Jump to content

Infected by a ransomware

Recommended Posts

Any files that are encrypted with Dharma Ransomware (a new variant of CrySiS) will have an .[<email>].dharma, .[<email>].wallet or .<email>.zzzzz extension appended to the end of the encrypted data filename and leave ransom notes named README.txt, README.jpg as explained here https://malwr.com/analysis/ZjZiNTkzOGE5ZWY5NDkxNmIwZWUwOGZlOTliNWNlZDA/.

Unfortunately, there is no known way, at this time, to decrypt files encrypted by Dharma variants without paying the ransom. Our crypto malware experts who analyze these infections suspect another cyber-criminal forked the code and generated their own keys which were not part of the leaked master decryption keys for the original CrySiS variants, see here https://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/.

Link to post
Share on other sites

same here, I'm freaking out, what's a next step of it?  how it's gonna be then? I had important files and now I can't access them... I am in Turkey and pc is in Turkish as well, I had no clue, like what was going on, when I suddenly couldn't open the file and what it was meant to be... it's bit good to find someone else with the same problem. I have no idea what to do and what the hell is this. I've never had anything like this experienced before.


Link to post
Share on other sites
On 2/28/2017 at 11:31 PM, En attendant said:

oh and my desk background image has changed by other image with text, saying: '' Decrypt Files info@kraken.cc  worldcza@email.cz '' 
what can I do with it, I have no clue how does this info/text will help me... 

If you didn't remove your infected copy of windows, that would help please press Ctrl + Alt + Delete, then choose task manager then processes, the try to find any running process like this 324342.exe then find it's Location by right click on it then Open file location, then you should upload it here: https://id-ransomware.malwarehunterteam.com/ or here: https://www.nomoreransom.org/crypto-sheriff.php so they can help.

Link to post
Share on other sites

please help me !! 

المهم البارحة لاحظنا ان بعض الملفات في documents
اصبح لها زوج مثيل لها على شكل pdf
وعند محاولة فتح احدها تظهر على شكل رموز
وعلى شاشة الحاسوب ظهرت كتابة بدل الصورة 
الرئيسية وهي كالتالي :
Decrypt files
[email protected]
[email protected]
فهل من مساعدة رجاء
Link to post
Share on other sites
  • 2 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...