Become a fighter against malware and join the forum at SensorsTech!  The SensorsTech’s forum is the place where you can solve your PC issues and educate yourself about malware. You are welcome to discuss various security topics with our professional team and other users like you! To unlock all features of the forums, you have to create an account. Otherwise, you can only browse the topics without taking part in the discussions. To leave a comment or ask your questions, read our Registration Agreement and create your free account here.

*

Execute

  • *****
  • 257
  • +44/-0
  • Your friendly neighbourhood IT guy
      • View Profile
New Dharma Ransomware known as .Arena Files Virus
« on: August 29, 2017, 02:09:08 pm »
A new strain of the Dharma Ransomware has been spreading recently.
Many users report it as the ".Arena Files Virus" due to the fact that
it encrypts files and leaves them with the extension .arena.

The ransom note is located in a file called "FILES ENCRYPTED.txt".

You can read more information about the ".Arena Files Virus" from here:
.Arena Files Virus (Dharma Ransomware) – Remove and Restore

Re: New Dharma Ransomware known as .Arena Files Virus
« Reply #1 on: September 16, 2017, 12:13:20 am »
Hi, I am the victim of the .arena Dharma Virus. I managed to follow the link you provided which was very helpful but now i am struggling with getting the tool to decrypt the files. The sample file format look like this  : filename-id-6C181F4A.[[email protected]].arena

I tried using Kaspersky RakhniDecryptor but iss seems it does not support the .arena extension even though it shows the following on the download description " Decrypts files affected by Rakhni, Agent.iih, Aura, Autoit, Pletor, Rotor, Lamer, Cryptokluchen, Lortok, Democry, Bitman
(TeslaCrypt) version 3 and 4, Chimera, Crysis (versions 2 and 3). Latest updates: decrypts Dharma ransomware.

I will appreciate assistance.

*

Execute

  • *****
  • 257
  • +44/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: New Dharma Ransomware known as .Arena Files Virus
« Reply #2 on: September 19, 2017, 02:05:41 pm »
Hello @Cyprian Makhafola.

I have researched the matter and it seems that Kaspersky's decryption tool doesn't work with newer versions of the Dharma ransomware, which is unfortunate. Keep checking their page, if they release an update, but it seems that this won't happen soon as the newer variants of the virus don't have flaws as the first version and might not get decrypted. The article and this topic will be updated if a decryptor is released.

Kind Regards,
Execute

*

faxmodem

  • *
  • 1
  • +0/-0
      • View Profile
Re: New Dharma Ransomware known as .Arena Files Virus
« Reply #3 on: November 26, 2017, 06:01:41 pm »
All my files have been renamed to .arena and .nemesis Is there a way to restore files to the original state?

*

Execute

  • *****
  • 257
  • +44/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: New Dharma Ransomware known as .Arena Files Virus
« Reply #4 on: November 27, 2017, 05:58:18 pm »
All my files have been renamed to .arena and .nemesis Is there a way to restore files to the original state?

Hello, @faxmodem.
First of all, I have moved your question to the appropriate topic (so there is no confusion).
Second, it seems there is currently no solution to the Dharma (.arena files) ransomware.
Third, Nemesis has been spotted to roam around the Internet with new variants - do you mind sharing if there is a ransom note (or a ransom note picture) with it? With that there might be more to go on, although I believe previous variants of Nemesis were not decryptable.

Here is an article about Nemesis and its first variant: Remove Nemesis Ransomware and Restore Encrypted Files

See if it's of help and provide more information to try and help you!

Kind Regards,
Execute