You can download and use this decrypter that Kaspersky released if you were hit by .dharma extension.
You can download and use this decrypter that Avast released or this decrypter that Kaspersky released if you were hit by .wallet extension.
This ransomware mostly comes via RDP, so please disable it or secure it with a strong password. Backups, multiple backups and testing them regularly are important.
Note: The master keys for .dharma, .wallet, .onion variants of Dharma (CrySiS) were released on BleepingComputer.com in the same manner as the original master decryption keys and decryptor for Crysis Ransomware were released back on 11/14/16.
There are several newer variants of Dharma (CrySiS) Ransomware with different file extensions to include .zzzzz, .cezar, .cesar, .arena, .cobra, .java, .write and .arrow. Unfortunately, there is no known method to decrypt files encrypted by these newer variants of Dharma (CrySiS) without paying the ransom and obtaining the private RSA keys from the criminals.
Our exchange server and 4 of our office PC's appear to be infected with a ransomware. However there are a number of other PC's that were connected to the network that aren't infected.
The ransomware only appears to affect the c:\users folder and below, encrypting the files and adding [firstname.lastname@example.org].dharma to the end of each filename. From what I can see there doesn't appear to be a ransom note anywhere that we can spot.
No antivirus or malware checkers that we have tried seem to spot it. The problem we have is that the PCs are still infected and if you add new files to the user folders when you re-boot the PC they get infected. Other than that it doesn't seem to stop you using the PC.
I tried scanning the file on your website but it wasn't recognised. It gave me a reference SHA1: 1ad54bb7fd696316dece1eb4b536ba883657da02[/size]
Any help would be greatly appreciated.
Edited by Grinler, 26 July 2018 - 03:31 PM.