SensorsTechForum - How to Technology and PC Security Forum

PC Security and Protection => Malware Removal Questions and Guides => Topic started by: BurakNuman on March 18, 2018, 08:05:19 pm

Title: .java ransomware
Post by: BurakNuman on March 18, 2018, 08:05:19 pm
15.03.2018 one of my clients has been infected with a new kind of Dharma/Crysis and it seems  like there is no decryption method or application available.
Title: Re: .java ransomware
Post by: Execute on March 19, 2018, 10:43:33 am
Hello @BurakNuman

Actually, this looks like a copycat and more of a BTCWare or GlobeImposter variant,
much like the previous copycat which used .Wallet (a Dharma extension) :
.Wallet Files Virus Removal – Restore Data (https://sensorstechforum.com/wallet-files-virus-removal-restore-data/)

You can try to recover files using the methods described at the end of the article or try these 2 decryptors outright:

Best Regards,
Execute
Title: Re: .java ransomware
Post by: BurakNuman on March 21, 2018, 12:29:24 pm
didnt work unfortunately ...
Title: Re: .java ransomware
Post by: Execute on March 22, 2018, 09:54:45 am
didnt work unfortunately ...

That is quite sad... they must have changed the code of the malware or this is yet another copycat that is new and uses the ransom note and interface of the ransomware viruses mentioned in this thread.

What you can try is sending 5 files to be decrypted for FREE.
If they decrypt them, keep both the encrypted and decrypted versions
of the files in case a decryption tool becomes available in the future.



I will try to keep you updated if some new information is found, but if it is indeed Dharma, only its first variant was decrypted and after that the code was changed by the cybercriminals, fixing their errors that allowed researchers to make the decryption tool...

Best Regards,
Execute