Dharma Ransomware

Hi, my pc have been infected with a dharma ransomware. Despite that i have installed fsecure SAFE, all my files have been encrypted adding a ".bip" extension. Have F-Secure any decryptor tool  to get my files back???  Does anybody knows if i can restore my files. I don't have any backup because my external disk was connected at the time the ransomware enter to my pc, and all my backup are infected too.

 

Regards

Comments

  • LakshLaksh Posts: 4,432 Community Manager

    Hi Galo,

     

    We have the detection for the latest versions of Dharma ransomware. So, the ransomware should have been blocked by our products at the initial execution.

     

    It is not possible to decrypt the files once it has been encrypted by the ransomware. The only course of action we can recommend is to restore the affected files from a clean backup. Please find more information about it here.

     

    However, since you mention that the ransomware is not blocked, You can submit the potential sample files and also send the diagnostic report from the affected machine for troubleshooting here.  What we can do is, perform an analysis of the malware to ensure that your F-Secure product can protect against any future contact with it.

  • mcerdemmcerdem Posts: 5

    hi, i can help for recovery of arrow, java, arena, cezar and bip extension files, but please note that my service is not free (please contact me by mcerdem82 [at] yahoo com)

  • mcerdemmcerdem Posts: 5
    hi, i can help for recovery of arrow, java, arena, cezar and bip extension files, but please note that my service is not free (please contact me by mcerdem82 [at] yahoo com)
  • gisot1gisot1 Posts: 3

    sky has a decrypting tool for Dharma Ransomware .. try it .. here is the link:

    http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.zip

    Ukko
  • GaloGalo Posts: 2

    i already tried that, i got "unsupported encrypted file" message. Thks.

  • I also have the problem. The only difference is - all my files got encrypted and have '.combo' extension. After long search on the web, I've found out, that there is no decryptor for it. With no other choice I wrote to email, and since data on server was important, decided to pay. We dealed on 0.8 btc, and I paid on my own risk.
    Guys have send me the decryptor right after transaction approved, and they've seen it.
    If your data is important I advice you to pay. Do not use other decryptors - they've destroyed my test files
  • please send me 3-4 sample encrypted files in order to check (m c e r d e m 8 2 [at] yahoo com)

  • Please send me 3-4 encrypted files for test (PDF, XLS, DOC or JPG).
  • hi, i can help you, please send me pm.

This discussion has been closed.