You can download and use this decrypter that Kaspersky released if you were hit by .dharma extension.
This ransomware mostly comes via RDP, so please disable it or secure it with a strong password. Backups, multiple backups and testing them regularly are important.
Our exchange server and 4 of our office PC's appear to be infected with a ransomware. However there are a number of other PC's that were connected to the network that aren't infected.
The ransomware only appears to affect the c:\users folder and below, encrypting the files and adding [email@example.com].dharma to the end of each filename. From what I can see there doesn't appear to be a ransom note anywhere that we can spot.
No antivirus or malware checkers that we have tried seem to spot it. The problem we have is that the PCs are still infected and if you add new files to the user folders when you re-boot the PC they get infected. Other than that it doesn't seem to stop you using the PC.
I tried scanning the file on your website but it wasn't recognised. It gave me a reference SHA1: 1ad54bb7fd696316dece1eb4b536ba883657da02[/size]
Any help would be greatly appreciated.
Edited by xXToffeeXx, 18 May 2017 - 12:31 PM.