What is Dharma Ransomware
Update (September 2018): In August 2018, new deviation of virus was released. This version uses email@example.com e-mail and appends .[firstname.lastname@example.org].brrr extension to encrypted files. Currently, actual decryption tools do not work.
Update (May 2018): Since first appearance of Dharma Ransomware, there were multiple updates of the virus code, some cannot be decrypted, some need custom instructions and decrypters. Here is the list of ransomwares from Dharma family described on our website: Arena Ransomware, Java Ransomware, Arrow Ransomware, Bip Ransomware, Combo Ransomware.
Update (March 2018): New version of Dharma Ransomware released in March, 2th appends new suffix to the files: .serial email@example.com_worldcza@smail.cz and this files cannot be decrypted at this time. However, .dharma and .wallet as well as .xtbl files still can be decrypted using RakhniDecryptor from Kaspersky.
Dharma Ransomware is newer version of Crysis Ransomware, extremely dangerous file-encrypting virus. Dharma uses asymmetric cryptography to block user access to personal files. It uses following extensions to modify encrypted files:
[firstname.lastname@example.org].wallet", ".[email@example.com].wallet", ".[firstname.lastname@example.org].wallet", ".[email@example.com].wallet", ".[firstname.lastname@example.org].xtbl", ".[email@example.com].dharma", ".[Mkliukang@india.com].wallet" , ".[firstname.lastname@example.org].wallet", ".[email@example.com].dharma"
Dharma virus, unlike similar types of ransomware, does not change desktop background, but creates README.txt or Document.txt.[firstname.lastname@example.org].zzzzz files and places them in each folder with compromised files. Text files contain message stating that users have to pay the ransom using Bitcoins and amount is approximately $300-$500 depending on ransomware version. The private decryption key is stored on a remote server, and there currently impossible to break the encryption of the latest version. Kaspersky and other antivirus companies are working on it, and has decryptor for older versions, described below.
How Dharma Ransomware infected your PC
Dharma Ransomware virus developers still use spam e-mails with malicious attachments for distribution. Usually, attachments are DOC or XLS documents. Such documents contain built-in macros, that runs in the background when user opens the document. This macros downloads and runs main executable with random name. Since that moment Dharma starts encryption process. Antivirus may not catch this threat and we recommend you to use HitmanPro with Cryptoguard. This program can detect encryption process and stop it to prevent the loss of your files.
Download Dharma Ransomware Removal Tool
To remove Dharma Ransomware completely we recommend you to use SpyHunter from EnigmaSoftware Group LLC. It detects and removes all files, folders and registry keys of Dharma Ransomware.
How to remove Dharma Ransomware manually
It is not recommended to remove Dharma Ransomware manually, for safer solution use Removal Tools instead.
Dharma Ransomware files:
Recovers files yako.html
Dharma Ransomware reg keys:
How to decrypt and restore .dharma, .wallet, .xtbl files
Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .dharma files. Download it here:
There is no purpose to pay the ransom, because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
If you are infected with Dharma Ransomware and removed it from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. However, there is currently no automatic decryption tool for files encrypted by Dharma. To attempt to remove them you can do the following:
Use Stellar Phoenix Data Recovery Pro to restore .brrr, .dharma or .wallet files
- Download Stellar Phoenix Data Recovery Pro.
- Select location to scan for lost files and click Scan button.
- Wait until Quick and Deep scans finish.
- Preview found files and restore them.
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there is other dates in the list choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses like Dharma Ransomware in future
1. Get special anti-ransomware software
Use Bitdefender Anti-Ransomware
Famous antivirus vendor BitDefender released free tool, that will help you with active anti-ransomware protection, as additional shield to your current protection. It will not conflict with bigger security applications. If you are searching complete internet security solution consider upgrading to full version of BitDefender Internet Security 2018.
2. Back up your files
Regardless of success of protection against ransomware threats, you can save your files using simple online backup. Cloud services are quite fast and cheap nowadays. There is more sense using online backup, than creating physical drives, that can get infected and encrypted when connected to PC or get damaged from dropping or hitting. Windows 10 and 8/8.1 users can find pre-installed OneDrive backup solution from Microsoft. It is actually one of the best backup services on the market, and has reasonable pricing plans. Users of earlier versions can get acquainted with it here. Make sure to backup and sync most important files and folders in OneDrive.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails is most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is SpamFighter. It works with various desktop applications, and provides very high level of anti-spam protection.