[email protected] ransomware help please

[milan degda]

my windows server 2008 x64 infected with [email protected] ransomware & all user rights just gone can not take ownership of any damn file !!!

anyone please help to decryptor of this. need really bad.

 

Edited February 20, 2017 by milan degda

[ShadowPuterDude]

Any files that are encrypted with Dharma Ransomware (a new variant of CrySiS) will have an .[<email>].dharma, .[<email>].wallet or .<email>.zzzzz extension appended to the end of the encrypted data filename and leave ransom notes named README.txt, README.jpg as explained here https://malwr.com/analysis/ZjZiNTkzOGE5ZWY5NDkxNmIwZWUwOGZlOTliNWNlZDA/.

Unfortunately, there is no known way, at this time, to decrypt files encrypted by Dharma variants without paying the ransom. Our crypto malware experts who analyze these infections suspect another cyber-criminal forked the code and generated their own keys which were not part of the leaked master decryption keys for the original CrySiS variants, see here https://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/.

[Sarah W]

Since this is a server, please make sure you change your password for RDP, if enabled, or disable it if you do not use it, as it is likely how they got access to the system.

Regards,

Sarah

[Sarah W]

Hi,

If you haven't seen, Kaspersky and Avast have released decrypters for the .wallet variant of Dharma, since the keys were released this week. 

https://www.bleepingcomputer.com/news/security/wallet-ransomware-master-keys-released-on-bleepingcomputer-avast-releases-free-decryptor/

Regards,

Sarah