jj1234567

ramson malware

By jj1234567, in Help, my files are encrypted!

Recommended Posts

GT500    668

GT500
Posted

The e-mail address has been used by the Dharma/Cezar ransomware, however sometimes more than one ransomware will use the same e-mail address. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can confirm whether or not this is Dharma:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Share this post

Link to post
Share on other sites

Amigo-A    66

Amigo-A
Posted

The correct file extension pattern of encrypted files  .id-XXXXXXXX.[[email protected] ].wiki

We known this variant since October 2019. He often repeated over time.

Alas. There are no real decryptors for Dharma Ransomware to decrypt files without paying a ransom. 

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.