Recommended Posts

I really need some advice on the Dharma ransomware, we have been infected here most of the files on the server have been encrypted with a [[email protected]].gate extension.

Are there any de-encryption tool for this ransomware.

Are there any service that I can use to recover the files.

Thanks for any help

 

Regards

Neil

 

Share this post


Link to post
Share on other sites

From just the extension, I am assuming it's the variant of Dharma that isn't decryptable (Cezar). If that's the case, then the best course of action is to make a backup of any encrypted files and wait until someone is able to come up with a solution to facilitate decryption.

Share this post


Link to post
Share on other sites

Thanks for the replies.  

We are in better shape now but do have some file that would be nice to de-encrypt.

What the best way to know if a de-encryption tool becomes available.

Thanks

Neil

 

 

Share this post


Link to post
Share on other sites

Neil Tennison

If you looked at my article, you might have noticed that extortionists have  active for 2.5 years in the Dharma Ransomware project. Since then, there have been several successful decryptions - these are early versions and some variants that have been leaked keys. Now a 1.5 year there is no successful decryption, no free public decrypters.

Dharma as the previous project CrySiS was launched from the territory of Ukraine, now we know about different groups from different countries. Also, the development of Ukrainian extortionists are ransomware Apocalypse, DXXD, ODCODC, Phobos, GandCrab. They easily find accomplices from other countries in underground forums.

If the possibility of decryption appears, then this news will be picked up by the Mass Media and trumpeted at all web intersection.

Share this post


Link to post
Share on other sites
5 hours ago, Neil Tennison said:

What the best way to know if a de-encryption tool becomes available.

BleepingComputer will usually report on new ransomware decrypters, and will do end of week reviews of changes in the ransomware scene.

If you have a feed reader, then BleepingComputer has an RSS feed at the following link:
https://www.bleepingcomputer.com/feed/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.