Jump to content

Infected by a ransomware


Mr. Ahmed
 Share

Recommended Posts

Any files that are encrypted with Dharma Ransomware (a new variant of CrySiS) will have an .[<email>].dharma, .[<email>].wallet or .<email>.zzzzz extension appended to the end of the encrypted data filename and leave ransom notes named README.txt, README.jpg as explained here https://malwr.com/analysis/ZjZiNTkzOGE5ZWY5NDkxNmIwZWUwOGZlOTliNWNlZDA/.

Unfortunately, there is no known way, at this time, to decrypt files encrypted by Dharma variants without paying the ransom. Our crypto malware experts who analyze these infections suspect another cyber-criminal forked the code and generated their own keys which were not part of the leaked master decryption keys for the original CrySiS variants, see here https://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/.

Link to comment
Share on other sites

same here, I'm freaking out, what's a next step of it?  how it's gonna be then? I had important files and now I can't access them... I am in Turkey and pc is in Turkish as well, I had no clue, like what was going on, when I suddenly couldn't open the file and what it was meant to be... it's bit good to find someone else with the same problem. I have no idea what to do and what the hell is this. I've never had anything like this experienced before.

 

Link to comment
Share on other sites

On 2/28/2017 at 11:31 PM, En attendant said:

oh and my desk background image has changed by other image with text, saying: '' Decrypt Files info@kraken.cc  worldcza@email.cz '' 
what can I do with it, I have no clue how does this info/text will help me... 

If you didn't remove your infected copy of windows, that would help please press Ctrl + Alt + Delete, then choose task manager then processes, the try to find any running process like this 324342.exe then find it's Location by right click on it then Open file location, then you should upload it here: https://id-ransomware.malwarehunterteam.com/ or here: https://www.nomoreransom.org/crypto-sheriff.php so they can help.

Link to comment
Share on other sites

please help me !! 

المهم البارحة لاحظنا ان بعض الملفات في documents
اصبح لها زوج مثيل لها على شكل pdf
وعند محاولة فتح احدها تظهر على شكل رموز
وعلى شاشة الحاسوب ظهرت كتابة بدل الصورة 
الرئيسية وهي كالتالي :
Decrypt files
[email protected]
[email protected]
فهل من مساعدة رجاء
 
Link to comment
Share on other sites

  • 2 months later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...