You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

*

Didopan

  • *
  • 1
  • +0/-0
      • View Profile
Dharma .Jack ransomware - recovery or payment
« on: May 21, 2019, 05:16:31 pm »
Hello guys, I have a client infected with that .jack version of dharma ransomware. We have tried almost everything except payment. No Shadow copy, no file recovery as these are VMs with shared drive, free tools don't work, paid recovery data companies stated they cannot do anything. We don't have backup only from one server and we need only 3 files out of it. Should we consider payment to the bad actors? Do you reckon they can and will recover the files? Or no honour amongst thieves? Any advice is welcome!

*

Execute

  • *****
  • 388
  • +55/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: Dharma .Jack ransomware - recovery or payment
« Reply #1 on: May 23, 2019, 05:50:17 pm »
Hello guys, I have a client infected with that .jack version of dharma ransomware. We have tried almost everything except payment. No Shadow copy, no file recovery as these are VMs with shared drive, free tools don't work, paid recovery data companies stated they cannot do anything. We don't have backup only from one server and we need only 3 files out of it. Should we consider payment to the bad actors? Do you reckon they can and will recover the files? Or no honour amongst thieves? Any advice is welcome!

Hello. This is one of the newer ransomware viruses.
There is no decryption tool available at this time, so best you can do is remove the virus,
do a backup of important files, re-install the system and hope for a decryption tool.

Some Dharma variants that still have no decryption tool made for them date back over more than 1 year, so chances are slim and hope is fading away for a decryptor. Paying the thieves is last resort, but we advise against it. You could be targetted again and get your computer systems infected again. Even if they contact you back, their decryption tool might not work.

As for criminals keeping their word - some of them do, some of them don't and some act as what their mood is.
Very unfortunate, but unless there is a lot of money involved (business) we advise against paying.
If data recovery companies cannot help you, then currently there isn't really a way to get your files restored that way.

Kind Regards,
Execute