Thanks to Avast researchers, a decryption method has been updated in their CrySiS ransomware fix tool, which can now decrypt .wallet files encrypted by the 2nd iteration of Dharma ransomware, discovered in March, 2017. In case your computer has been infected by the .wallet version of Dharma ransomware, we recommend that you follow the instructions in this article. They are designed to help you (1) remove Dharma ransomware from your computer and then (2)decrypt the files using the CrySiS fix tool, created by Avast security researchers.
Dharma Ransomware – Decryption Process
Before any decryption process related to the .wallet file virus begins, recommendations are to use an advanced anti-malware tool to remove the infection and then to back-up the encrypted files by creating several copies of them on different removable drives or in the cloud.
Then, we advise you to follow these steps:
Step #1: Download “CrySiS Fix” tool from Avast’s website by clicking on the Download button below:
Make sure to save the file somewhere where you can easily find it:
Step #2: Run the program and click on the “Next” button:
Step #3: Choose the drive which you want to be scanned for encrypted files and click on “Next” once more. You can also add a folder that has important files, by clicking on the “Add Folder” button on the bottom-right:
Step #4: Now, the final step is to decrypt the files on the compromised computer by clicking on the “Decrypt” button. Bear in mind that you need to have patience, because the decryption process may take some time. Do not turn off your computer during the process.
After the decryption process is complete the files should be openable once more. Make sure the back them up on another drive. Also, to prevent such situations from happening in the future, we strongly advise you to read the following related article on how to safely store data: