Recommended Posts

Any files that are encrypted with Dharma Ransomware (a new variant of CrySiS) will have an .[<email>].dharma, .[<email>].wallet or .<email>.zzzzz extension appended to the end of the encrypted data filename and leave ransom notes named README.txt, README.jpg as explained here https://malwr.com/analysis/ZjZiNTkzOGE5ZWY5NDkxNmIwZWUwOGZlOTliNWNlZDA/.

Unfortunately, there is no known way, at this time, to decrypt files encrypted by Dharma variants without paying the ransom. Our crypto malware experts who analyze these infections suspect another cyber-criminal forked the code and generated their own keys which were not part of the leaked master decryption keys for the original CrySiS variants, see here https://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/.

Share this post


Link to post
Share on other sites

Since this is a server, please make sure you change your password for RDP, if enabled, or disable it if you do not use it, as it is likely how they got access to the system.

Regards,

Sarah

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.