Mr. Ahmed

Infected by a ransomware

Recommended Posts

Any files that are encrypted with Dharma Ransomware (a new variant of CrySiS) will have an .[<email>].dharma, .[<email>].wallet or .<email>.zzzzz extension appended to the end of the encrypted data filename and leave ransom notes named README.txt, README.jpg as explained here https://malwr.com/analysis/ZjZiNTkzOGE5ZWY5NDkxNmIwZWUwOGZlOTliNWNlZDA/.

Unfortunately, there is no known way, at this time, to decrypt files encrypted by Dharma variants without paying the ransom. Our crypto malware experts who analyze these infections suspect another cyber-criminal forked the code and generated their own keys which were not part of the leaked master decryption keys for the original CrySiS variants, see here https://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/.

Share this post


Link to post
Share on other sites

Please make sure you change your password for RDP, if enabled, or disable it if you do not use it, as it is likely how they got access to the system.

Regards,

Sarah

Share this post


Link to post
Share on other sites

Hi Mr. Ahmed,

Unfortunately, there is not much you can do other than perhaps trying shadow explorer or a file deletion recovery tool.

Regards,

Sarah

Share this post


Link to post
Share on other sites

same here, I'm freaking out, what's a next step of it?  how it's gonna be then? I had important files and now I can't access them... I am in Turkey and pc is in Turkish as well, I had no clue, like what was going on, when I suddenly couldn't open the file and what it was meant to be... it's bit good to find someone else with the same problem. I have no idea what to do and what the hell is this. I've never had anything like this experienced before.

 

Share this post


Link to post
Share on other sites

oh and my desk background image has changed by other image with text, saying: '' Decrypt Files info@kraken.cc  worldcza@email.cz '' 
what can I do with it, I have no clue how does this info/text will help me... 

Share this post


Link to post
Share on other sites
On 2/28/2017 at 11:31 PM, En attendant said:

oh and my desk background image has changed by other image with text, saying: '' Decrypt Files info@kraken.cc  worldcza@email.cz '' 
what can I do with it, I have no clue how does this info/text will help me... 

If you didn't remove your infected copy of windows, that would help please press Ctrl + Alt + Delete, then choose task manager then processes, the try to find any running process like this 324342.exe then find it's Location by right click on it then Open file location, then you should upload it here: https://id-ransomware.malwarehunterteam.com/ or here: https://www.nomoreransom.org/crypto-sheriff.php so they can help.

Share this post


Link to post
Share on other sites

please help me !! 

المهم البارحة لاحظنا ان بعض الملفات في documents
اصبح لها زوج مثيل لها على شكل pdf
وعند محاولة فتح احدها تظهر على شكل رموز
وعلى شاشة الحاسوب ظهرت كتابة بدل الصورة 
الرئيسية وهي كالتالي :
Decrypt files
[email protected]
[email protected]
فهل من مساعدة رجاء
 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.