Dharma Ransomware
Hi, my pc have been infected with a dharma ransomware. Despite that i have installed fsecure SAFE, all my files have been encrypted adding a ".bip" extension. Have F-Secure any decryptor tool to get my files back??? Does anybody knows if i can restore my files. I don't have any backup because my external disk was connected at the time the ransomware enter to my pc, and all my backup are infected too.
Regards
Comments
-
Hi Galo,
We have the detection for the latest versions of Dharma ransomware. So, the ransomware should have been blocked by our products at the initial execution.
It is not possible to decrypt the files once it has been encrypted by the ransomware. The only course of action we can recommend is to restore the affected files from a clean backup. Please find more information about it here.
However, since you mention that the ransomware is not blocked, You can submit the potential sample files and also send the diagnostic report from the affected machine for troubleshooting here. What we can do is, perform an analysis of the malware to ensure that your F-Secure product can protect against any future contact with it.
-
sky has a decrypting tool for Dharma Ransomware .. try it .. here is the link:
http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.zip
-
I also have the problem. The only difference is - all my files got encrypted and have '.combo' extension. After long search on the web, I've found out, that there is no decryptor for it. With no other choice I wrote to email, and since data on server was important, decided to pay. We dealed on 0.8 btc, and I paid on my own risk.Guys have send me the decryptor right after transaction approved, and they've seen it.If your data is important I advice you to pay. Do not use other decryptors - they've destroyed my test files