Dharma Ransomware

Galo
Galo Posts: 2 New Member

Hi, my pc have been infected with a dharma ransomware. Despite that i have installed fsecure SAFE, all my files have been encrypted adding a ".bip" extension. Have F-Secure any decryptor tool  to get my files back???  Does anybody knows if i can restore my files. I don't have any backup because my external disk was connected at the time the ransomware enter to my pc, and all my backup are infected too.

 

Regards

Comments

  • Hi Galo,

     

    We have the detection for the latest versions of Dharma ransomware. So, the ransomware should have been blocked by our products at the initial execution.

     

    It is not possible to decrypt the files once it has been encrypted by the ransomware. The only course of action we can recommend is to restore the affected files from a clean backup. Please find more information about it here.

     

    However, since you mention that the ransomware is not blocked, You can submit the potential sample files and also send the diagnostic report from the affected machine for troubleshooting here.  What we can do is, perform an analysis of the malware to ensure that your F-Secure product can protect against any future contact with it.

  • mcerdem
    mcerdem Posts: 5 New Member

    hi, i can help for recovery of arrow, java, arena, cezar and bip extension files, but please note that my service is not free (please contact me by mcerdem82 [at] yahoo com)

  • mcerdem
    mcerdem Posts: 5 New Member
    hi, i can help for recovery of arrow, java, arena, cezar and bip extension files, but please note that my service is not free (please contact me by mcerdem82 [at] yahoo com)
  • gisot1
    gisot1 Posts: 3 Observer

    sky has a decrypting tool for Dharma Ransomware .. try it .. here is the link:

    http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.zip

  • Galo
    Galo Posts: 2 New Member

    i already tried that, i got "unsupported encrypted file" message. Thks.

  • hercules_puaro
    hercules_puaro Posts: 1 New Member
    I also have the problem. The only difference is - all my files got encrypted and have '.combo' extension. After long search on the web, I've found out, that there is no decryptor for it. With no other choice I wrote to email, and since data on server was important, decided to pay. We dealed on 0.8 btc, and I paid on my own risk.
    Guys have send me the decryptor right after transaction approved, and they've seen it.
    If your data is important I advice you to pay. Do not use other decryptors - they've destroyed my test files
  • mcerdem
    mcerdem Posts: 5 New Member

    please send me 3-4 sample encrypted files in order to check (m c e r d e m 8 2 [at] yahoo com)

  • mcerdem
    mcerdem Posts: 5 New Member
    Please send me 3-4 encrypted files for test (PDF, XLS, DOC or JPG).
  • mcerdem
    mcerdem Posts: 5 New Member

    hi, i can help you, please send me pm.

This discussion has been closed.
Pricing & Product Info