SensorsTechForum - How to Technology and PC Security Forum

PC Security and Protection => Malware Removal Questions and Guides => Topic started by: Piotr Mackowiak on March 13, 2018, 05:13:50 am

Title: Probably new version of Dharani/CrySiS ransomware
Post by: Piotr Mackowiak on March 13, 2018, 05:13:50 am
I got encrypted disk, and all files have a names like this:

Code: [Select]
1.jpg.id-580B7E30.[antoniosanches@cock.li].java
Looks like new version of Dharani/CrySiS ransomware. But rakhnidecryptor from Kaspersky does not recognise and can not decrypt such files. Any idea what I have to do?

If necessary I will send sample of such file via PM, because It is not possible to attach files with such extension.
Title: Re: Probably new version of Dharani/CrySiS ransomware
Post by: Execute on March 14, 2018, 03:15:56 pm
Hello Piotr,

it is indeed an updated version of the Dharma/CrySiS ransomware virus. It uses the same extension (.java) as the variant in this article:

.java Files Virus (Dharma Ransomware) – Remove and Restore Files (https://sensorstechforum.com/java-files-virus-dharma-ransomware-remove-restore-files/)

The difference is in the code and the emails given for contact - which are also used as the extension of encrypted files. That's why Rakhni Decryptor doesn't recognise them. Maybe in the future their decryptor will work, but ransomware is ever-changing and this is one of the few ones which is without known flaws in its encryption process.

Unfortunately, there is not much you can do.
You could remove the virus with a security program, reinstall your OS, backup the most important files somewhere in case a working decrypter version surfaces in the future...

Otherwise, you will just have to wait.

Best Regards,
Execute
Title: Re: Probably new version of Dharani/CrySiS ransomware
Post by: Piotr Mackowiak on March 14, 2018, 03:29:49 pm
So, we have to wait....
Title: Re: Probably new version of Dharani/CrySiS ransomware
Post by: Execute on March 15, 2018, 09:58:40 am
So, we have to wait....

Afraid so... such is the case with most ransomware viruses. The article will be updated if there is a free decryptor and we will notify you in case of any new developments revolving around the ransomware.

Kind Regards,
Execute