Mintu Mangsang 0 Posted January 11, 2017 Report Share Posted January 11, 2017 Dear Sir, I would like to inform you that my pc is effected and changed my all data files extensions ([email protected]) . Please help me , what am i doing now and how to recover my data. Its very very important for me. Please suggest me. Please see the attachment file for your information. Thanks Mintu Mangsang JB.065.11.S002.R00.(OPTION-2)STAIR-2&3&4_ZBR.bak.[[email protected]].wallet JB_097_14_R01_P03-RAFTER.xls.[[email protected]].wallet Link to post Share on other sites
Kevin Zoll 309 Posted January 11, 2017 Report Share Posted January 11, 2017 Any files that are encrypted with Dharma Ransomware (a new variant of CrySiS) will have an .[<email>].dharma, .[<email>].wallet or .<email>.zzzzz extension appended to the end of the encrypted data filename and leave ransom notes named README.txt, README.jpg as explained here. Unfortunately, there is no known way, at this time, to decrypt files encrypted by Dharma variants without paying the ransom. Our crypto malware experts who analyze these infections suspect another cybercriminal forked the code and generated their own keys which were not part of the leaked master decryption keys for the original CrySiS variants, see here. Link to post Share on other sites
Recommended Posts