You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

*

BurakNuman

  • *
  • 2
  • +1/-0
      • View Profile
.java ransomware
« on: March 18, 2018, 08:05:19 pm »
15.03.2018 one of my clients has been infected with a new kind of Dharma/Crysis and it seems  like there is no decryption method or application available.
« Last Edit: May 25, 2018, 11:07:39 am by sensadmin »

*

Execute

  • *****
  • 276
  • +46/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: .java ransomware
« Reply #1 on: March 19, 2018, 10:43:33 am »
Hello @BurakNuman

Actually, this looks like a copycat and more of a BTCWare or GlobeImposter variant,
much like the previous copycat which used .Wallet (a Dharma extension) :
.Wallet Files Virus Removal – Restore Data

You can try to recover files using the methods described at the end of the article or try these 2 decryptors outright:

Best Regards,
Execute

*

BurakNuman

  • *
  • 2
  • +1/-0
      • View Profile
Re: .java ransomware
« Reply #2 on: March 21, 2018, 12:29:24 pm »
didnt work unfortunately ...
« Last Edit: May 25, 2018, 11:07:56 am by sensadmin »

*

Execute

  • *****
  • 276
  • +46/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: .java ransomware
« Reply #3 on: March 22, 2018, 09:54:45 am »
didnt work unfortunately ...

That is quite sad... they must have changed the code of the malware or this is yet another copycat that is new and uses the ransom note and interface of the ransomware viruses mentioned in this thread.

What you can try is sending 5 files to be decrypted for FREE.
If they decrypt them, keep both the encrypted and decrypted versions
of the files in case a decryption tool becomes available in the future.



I will try to keep you updated if some new information is found, but if it is indeed Dharma, only its first variant was decrypted and after that the code was changed by the cybercriminals, fixing their errors that allowed researchers to make the decryption tool...

Best Regards,
Execute
« Last Edit: March 22, 2018, 10:05:11 am by Execute »