ransomware with .zzzzz extensions

[mbvicaria 0]

Hello
I have been attacked with a ransomware virus that has encrypted my files with extension jpe, doc, xls, pdf and converted them to extension .zzzzz
How could I decrypt them?

the ransomware windows shows:

Thank you

[Kevin Zoll 309]

Any files that are encrypted with Dharma Ransomware (a new variant of CrySiS) will have an .[<email>].dharma, .[<email>].wallet or .<email>.zzzzz extension appended to the end of the encrypted data filename and leave ransom notes named README.txt, README.jpg as explained here.

 

Unfortunately, there is no known way, at this time, to decrypt files encrypted by Dharma variants without paying the ransom. Our crypto malware experts who analyze these infections suspect another cyber criminal forked the code and generated their own keys which were not part of the leaked master decryption keys for the original CrySiS variants, see here.