Combo Ransomware is new reincarnation of Dharma/Cezar/Crysis Ransomware family. The successor of Arrow and Bip Ransomware. This version appends complex extension, that ends with .combo or .cmb and contains e-mail address and unique ID. Combo Ransomware encrypts all sensitive files including documents, images, videos, databases, archives, project files, etc. Windows files stay untouched for stable operation. Combo Ransomware uses AES-256 encryption, which makes the victim’s files inaccessible without decryption key. As for today, decryption is not possible, however, you can attempt to decrypt files from backups or trying file recovery software. There is also chance of decryption after using methods explained in this article.
Bip Ransomware is another successor of Dharma/Crysis Ransomware family. New variation adds complex suffix, that ends with .bip extension, to all affected files. Bip Ransomware encrypts almost all types of files, that can be valuable to users, such as documents, images, videos, databases, archives, project files, etc. It is currently unknown, what type of encryption algorithm Bip Ransomware uses, but probably it is AES. Bip Ransomware usually demands from $1000 to $2000 in BitCoins for the decryption key. However, often hackers don’t send any keys and it is not recommended to pay the ransom. As for today, the 5-th of May 2018, decryption is not possible, however, you can attempt to decrypt your files from backups or trying file recovery software.
Arrow Ransomware is new file encryption virus from Dharma/Crysis Ransomware family. Malware uses AES encryption. Unlike previous versions, it appends .arrow extension to all encrypted files. Arrow Ransomware encodes almost all types of files that can be important to users, including documents, images, videos, databases, archives. Arrow Ransomware demands from $1000 to $2000 in BitCoins for the decryption key, that they actually rarely send out. Currently, decryption is not possible, however, you can decrypt your files from backups or trying file recovery software. There is also a slight possibility, that you will decrypt your files using tips and tricks described in this article.
Dharma virus, unlike similar types of ransomware, does not change desktop background, but creates README.txt or Document.txt.[email@example.com].zzzzz files and places them in each folder with compromised files. Text files contain message stating that users have to pay the ransom using Bitcoins and amount is approximately $300-$500 depending on ransomware version. The private decryption key is stored on a remote server, and there currently impossible to break the encryption of the latest version.