Recommended Posts

It is recommended to upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with to this site here:
https://id-ransomware.malwarehunterteam.com/

You can then paste a link to the results into a reply in your thread here.

Share this post


Link to post
Share on other sites

That could be Dharma, however sometimes e-mail addresses get reused by multiple ransomware campaigns, so I still recommend following stapp's instructions to upload a copy of a ransom note and an encrypted file to ID Ransomware to be certain:
https://id-ransomware.malwarehunterteam.com/identify.php?case=c99efba9ece440613cc60ba8b9321adec64fb499

Share this post


Link to post
Share on other sites

After you make these recommendations, please check: 

1) the accuracy of the filename with the extension added
full_name_your_file.id-XXXXXXXX.[[email protected]].com

2) ransom notes: FILES ENCRYPTED, Info.hta

3) Email from ransom notes: [email protected], [email protected]

If all of this data is the same, then your files are exactly encrypted Dharma Ransomware

Now a 1.5 year there is no successful decryption, no free public decrypters for files after Dharma.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.