Out of the blue, someone posted in the BleepingComputer.com forums the supposed master decryption keys for the Dharma Ransomware. This post was created at 1:42 PM EST by a member named gektar in the Dharma Ransomware Support Topic and contained a Pastebin link to a C header file that supposedly contains these master decryption keys.

BleepingComputer.com post about Dharma Keys being Released
BleepingComputer.com post about Dharma Keys being Released

If these keys are the valid then anyone who was previously infected by Dharma will be able to get their files back for free. At this point, it is not known whether the released keys are actually valid. They have been provided to Kaspersky who is examining them, and if they are valid, will release a decryptor.

With that said, there is a good chance that the keys are valid. This is because the keys for Crysis, on which Dharma is based, were released in the same manner on our forums in the past. Using these keys Kaspersky was able to update their ransomware decryptor to help Crysis victims for free.

As for the poster, it is not known why they released the keys and whether or not they are affiliated with the ransomware.

Header file posted to Pastebin
Header file posted to Pastebin

When Kaspersky verifies if the keys are valid, we will be sure to post an article on how to use their decryptor to get victim's files back for free.

Related Articles:

New Bip Dharma Ransomware Variant Released

The Week in Ransomware - May 25th 2018 - Crypton and Small Variants

CryptON Ransomware Installed Using Hacked Remote Desktop Services

The Week in Ransomware - May 18th 2018 - Mostly Small Variants

Police Dept Loses 10 Months of Work to Ransomware. Gets Infected a Second Time!