Kaspersky, ESET, Avast release Dharma ransomware decryptors
The master keys for the ransomware strain Dharma – a Crysis variant – were released on the security website BleepingComputer on March 1.
Kaspersky Labs tested the keys to determine their legitimacy, Kaspersky Labs' ThreatPost reported. These keys were added to Kaspersky's Rakhni decryptor tool on Thursday, which means users can decrypt files locked with Dharma ransomware without paying hackers.
The tool is available on the No More Ransom campaign site, which is run by Europol, Dutch National Police, Intel and Kaspersky Labs. The decryptor can also be used on Crysis, Chimera and Rakhni ransomware.
Security firms ESET and Avast soon after released its own version of Dharma decryptors.
Victims of Dharma ransomware will notice the added .dharma extension to encrypted files. The virus first appeared in the wild in November 2016, and researchers found Dharma and Crysis to have similar characteristics. Crysis was decrypted in November, with its keys similarly posted on the BleepingComputer forum.
Users can decrypt files by first downloading Kaspersky's RakhniDecrytor from the No More Ransom site, and once running, the program will prompt next steps.
Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com
