Free decryption for Dharma ransomware

Free decryption tools now available for Dharma ransomware

An anonymous user has posted the decryption keys for the Dharma Decryptor online and its now possible that you may find free decryption for Dharma.

Dharma Ransomware

Computer users who had an infection by Dharma ransomware virus and have their files encrypted and locked onto their computers can now restore them for free.

Researchers on forums have created decryption tools for Dharma ransomware variant (2017) after someone leaked the decryption keys that could unlock the files.

Dharma Ransomware first appeared in November and is based on an older ransomware program known as Crysis family.

It’s easy to recognize files affected by it because they will have the extension: .[email_address].dharma

A free Dharma Decryption is now available and works for some Dharma Variants

On Wednesday, a user named gektar published a link to a Pastebin post on the BleepingComputer.com technical support forum.

The post, he claimed, contained the decryption keys for all Dharma variants.

Dharma ransomware (.dharma) decryptor released https://t.co/FNshmHsgOv pic.twitter.com/sIQorypOzj

— Anton Ivanov (@antonivanovm) March 2, 2017

Interestingly, the exact same thing happened back in November with the keys for Crysis, Dharma’s predecessor, allowing researchers to create decryption tools for it.

Decryption keys for the ransomware were added to the Kaspersky Lab’s Rakhni decryptor tool Thursday morning.

It’s not clear who gektar is or what his or her reasons were for leaking the Dharma keys. The username appears to have been created on the forum just for this purpose and has had no other activity since then.

The free Dharma Decryption works and Kaspersky built a free decryption tool for Dharma

There’s also no information about how the keys were obtained in the first place.

However, they were included in a C header file, which could suggest that the leaker had access to the ransomware program’s source code.

A member of the technical forum BleepingComputer.com, lightsentinelone has posted a Pastebin link which includes about 200 decryption keys.

According to BleepingComputer, the keys have been confirmed as valid.

Security researchers have used them to create Wallet Ransomware decryptor.

The good news is that the leaked keys are real, and researchers from Kaspersky Lab and ESET verified they work.

The two companies have updated their Crysis decryption tools– downloads at Kaspersky RakhniDecryptor and ESET CrysisDecryptor– to work for Dharma affected files, too.

If this works then you will have your free decryption for Dharma Ransomware.

Keep your encrypted files, solution maybe found by researchers

This should serve as a reminder to ransomware victims to keep a copy of their affected files, even if they decide not to give into attackers’ ransom demands.

Researchers sometimes find flaws in the encryption implementations of ransomware programs that allow them to break the encryption keys.

Other times law enforcement authorities seize command-and-control servers used by ransomware gangs and release the decryption keys.

From time to time, like in this case, the keys find their way online due to unexplained leaks:

Maybe a ransomware developer decides to close up shop and publish the keys, or maybe a hacker breaks into a rival gang’s servers and releases the keys to harm its operations.

The point is: Hold onto those files, for months or even years if you need to.

Other Tools for Ransomware Decryption

It’s a good idea to check the tools section of the NoMoreRansom.org website regularly.

The website is maintained by a team of security specialists and law enforcement agencies and is frequently updated with new information and decryption tools.

Dharma first appeared in November and is based on an older ransomware program known as Crysis.

It’s easy to recognize files affected by it because they will have the extension:. .[email_address].dharma

If this is your case then the free decryption for Dharma may help you recover and decrypt your files.

This should serve as a reminder to ransomware victims to keep a copy of their affected files, even if they decide not to give into attackers’ ransom demands.

Researchers sometimes find flaws in the encryption implementations of ransomware programs that allow them to break the encryption keys.

Other times law enforcement authorities seize command-and-control servers used by ransomware gangs and release the decryption keys.

What if this free decryptor for Dharma doesn’t work?

Its very probable that this tool will not work for your Dharma Encryption at all because this is a very old version and Dharma has created lots of variants.

In that case, you should contact us.