It is not the first time developers of a popular ransomware strain suddenly throw in the towel. Various types of ransomware have had their master encryption key released to the public once their popularity starts to wane. The latest to do so is Dharma, and any victims of this malicious software can now have their files decrypted free of charge. A positive development, to say the least.
Dharma Ransomware Is No Longer A Threat
It is always a bit of a mystery as to why malware developers would provide the tools necessary to decrypt locked files free of charge. In the case of Dharma ransomware, very few people will be concerned as to what the reason behind this sudden decision may be, as they can now decrypt their files without paying the bitcoin ransom. The master encryption key for Dharma can now be found in Kaspersky Lab’s RakhniDecryptor tool.
It is always good to see the number of ransomware threats decline. Considering how crypto ransomware has become the new threat in the malware sector these days, a lot of consumers and enterprises are concerned about the dangers these tools present. Dharma is no longer a threat, but that doesn’t mean ransomware is no longer an issue affecting enterprises and regular users all over the world.
To put this news into perspective, it was only a matter of time until the Dharma decryption key would be made public. A post appeared on the Bleeping Computer forum claiming to contain the decryption keys for Dharma ransomware. Although it took security researchers some time to determine the validity of this claim, it later turned out to be genuine information. No one knows the identity of the person responsible for posting the keys or what their motive may have been.
One thing very few people seem to be aware of is how Dharma is based on the once-popular Crysis ransomware strain. Criminals often take existing malware code and copy certain aspects of it. Once the developers make some minor modifications, they can release this “new” ransomware to the general public. Interestingly enough, the master decryption keys for Crysis were released through the Bleeping Computer forums as well. An intriguing correlation that should not be overlooked.
The Dharma master decryption key works for Crysis ransomware as well, which should not come as a surprise. Since both types of malware consist of nearly the same source code, it is only normal to see the decryption keys work for both tools. These keys should work fine for any other type of ransomware based on Crysis, although security engineers have yet to confirm or deny this statement.
Dharma started gaining popularity in November of 2016, as various reports came in from users who had their computer files locked and renamed to the .dharma filetype. It did not take long for researchers to link Dharma to Crysis due to some similarities in hex patterns at the footer of the encrypted files. It is good to see decryption keys made publicly available for these types of ransomware, as it helps victims evade paying hefty bitcoin fees to restore access to their files.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.