFX7R1KRKjU2iQzIeBETNenkCAIyQ41jwuOPuxzAerNSmyUAK4hZPXQlESD6RlfyA03N6VenxMOFaH5nP8U4k0fIgF97HfTV3oV6k5ntrQPYVWHET8ps7Z+9fkyp1hZEluK0/icvSzS6mR3S9U7ztdl7a0S07LCN0B0GR2YQ0Daju7zo61Lk6LoSv/wu4KMICYGuQsJ3FksteAnHmVsStJAWk/7v/gREpgGWBHq6U4Ybidt+gv//PmI/KqfYs+sQ0XaQByOb79ccrQhRnKMrnzeGKsVGMX5rNnmduaqk8PVWg8YDl8R534oGnSZCyKmhawhOPtRhRLFhE2WLshTdWjCHqnLwUga1Uq2Zfe/qGEKsZxn3CQlL0ujYaUAlKErmyzDnBJrQmcNXjuh0TrTwMJfChAcGgTLziE8PPBy0uJRoMQHXs66TmXMFkAqijv+gxf9iurfBPQtLnYSyBSvWaKxwwQFKxqa82/M0pZwcwrTrJm3STnMpsyUAEN2rkhZ+0ZgDtLB6nv40BnLN19Q84olZzm+HJ6WekLQCardQMzUaaJGlidlZH4e0WObpq/jIRTXLKX3CTX10iIqz1Dkt/W15FxUlgpxgfjzY7a+CirVoRN6GKVw0kpen8S2UfwJdMU58bs0g9lmYNK7N0qhxp43mMTTEYRqjp+9PjCL2YSvFoDiSUrB6g6HsmWOJ1f/wWb7AyngSKCCmVosj1SPjp/dYz/TFmy4Uv1AbIIlj9vjj5LOTdQP2bSDyRzgy68QJeOBK38a8y40YSriYCXplMt2iOkYB/75x/nBrsorMR4AytEtOlU0DMMe7UmCAEPjkrOEUnQqUfWE+GJ0XlrJqv1bXrReWZyl8Z8jCo5LF3kl8erkQJs+vOOJhC7ZLHfyTS7Q+OQ0b7xdLc4LvIrxd0tuAgTXAB9OjlHZDVqCbcKkjgBEHl/ETncb3RLcdTTicyHztgCguR0Nqmy6t+xOlBYIUFsc8qiztN81Z6Mhpauzv/qtrrdhb6jZA88Gxy3AEmN3sJ5DqgjYjp5fWCx1ryu32+B0FJvFApg0CNA+he+BjNR

Share this post


Link to post
Share on other sites

Ron,


We do not provide a decryption tool for dharma or its variants.  Dharma belongs to the Crysis family of Ransomware.  If  the key they sent you does not work for all files, then they are not recoverable.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.