jj1234567 0 Posted January 22, 2020 Report Share Posted January 22, 2020 MY PC EFFECTED BY RAMSON MALWARE AND THE EXTENSION IS [[email protected]].wikki Quote Link to post Share on other sites
GT500 873 Posted January 23, 2020 Report Share Posted January 23, 2020 The e-mail address has been used by the Dharma/Cezar ransomware, however sometimes more than one ransomware will use the same e-mail address. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can confirm whether or not this is Dharma:https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them. Quote Link to post Share on other sites
Amigo-A 136 Posted January 23, 2020 Report Share Posted January 23, 2020 The correct file extension pattern of encrypted files .id-XXXXXXXX.[[email protected] ].wiki We known this variant since October 2019. He often repeated over time. Alas. There are no real decryptors for Dharma Ransomware to decrypt files without paying a ransom. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.