15.03.2018 one of my clients has been infected with a new kind of Dharma/Crysis and it seems  like there is no decryption method or application available.

Hello @BurakNuman

Actually, this looks like a copycat and more of a BTCWare or GlobeImposter variant,
much like the previous copycat which used .Wallet (a Dharma extension) :
.Wallet Files Virus Removal – Restore Data

You can try to recover files using the methods described at the end of the article or try these 2 decryptors outright:

• BTCWare Decryption Tool by BitDefender
• GlobeImposter Decryption Tool by EMSIsoft

Best Regards,
Execute

didnt work unfortunately ...

didnt work unfortunately ...

That is quite sad... they must have changed the code of the malware or this is yet another copycat that is new and uses the ransom note and interface of the ransomware viruses mentioned in this thread.

What you can try is sending 5 files to be decrypted for FREE.
If they decrypt them, keep both the encrypted and decrypted versions
of the files in case a decryption tool becomes available in the future.


I will try to keep you updated if some new information is found, but if it is indeed Dharma, only its first variant was decrypted and after that the code was changed by the cybercriminals, fixing their errors that allowed researchers to make the decryption tool...

Best Regards,
Execute