Jump to content

New Dharma encryption?


WNDKK
 Share

Recommended Posts

I have encrypted files with the ending [amagnus00@gmx.org].wallet, is this a new version of the Dharma encrypter? Neither the Eset decrypter nor the RakhniDecrypter helped.
Attached is a .lnk file from the infected computer.
Is there something I can do?
Thank you.

[amagnus00@gmx.com].wallet.zip

Edited by WNDKK
typo
Link to comment
Share on other sites

  • Administrators

Unfortunately, files encrypted by Filecoder.Crysis cannot be decrypted. Did you have ESET installed and all protection features enabled? If so, what product version it was?

Link to comment
Share on other sites

  • Administrators

Do you use the server for browsing the web or reading email? Couldn't it be that files got encrypted in shared folders from an infected workstation? Do you have Endpoint v6 installed on all workstations and LiveGrid is enabled also in EFSW?

Link to comment
Share on other sites

Workstations are running macOS and the purpose of the server was running a Windows only program needed to be accessed by all employees via intern RDP. By company regulations, users aren't allowed to check emails or browse the web while connected to the server, but that probably is what happened anyhow.

Link to comment
Share on other sites

  • Administrators

Not really. As you can see, Filecoder.Crysis is often run by an attacker who connects to a computer (often a server) via RDP:

https://www.bleepingcomputer.com/news/security/number-of-rdp-brute-force-attacks-spreading-crysis-ransomware-doubles-in-6-months/

Protecting ESET's settings with a password would prevent the attacker from disabling or uninstalling ESET, however, it's crucial to secure RDP in the first place.

Link to comment
Share on other sites

It's a new Wallet ransomware strain https://malwareless.com/remove-wallet-ransomware-virus/ 

You should upload an encrypted file to https://www.nomoreransom.org/crypto-sheriff.php and try to find a decryption tool. However, as I know there is still no decryption solution for this type of ransomware. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...