What is Dharma Ransomware[mks_toggle title=”Show updates” state=”close”]
Update (June 2019): Following new extensions were used by Dharma Ransomware in June 2019: .PLUT, .hccapx, .0day, .HACK, .harma, .YG, .zoh, .kjh,.BSC.
Update (May 2019): New infection spurt with Dharma Ransomware, these extensions are appended: .good, .qbx, .TOR13, .MERS, .[firstname.lastname@example.org], .wal, .bat, .qbix, .[email@example.com], .aa1, .qbtex, .jack, .drweb, .yG, .PLUT, .DDOS, .cry, .4k.
Update (April 2019): New extensions, that Dharma Ransomware appended in April 2019: .[firstname.lastname@example.org], .LDPR, .ms13, .[email@example.com], .carcn, .btix, .gate.
Update (March 2019): Extensions, used by Dharma in March 2019: .korea, .plomb, .NWA, .azero, .bk666, .stun.
Update (February 2019): Dharma Ransomware continues its activity in 2019. Here are new extensions appeared in February, 2019: .AYE, .888, .air, .amber, .frend, .KARLS, .aqva.
Update (January 2019): Dharma Ransomware continues its activity in 2019. Here are new extensions appeared in January, 2019: .gif, .wallet, .auf, .btc, .usa, .xwx, .best, .heets, .qwex, .ETH.
Update (December 2018): Following extensions appeared in December, 2018: .bkpx, .santa, .like, .bizer, .adobe.
Update (November 2018): Dharma Ransomware variations with new extensions appear every week. Malefactors demand enormous ransom amounts: from $5000 to $30000 in BitCoins. Extensions appeared in November, 2018: .war, .risk, .myjob, .fire, .Bear, .back, .tron, .AUDIT, .cccmn, .adobe.
Update (October 2018): Dharma Ransomware versions with new suffixes released. Malefactors extort huge ransom amounts: from $5000 to $15000 in BitCoins. Extensions appeared in October, 2018: .xxxxx, .like, .lock, .gdb, .FUNNY, .vanss, .betta, .gamma, .combo, .waifu, .bgtx, .btc.
Update (September 2018): Dharma Ransomware versions with new suffixes released. Malefactors extort huge ransom amounts: from $5000 to $10000 in BitCoins. Extensions appeared in September, 2018: .boost, .combo, .bkp, .monro, .gamma, .brrr, .bip.
Dharma Ransomware is newer version of Crysis Ransomware, extremely dangerous file-encrypting virus. Dharma uses asymmetric cryptography to block user access to personal files. It uses following extensions to modify encrypted files:
Dharma virus, unlike similar types of ransomware, does not change desktop background, but creates README.txt or Document.txt.[firstname.lastname@example.org].zzzzz files and places them in each folder with compromised files. Text files contain message stating that users have to pay the ransom using Bitcoins and amount is approximately $300-$500 depending on ransomware version. The private decryption key is stored on a remote server, and there is currently impossible to break the encryption of the latest version. Kaspersky and other antivirus companies are working on it, and has decryptor for older versions, described below.
How Dharma Ransomware infected your PC
Dharma Ransomware virus developers still use spam e-mails with malicious attachments for distribution. Usually, attachments are DOC or XLS documents. Such documents contain built-in macros, that runs in the background when user opens the document. This macros downloads and runs main executable with random name. Since that moment Dharma starts encryption process. Antivirus may not catch this threat and we recommend you to use HitmanPro with Cryptoguard. This program can detect encryption process and stop it to prevent the loss of your files.
Download Dharma Ransomware Removal Tool
To remove Dharma Ransomware completely we recommend you to use WiperSoft AntiSpyware from Wipersoft. It detects and removes all files, folders and registry keys of Dharma Ransomware.
How to remove Dharma Ransomware manually
It is not recommended to remove Dharma Ransomware manually, for safer solution use Removal Tools instead.
Dharma Ransomware files:
Recovers files yako.html
Dharma Ransomware reg keys:
How to decrypt and restore .adobe, .com, .bat or .btc files
Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .adobe, .com, .bat or .btc files. Download it here:
There is no purpose to pay the ransom, because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
If you are infected with Dharma Ransomware and removed it from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. However, there is currently no automatic decryption tool for files encrypted by Dharma. To attempt to remove them you can do the following:
Use Stellar Data Recovery Professional to restore .adobe, .com, .bat or .btc files
- Download Stellar Data Recovery Professional.
- Click Recover Data button.
- Select type of files you want to restore and click Next button.
- Choose location where you would like to restore files from and click Scan button.
- Preview found files, choose ones you will restore and click Recover.
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses like Dharma Ransomware in future
1. Get special anti-ransomware software
Use Bitdefender Anti-Ransomware
Famous antivirus vendor BitDefender released free tool, that will help you with active anti-ransomware protection, as additional shield to your current protection. It will not conflict with bigger security applications. If you are searching complete internet security solution consider upgrading to full version of BitDefender Internet Security 2018.
2. Back up your files
Regardless of success of protection against ransomware threats, you can save your files using simple online backup. Cloud services are quite fast and cheap nowadays. There is more sense using online backup, than creating physical drives, that can get infected and encrypted when connected to PC or get damaged from dropping or hitting. Windows 10 and 8/8.1 users can find pre-installed OneDrive backup solution from Microsoft. It is actually one of the best backup services on the market, and has reasonable pricing plans. Users of earlier versions can get acquainted with it here. Make sure to backup and sync most important files and folders in OneDrive.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails is most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications, and provides very high level of anti-spam protection.