Some user posted online the alleged master decryption keys for the Dharma Ransomware. After testing the keys, Kaspersky has included them in its RakhniDecryptor.
Kaspersky Decryptor For Dharma Ransomware
According to Computerworld, the Dharma ransomware first appeared in November. The malicious code is based on an older program known as Crysis. Files affected by Dharma are easy to recognize.
According to Bleeping Computer, on Wednesday, Mar. 1, a user named gektar leaked the master decryption keys for Dharma ransomware on a link to a Pastebin post on the BleepingComputer.com forums. For those who still have files encrypted by the Dharma ransomware, they can now decrypt the files for free. Another decryptor that supports the Dharma Ransomware has also been released by ESET.
It's not clear who gektar is and why he or she leaked the Dharma keys. The username has had no other activity since leaking the keys and appears to have been created on the forum just for this purpose. It is also unclear how the information about the keys was obtained.
How To Decrypt Files
Files encrypted by the Dharma ransomware are renamed to the format of [filename].[email_address].dharma. In order to decrypt files encrypted by the Dharma ransomware, users have to first download the RakhniDecryptor. Once downloaded, the program files should be extracted and then run on the computer. The program, once running, will display its main screen.
Before starting, users have to make sure that they are using version 220.127.116.11 that supports the Dharma ransomware. In order to check the version of the RakhniDecryptor, users can click at the bottom left of the main screen, on the About link. A small window will be displayed, showing the version of the RakhniDecryptor program.
In order to decrypt files, users should click on the Start scan button. The RakhniDecryptor program will then prompt users to select an encrypted file. Once a file is selected, users should click on the Open button and RakhniDecryptor will scan the entire computer and decrypt files.