Recommended Posts

The e-mail address has been used by the Dharma/Cezar ransomware, however sometimes more than one ransomware will use the same e-mail address. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can confirm whether or not this is Dharma:

You can paste a link to the results into a reply if you would like for me to review them.

Share this post

Link to post
Share on other sites

The correct file extension pattern of encrypted files  .id-XXXXXXXX.[[email protected] ].wiki

We known this variant since October 2019. He often repeated over time.

Alas. There are no real decryptors for Dharma Ransomware to decrypt files without paying a ransom. 

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.