Out of the blue, someone posted in the BleepingComputer.com forums the supposed master decryption keys for the Dharma Ransomware. This post was created at 1:42 PM EST by a member named gektar in the Dharma Ransomware Support Topic and contained a Pastebin link to a C header file that supposedly contains these master decryption keys.

BleepingComputer.com post about Dharma Keys being Released
BleepingComputer.com post about Dharma Keys being Released

If these keys are the valid then anyone who was previously infected by Dharma will be able to get their files back for free. At this point, it is not known whether the released keys are actually valid. They have been provided to Kaspersky who is examining them, and if they are valid, will release a decryptor.

With that said, there is a good chance that the keys are valid. This is because the keys for Crysis, on which Dharma is based, were released in the same manner on our forums in the past. Using these keys Kaspersky was able to update their ransomware decryptor to help Crysis victims for free.

As for the poster, it is not known why they released the keys and whether or not they are affiliated with the ransomware.

Header file posted to Pastebin
Header file posted to Pastebin

When Kaspersky verifies if the keys are valid, we will be sure to post an article on how to use their decryptor to get victim's files back for free.

Related Articles:

Company Pretends to Decrypt Ransomware But Just Pays Ransom

The Week in Ransomware - December 7th 2018 - WeChat Ransomware, Scammers, & More

The Week in Ransomware - November 30th 2018 - Indictments, Sanctions, & More

The Week in Ransomware - November 23rd 2018 - STOP, Dharma, and More

The Week in Ransomware - November 9th 2018 - Mostly Dharma Variants