Recommended Posts

Theoretically it could be Dharma/Cezar, however with only an e-mail address I can't be certain:

If you can give us more information (attach an encrypted file and a copy of the ransom note to a reply), then we'd be able to make a more accurate identification.

Share this post

Link to post
Share on other sites
32 minutes ago, GT500 said:

Theoretically it could be Dharma/Cezar

Yes, this email is known to us by malicious activity Dharma Ransomware.


Update on August 14, 2018:
Extension: .combo
Composite extension: .id-XXXXXXXX.[[email protected]].combo
Email: [email protected]
BTC: 1Q1rUuBjq9HmzDsuT9EZoYWG7J1sQFPLca

But the actors often move from different projects or participate in several at once. 

Now it can use another extension and another note.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.