New Dharma v2 Ransomware – Remove and Restore [lavandos@dr.com] Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

New Dharma v2 Ransomware – Remove and Restore [[email protected]] Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Dharma and other threats.
Threats such as Dharma may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

dharma-v2-ransomware-sensorstechforum-ransom-noteA ransomware virus, carrying the name Dharma which means righteousness in Indian, has been released in a new variant. The second version of the virus is reported to be even more dangerous than it’s first iteration, encrypting files in a very cunning way enough to render them no longer openable and adding the [email protected] file extension. The v2 Dharma is also more focused on encrypting PE types of files as well. Since the new Dharma gives a deadline of 72 hours, users are often advised not to pay any ransom in BitCoin requested by the crooks at [email protected] Instead, we recommend reading this article to get familiar with the second version of Dharma ransomware and learn alternative ways to remove the virus files and restore your data.

Threat Summary

Name

Dharma

TypeRansomware
Short DescriptionDharma encrypts user files and leaves as contact e-mail addresses to contact the criminals behind it and pay the ransom fee.
SymptomsChanges file extension of encrypted files to [[email protected]]. Changes wallpaper to one with ransom instructions that have the backup ransom e-mail – [email protected]
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Dharma

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Dharma.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Dharma Ransomware – How Did I Get Infected

This particular type of ransomware virus is very cunning in it’s methods of spreading, primarily because it uses heavy obfuscation for the infection malware. Proof of this is the fact that during the first detections, VirusTotal reports that only 7 of 56 Antivirus programs have managed to detect it:

new-dharma-ransomware-infection-files-sensorstechforum

This means that the cyber-criminals have most likely utilized a combination of different tools to conceal the malicious file of Dharma on entering the computer. Such tools may be file joiners to combine the files, distribution malware, like a Trojan.Dropper and an exploit kit. But bear in mind that JavaScript may also be used in an attack conducted by Dharma ransomware as well.

The most conventional methods of distributing such malicious files/scrips are either via malicious web links or files. Therefore, the malicious files exhibited with Dharma ransomware may be slithered in every way possible into your computer which supports those two objects. One method may be the sending of fake phishing e-mails which contain a malicious attachment causing the infection or a URL, while other more unconventional methods may involve torrents, social media and even chat services.

More about Dharma Ransomware

The Dharma virus is very particular in what it does after an infection takes place. Initially, it may make sure that it shuts down all of the processes related to any security software or Windows defense that may stop the encryption from happening. This includes injection scripts in important Windows processes, like sysdm.cpl or svchost.exe. Then the new Dharma ransomware may delete any backups on the encrypted computer, such as backups related to shadow volume copies, if file history is enabled on the compromised computer.

But Dharma ransomware may also have other defensive features as well. One of those features may be to shut down or self-delete if the virus is run in a virtual environment.

To encrypt user files, Dharma ransomware is going to look for files that are often opened and used, like documents, databases, pictures, videos, music and other types of files. Then it may append either RSA or AES or a combination of both of those or other weaker ciphers to render encrypted files no longer able to be opened. The virus also adds it’s distinctive e-mail as a file extension to the encrypted files:

dharma-v2-ransomware-sensorstechforum-ransom-note

dharma-v2-ransomware-encrypted-file-sensorstechforum

After the encryption is complete, the virus changes the wallpaper of the encrypted computer, which allows Dharma to notify the user to contact the e-mail of the cyber-criminals for further instructions/negotiations. The ransom note on the wallpaper has the following instructive message, calling the user a friend:

→ “//hallo, our dear friend!
//looks like you have some troubles with your security.
//all your files are now encrypted.
//using third-party recovering software will corrupt your data.
//you have only one way to get them back safely – using our decryption tool.
//to get original decryption tool contact us with email. In subject like write your ID, which you can find in name of every crypted file, also attach to email 3 crypted files.
[email protected]
//it is in your interest to respond as soon as pissible to ensure the restoration of your files, because we won’t keep your decryption keys at our servers more than 72 hours in interest of our security.
//P.S. only in case you don’t receive a response from the first email address within 24 hours, please use this alternative email address.
[email protected]

Even though the ransom note in the wallpaper set by Dharma is “motivating”, experts advise users not to give in to the fear and not discuss anything with the crooks. Instead, it is recommended to remove Dharma and focus on restoring your files using alternative methods.

Remove Dharma Ransomware and Restore Enciphered Files

To delete Dharma completely and effectively, you may want to follow the universal removal instructions for ransomware below. However, if you believe that Dharma ransomware’s removal is difficult to perform manually, experts recommend that the best way to perform the removal is by downloading and installing an advanced anti-malware scanner on the compromised computer to perform the removal automatically.

Whatever the case may be, after the removal of the new Dharma virus, we suggest that you focus on backing up the files that have been encrypted for when a decryptor is released. Not only this, but we also advise that you try some alternative methods to restore the files, like the ones we mentioned in step “2. Restore Files Encrypted by Dharma” below. They have not yet been tested on Dharma, and this is why we advise that you create copies of the encrypted files if you attempt them.

Note! Your computer system may be affected by Dharma and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Dharma.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Dharma follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Dharma files and objects
2. Find files created by Dharma on your PC

IMPORTANT!
Before starting the Automatic Removal below, please boot back into Normal mode, in case you are currently in Safe Mode.
This will enable you to install and use SpyHunter 5 successfully.

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Dharma

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...