Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide:    Hotspot Shield VPN review

Generic User Avatar

Dharma ransomware (<id>-<id***8 random>.[<email>].dharma) Support Topic

Started by Haleice , Nov 16 2016 03:04 PM

  • Please log in to reply
3013 replies to this topic

#3001 rodolfo2022

rodolfo2022

  • Avatar image
  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:07:07 AM

Posted 14 September 2022 - 04:15 AM

Hello. I write this in case it can help someone. My computer was infected with this ransomware in 2018. I recovered almost everything thanks to having a backup. But some photos in NEF (Nikon RAW) format of which I did not have a copy were encrypted and I could not recover them.
 
From time to time I check this forum to see if there is any tool to recover them and I never found anything until recently.
 
I thought that instead of trying to decrypt them I had to treat them as corrupted files and so I found the solution. I have managed to "recover" those photos thanks to several programs that allow extracting the BMP file that is inside the NEF file despite being encrypted. I don't know how they do it, but it works.
 
I mention this as it can be useful when trying to recover other types of encrypted files. The applications I use are PixRecovery and Stellar Photo Recovery. I only put their names because I don't want to spam. I am not the creator of those applications and I have nothing to do with them either.
 I only put a solution that allowed me to recover some photos encrypted with Dharma and maybe it can be useful to someone or it can open a new path of investigation to try to decrypt files infected by ransomware.

BC AdBot (Login to Remove)

 

#3002 soukuu

soukuu

  • Avatar image
  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:02:07 PM

Posted 03 June 2023 - 03:51 AM

Hello, I was looking for this ransomware on 5/29 and found it.
I got caught having 12 of my synology nas in raid 5 and lost 90% of my data. Unfortunately, in the process of reconstructing raid recently, snapshot was turned off, so data recovery is not possible. Is there a way yet?

Currently, the damaged data is snapshotted and the existing damaged data is deleted.


#3003 Bacardi1983

Bacardi1983

  • Avatar image
  • Members
  • 3 posts
  • OFFLINE
    •  
  • Local time:07:07 AM

Posted 20 June 2023 - 05:43 AM

There is still no decryptor right? Or another way to restore files from an arena infected harddrive?


#3004 quietman7

quietman7

    Bleepin' Gumshoe


  • Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:07 AM

Posted 20 June 2023 - 06:30 AM

That is correct...there is still no decrypter and nothing new to report that I am aware of. 


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3005 soukuu

soukuu

  • Avatar image
  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:02:07 PM

Posted 20 June 2023 - 09:38 AM

Hi, I posted here and got a message from a user. They are a team that is good at decrypting Ransomware, so they asked me to contact them through Telegram.
When I contacted them, they said that if I gave them a small image file or text file, they would decrypt it and show me what they see.
Actually they deciphered and opened normally.
However, as they are said to be decryption experts, they tried to receive the payment in full in advance, and refused bitcoin, paypal, or card payments of at least $2000. to protect their privacy
I thought they were hackers and didn't pay the bill.
Don't trust that they will definitely release the rest of the files even if you give them the full amount. Their telegram id is @Help_Ransomware, and never do anything stupid to deposit money to someone you don't trust.

#3006 quietman7

quietman7

    Bleepin' Gumshoe


  • Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:07 AM

Posted 20 June 2023 - 03:02 PM

Bleeping Computer cannot vouch for those who claim they can decrypt data or help in other ways. Please read my comments in this topic for information as to what we know about those who claim they can decrypt data (including scammers, the criminals and data recovery services). Ransomware victims should IGNORE, (not reply back, deal with or negotiate payments with) anyone who may contact them via Private Message (PM) on this forum or by email making claims they can decrypt your data
 
Who were the users who contacted you?
 
WARNING: Promoting "ransomware recovery services" at BleepingComputer is strictly prohibited and will lead to the banning of accounts and the removal of posts as noted here by the site owner (Lawrence Abrams).


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3007 soukuu

soukuu

  • Avatar image
  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:02:07 PM

Posted 21 June 2023 - 09:51 AM

i receved this message

 

soukuu,

Liam_Heyjes has sent you a new personal conversation entitled "About your virus file".

Liam_Heyjes said:


You can contact with this cyber security expert team on Youtube . They solved our all infected files recently. I believe They can help you to get your files back
Their Youtube channel: https://youtu.be/G-xDxZUm6-g


PLEASE DO NOT REPLY DIRECTLY TO THIS EMAIL!
You can reply to this personal conversation by following the link below:

https://www.bleepingcomputer.com/forums/index.php?app=members&module=messaging&section=view&do=showConversation&topicID=197536#msg430131


BleepingComputer.com


#3008 quietman7

quietman7

    Bleepin' Gumshoe


  • Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:07 AM

Posted 21 June 2023 - 10:08 AM

That member and another who was identified as doing the same thing have both been banned.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3009 PROVIDENCIAGERENTE

PROVIDENCIAGERENTE

  • Avatar image
  • Banned Spammer
  • Member rank image
  • 2 posts
  • OFFLINE
    •  
  • Local time:11:07 AM

Posted 09 July 2023 - 12:19 AM

Data on Your network was exfiltrated and encrypted.
 
Modifying encrypted files will result in permanent data loss!
 
Get in touch with us ASAP to get an offer:
1. Download and install Tor Browser from https://www.torproject.org/
2. Access User Panel at (Cut)
   THIS IS YOUR PRIVATE USER PANEL ADDRESS, DO NOT SHARE IT WITH ANYONE!
 
 
 
See also:
  
 

#3010 Pkshadow

Pkshadow

  • Avatar image
  • BC Advisor
  • 12,306 posts
  • OFFLINE
    •  
  • Gender:Not Telling
  • Location:On the Brow of the Hill, West Coast, Canada
  • Local time:09:07 PM

Posted 09 July 2023 - 01:26 AM

Hi, Please see your IT Admin


" mosquitoes really wake up everyday and choose violence "   — dalia (@_dalia7)
www.cnn.com/2020/07/23/health/mosquitoes-attraction-humans-future-wellness-scn/index.html
 

I-7 ASUS ROG Rampage II Extreme  / ASUS TUF Gaming F17 / I-7 4770K ASUS ROG Maximus VI Extreme

#3011 al1963

al1963

  • Avatar image
  • Members
  • 1,178 posts
  • OFFLINE
    •  
  • Local time:12:07 PM

Posted 10 July 2023 - 12:47 AM

Judging by the ransom note, this is BlackCat/ALPHV/.

If the device is encrypted on a corporate network, you should contact your administrator.

If you are an administrator, then you should contact the technical support of your anti-virus vendor.


#3012 quietman7

quietman7

    Bleepin' Gumshoe


  • Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:07 AM

Posted 10 July 2023 - 03:33 PM

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3013 soukuu

soukuu

  • Avatar image
  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:02:07 PM

Posted 24 February 2024 - 09:35 PM

Are there any updates on the news of this ransomware?
I am waiting for new news every day.


#3014 quietman7

quietman7

    Bleepin' Gumshoe


  • Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:07 AM

Posted 24 February 2024 - 09:39 PM

There is nothing new to report that I am aware of.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

Back to Ransomware Help & Tech Support


4 user(s) are reading this topic

0 members, 4 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Ransomware Help & Tech Support
  4. Privacy Policy
  5. Rules ·