"One of my servers got hit, I'm not sure if it's a new Dharma variant or not - it doesn't seem to follow the typical file renaming scheme - As an example, "DHCM.png" became "DHCMpng.java".
It drops "Decrypt Instructions.txt" everywhere, which contains the following one line: "All of your files are encrypted, to decrypt them write us to email: firstname.lastname@example.org"
I've run multiple encrypted files through ID Ransomware, and it can't determine what it is. Got the following case #: Please reference this case SHA1: 2068d5bb3525669363924cec1aedb2731693900a
I've tried running Kaspersky's Rakhni decryptor on it, no luck.
Any confirmation that it's Dharma (or something else) would be most appreciated. Thank you so much.