Dharma Ransomware

What is Dharma Ransomware?

Researchers at anti-spyware-101.com have recently detected a new malicious application known as Dharma Ransomware. As can be seen, it has been placed into the category of ransomware infections. Specialists have come to a conclusion that it should be there because it also seeks to extort users’ money like other similar threats, e.g. NMoreira Ransomware, OzozaLocker Ransomware, and Lomix Ransomware. Once it enters the computer, it scans the system to find users’ personal files and then decrypts them all so that it could later ask users to send money for the special decryption tool. In other words, Dharma Ransomware damages, probably, the most important thing users keep on their systems – the personal data. The good news is that it has no intention of ruining the Windows OS. In fact, it does not encrypt files located in %WINDIR% (the system folder) and a handful of files that have a signature of the Microsoft Corporation. Evidently, Dharma Ransomware locks files just because cyber criminals behind it want your money. Users should not pay money to cyber criminals even though it is said in the ransom note of Dharma Ransomware that the only way to decrypt files is to use the decryption tool. Continue reading to find out why specialists are against sending money to cyber crooks.testtest

What does Dharma Ransomware do?

It has been found that there are two versions of Dharma Ransomware. Even though they slightly differ from each other, for example, the older version uses the [email].dharma extension, whereas the newer one (it is the focus of this article) spreading these days appends the extension [lavandos@dr.com].wallet (e.g. document.doc.[lavandos@dr.com].wallet) to locked files, they both act very similarly since their one and only goal is to encrypt files. There is no doubt that both versions of Dharma Ransomware act like this so that they could extort money from users. It has been found that none of these versions of the ransomware infection inform users about the ransom that has to be paid for the decryption tool until they write an email to the provided email address. In the case of the newer version, this email is lavandos@dr.com (or lavandos@india.com, if a response is not received within 24 hours), whereas the older version used to have several different email addresses (e.g. bitcoin143@india.com and worm01@india.com). To be frank, there is no point in contacting cyber criminals because, even though the piece of information saying that the only way to get the files back safely is to use a special decryptor can be found in the ransom note, there are no guarantees that it will be really sent to you. Of course, cyber criminals might decrypt several files for free to show users that they are capable of doing that; however, it is still unclear whether the remaining files will really be decrypted after transferring the required money.

If you do not want to risk losing your money too, you can try to recover files without the decryption tool. Unfortunately, only users having copies of their files would be able to do that. These copies cannot be inside the computer because, believe us, they have already been encrypted by Dharma Ransomware too. At the time of writing, the free third-party software for decrypting files does not exist; however, despite the fact that the AES cipher used is very strong, it might be true that the free decryption software will be released one day, so do not rush to delete those encrypted files if you do not have their copies on external storage and/or make a decision not to pay money cyber criminals demand.

Where does Dharma Ransomware come from?

Even though it is a mystery for many users how Dharma Ransomware have managed to enter their computers, it is perfectly clear for specialists at anti-spyware-101.com that users have allowed this threat to enter their systems themselves. Most probably, according to researchers, this happened when they opened an attachment from a spam email. This attachment often looks harmless, but the truth is that it is a malicious file that only pretends to be an ordinary document. Unfortunately, many users tend to open these spam emails even if they know that they might be quite dangerous, so it would not be surprising at all if Dharma Ransomware became prevalent.

How to delete Dharma Ransomware

If you have already found your files having the [lavandos@dr.com].wallet extension, your Wallpaper has been altered, and you can detect the Hallo our dear friend.txt ransom note or README.txt (only the older version leaves it) on Desktop, there is no doubt that a ransomware infection has sneaked onto your computer. Fortunately, Dharma Ransomware does not block the screen and does not apply changes to the system registry, so users should be able to get rid of it themselves. If not, an automatic malware remover, e.g. SpyHunter should be downloaded and used. Users will only need to launch the scanner to clean their systems. Do not forget that the removal of this infection does not mean that you will find your personal data decrypted!

Remove Dharma Ransomware

  1. Locate the malicious file of the ransomware infection (it will be located in the place where your downloaded files are stored, e.g. %USERPROFILE%\Downloads).
  2. Delete it.
  3. Remove the ransom note from Desktop.
  4. Empty the Recycle bin.
100% FREE spyware scan and
tested removal of Dharma Ransomware*

Leave a Comment

Enter the numbers in the box to the right *