Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dharma ransomware (filename.[<email>].wallet/.ceser/.arena) Support Topic


  • Please log in to reply
1642 replies to this topic

#1636 650mb

650mb

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 10 October 2017 - 10:06 AM

I have a windows server with all encrypted files by .arena variant (documentes, mysql, ecc.) and no backups. I need urgent help (i offer a reward to anyone who gives me some help). Here is an example of my encrypted files

 

I need a decoder but any help is appreciated

I need a decoder but any help is appreciated



BC AdBot (Login to Remove)

 


m

#1637 Ernst678

Ernst678

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 10 October 2017 - 01:13 PM

I was inhected october 3 by ramsomware arena. All files crypted, the names are still the same, but changed extension, arena on everything and the usual request of ransom.
I was under a vpn but for my fault the door RDP was opened.
They scammed the name of my pc, founded the password (easy) and entered withoud problems. 3 hd attached, everything crypted
I wrote to the email, they asked me 0,3 bitcoin, i answered too much for my files. No more replies.
If it is of some help i can post some little file somewhere and the picture of the request.
Let me know.

#1638 cazxxx

cazxxx

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 12 October 2017 - 04:22 AM

I have successfully negotiated a ransom, received a decrypt tool, generated a request file, and received the decryption key for a Dharma 2 *.arena ransomware.  I am happy to provide all of the above along with a file pair if it could help lead to or expedite a fix for others.  Let me know if this is a worthwhile pursuit.  I feel like it was a big risk to try paying the ransom, and obviously I didn't want to incentivize those who spread these infections, but it's a relief it all worked out.

hi mbial i have encrypted files with arena ransomware. is there any solution you find? how can we do?



#1639 horaceingram

horaceingram

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 13 October 2017 - 07:41 AM

!!!!!!!!!!!!!!!!!

Every one who was encrypted with instertcoin@usa.com and paid ransom.

instertcoin@usa.com email address is locked!

email to horaceingram@mail.com for any question.

!!!!!!!!!!!!!!!!!



#1640 mbial

mbial

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 13 October 2017 - 08:14 AM

For those who refuse to read all the posts...the files I uploaded ARE NOT a universal decrypter...we still require the keys!!  They are there for someone to attempt reverse engineering or to attempt brute force method. 



#1641 Ernst678

Ernst678

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 13 October 2017 - 02:08 PM

Hope somebody will do. But i have few hopes they can find a solition

#1642 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:23 AM

Posted 14 October 2017 - 05:53 PM

A solution for all previous versions of Dharma/Crysis was never found. Victims were only helped after the criminals released the master keys.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#1643 horaceingram

horaceingram

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 18 October 2017 - 12:42 PM

!!!!!!!!!!!!!!!!!

Every one who was encrypted with emailme@italymail.com and paid ransom or need keys

emailme@italymail.com email address is locked!

email to horaceingram@mail.com for any question.

!!!!!!!!!!!!!!!!!






6 user(s) are reading this topic

0 members, 6 guests, 0 anonymous users