Kaspersky, ESET, Avast release Dharma ransomware decryptors

Master keys for the Crysis variant were released to BleepingComputer. Kaspersky Labs' updated its RakhniDecryptor with the keys, which can be used to decrypt infected files without paying the ransom.
By Jessica Davis
01:27 PM

The master keys for the ransomware strain Dharma – a Crysis variant – were released on the security website BleepingComputer on March 1.

Kaspersky Labs tested the keys to determine their legitimacy, Kaspersky Labs' ThreatPost reported. These keys were added to Kaspersky's Rakhni decryptor tool on Thursday, which means users can decrypt files locked with Dharma ransomware without paying hackers.

The tool is available on the No More Ransom campaign site, which is run by Europol, Dutch National Police, Intel and Kaspersky Labs. The decryptor can also be used on Crysis, Chimera and Rakhni ransomware.

Security firms ESET and Avast soon after released its own version of Dharma decryptors.

Victims of Dharma ransomware will notice the added .dharma extension to encrypted files. The virus first appeared in the wild in November 2016, and researchers found Dharma and Crysis to have similar characteristics. Crysis was decrypted in November, with its keys similarly posted on the BleepingComputer forum.

Users can decrypt files by first downloading Kaspersky's RakhniDecrytor from the No More Ransom site, and once running, the program will prompt next steps.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.