I have a client that has gotten a new variant of possibly the dharma, amnesia or Globe3 ransomware but I could be wrong. I tried the ESET and Kaspersky dharam decryptors but they did not work. I have not tried the amnesia or Globe3 descriptors yet as I still have to find an original file. If any one has any more information on this variant it would be greatly appreciated. Below is a sample of the file names and text document.
Text File (HOW TO RECOVER ENCRYPTED FILES.txt)
==================================================================================================== All your files have been encrypted! Your personal identifier [REMOVED] All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail: firstname.lastname@example.org You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. If you can't contact us by mail:email@example.com You can write to us on this mail: firstname.lastname@example.org Free decryption as guarantee Before paying you can send to us up to 3 files for free decryption. Please note that files must NOT contain valuable information and their total size must be less than 10Mb. How to obtain Bitcoins The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here:: http://www.coindesk.com/information/how-can-i-buy-bitcoins Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Decoders of other users are incompatible with your data, as each user has a unique encryption key ====================================================================================================