One of the variants of the Crysis ransomware, Dharma is the latest in the line of high risk ransomware attacks. After it successfully infiltrates the computer, it begins to append the “.arrow”, “.java” and “.[email@example.com].wallet” extensions to each of the encrypted files. While the previous versions changed the desktop background, they would place a text file in each compromised folder containing the ransomware attack. The typical name of such documents is README.txt and Document.txt.[firstname.lastname@example.org].zzzzz.
As the name suggests, the virus has been designed to attack the user base in India. Dharma displays a short message stating that the victim has had their computer security compromised, but their security issue can be solved by making contact with the developers on their email addresses provided. One of those email addresses is email@example.com. Once the victims have been able to make contact with the developers, they are given further instructions on how they could obtain their decryption keys.
The cyber criminals claim that decrypting files without the key is impossible and make suitable ransom demands. The cost they place on each user varies, but the typical range can stretch from $500 to $1000 in bitcoins. Once the payment is made to the criminals, users should be wary that the cyber criminals might just ignore the victims.
The best practice we would advise our readers is to not make any contact with the cyber criminals or make payments to them. These only serve to encourage them to scam more victims. Currently, manually restoring the encrypted files is impossible because no tools have been designed with the specific purpose of decrypting the Dharma ransomware attack.
At present, the only solution is to restore the files and system from a backup utility, if you don’t already have a backup utility.
Some of the common pitfalls of the internet include:
- Clicking on fake download buttons and pictures.
- Clicking on fraudulent PayPal links.
- Links which contain attachments to fake e-mails and other areas of the internet.
While it is possible to remove the Dharma Ransomware virus from your system, it isn’t possible to decrypt the encrypted files without the keys.