About Dharma/CrySiS Ransomware – 2023

General information

The Dharma/CrySiS stands for a large family of ransomware threats attacking PCs since 2016. Some analysts say that the modern actor – REvil ransomware – is a part of this group that forked at a specific time. This is ransomware encrypting the personal data stored on the victim’s PC.

Once the encryption is successfully implemented, the ransomware shows a message demanding a payment in Bitcoin to restore the data.

Typical evidence of the attack:

Once the encryption process has been performed, owners of infected devices will find a scary warning on their screens. They may also be surprised to discover that all the available restore points are no longer available and that their documents are inaccessible because of encryption that added a new extension into each modified file. Dharma particulary aims at default backup methods, such as OneDrive and Volume Shadow Copy.

Stages of Dharma ransomware infection:

As soon as Dharma infects the system, it makes its appropriate registry entries to maintain its presence and encrypts every file type without modifying important system and malware files. It initiates the encryption mechanism using a complex encryption algorithm (AES-256 in conjunction with RSA-1024 asymmetric encryption), often used for fixed, removable, and network drives.

Preliminary to the encryption process, Dharma removes all the Windows Restore Points by executing the following command:

vssadmin delete shadows /all /quiet

The Trojan that injects the ransomware obtains the computer’s name and a range of encrypted files according to the specific formats, transferring them to a remote C&C server owned by the threat developer. In some cases with specific Windows versions, it also manages to run itself with administrator privileges, thus broadening the list of files subject to encryption.

Upon completion of the successful RDP-based attack, many people report that before actually displaying the scary alerts demanding the ransom to be paid, Crysis removes all available security software installed on the attacked device. I accent your attention upon RDP attacks as Dharma uses vulnerabilities in this remote access protocol in 70% of its attacks.

Technical details

Dharma ransomware mostly comes via RDP, so please disable it or change the default port for RDP!

Anti-virus programs identify Dharma as Ransom. Crysis or Ransom.Dharma. It attacks Windows systems. It mainly attacks businesses. It refers to the help of several channels for promotion:

1. Dharma can also be present as installation files for reputable programs, including anti-virus software. Dharma distributors will disguise these harmless-looking installers for various legitimate programs as downloadable executables, which they have promoted via numerous online resources and shared networks.
2. In many cases, Dharma is spread manually during the targeted attacks using leaked or weak RDP credentials. This implies that a human attacker is getting access to the victim’s computer before injecting the malware by misusing the Windows RDP protocol on port 3389.
3. Based on the analysis of the latest attack, Dharma was installed as a download link via a spam email. The link is directed to a password-protected, self-extracting bundle installer. The password was specified for the potential victims in the email. In addition to the Dharma executable, the installer contained an outdated removal utility elaborated by a well-known security developer.
4. This social engineering approach aims to bypass existing security barriers. Encountering a well-known security solution in the installation package misled people. It made them think that the downloadable file was secure, which was how the attack got accomplished.

The following Dharma note names have been found:

• README.txt
• HOW TO DECRYPT YOUR DATA.txt
• Readme to restore your files.txt
• Decryption instructions.txt
• FILES ENCRYPTED.txt
• Files encrypted!!.txt
• Info.hta

Dharma typically appends the following extensions for all the files it encrypts:

.vbox, .crysis, .dharma, wallet, .java, .adobe, .viper1, .write, .bip, .zzzzz, .viper2, .arrow, .gif, .xtbl, .onion, .bip, .cezar, .combo, .cesar, .cmb, .AUF, .arena, .brrr, .btc, .cobra, .gamma, .heets, .java, .monro, .USA, .bkp, .xwx, .btc, .best, .bgtx, .boost, .heets, .waifu, .qwe, .gamma, .ETH, .bet, ta, .air, .vanss, . 888, .FUNNY, .amber, .gdb, .frend, .like, .KARLS, .xxxxx, .aqva, .lock, .korea, .plomb, .tron, .NWA, .AUDIT, .com, .cccmn, .azero, .Bear, .bk666, .fire, .stun, .myjob, .ms13, .war, .carcn, .risk, .btix, .bkpx, .he, .ets, .santa, .gate, .bizer, .LOVE, .LDPR, .MERS, .bat, .qbix, .aa1, and .wal, .14x, .hub, .aol, .harma, .NOV, 22btc, .text, .con30, .LOTUS, .wcg, .word, .ROGER, .pauq

The list of Dharma (CrySiS) Ransomware.

• JERD Virus 🔐 (.J3RD Files) — How to Remove?
• LIKE Virus 🔐 (.LIKE Files) — How to Remove?
• FUNNY Ransomware 🔐 (.FUNNY File) — Removal Guide
• JRON Virus 🔐 (.JRON Files) — How to Remove?
• PGP Ransomware 🔐 (.PGP File) — Removal Guide
• NLB Virus 🔐 (.NLB Files) — How to Remove?
• R0N Ransomware 🔐 (.R0N File) — Removal Guide
• MAO Virus 🔐 (.MAO Files) — How to Remove?
• D0N Ransomware 🔐 (.D0N File) — Removal Guide
• CY3 Virus 🔐 (.CY3 Files) — How to Remove?
• SBU Ransomware 🔐 (.SBU File) — Removal Guide
• HEBEM Virus 🔐 (.HEBEM Files) — How to Remove?
• HBM Ransomware 🔐 (.HBM File) — Removal Guide
• JUST Ransomware 🔐 (.JUST File) — Removal Guide
• RPC Ransomware 🔐 (.RPC File) — Removal Guide
• BDAT Ransomware 🔐 (.BDAT File) — Removal Guide
• COMBO Virus 🔐 (.COMBO Files) — How to Remove?
• CYBERPUNK Ransomware 🔐 (.CYBER File) — Removal Guide
• DKEY Ransomware 🔐 (.DKEY File) — Removal Guide
• IQ20 Virus 🔐 (.IQ20 Files) — How to Remove?
• GNIK Virus 🔐 (.GNIK Files) — How to Remove?
• K1NG Virus 🔐 (.K1NG Files) — How to Remove?
• ZXCVB Virus 🔐 (.ZXCVB Files) — How to Remove?
• WATCH Ransomware 🔐 (.WATCH File) — Removal Guide
• NMO Virus Ransomware (.NMO Files) — dr.nemo@tutanota.com
• XROM Virus — [money21@onionmail.org].xrom File Ransomware
• EDW Ransomware (.EDW File) — Removal Guide
• INFO Ransomware (.INFO File) — Removal Guide
• R3TR0 Virus (.R3TR0 Files) — How to Remove?
• FX Files Ransomware – Remove FX Virus
• UST29 Virus Files of Ransomware — How to remove?
• UST29 Ransomware (.UST29 Files) — Virus Removal Guide
• MILLENNIUM Rasnomware — [MILLENNIUMCRYPT@MSGSAFE.IO].ME
• XGPR Virus (.XGPR Files of Ransomware) — How to remove virus?
• DC Virus Files of Ransomware — How to remove virus?
• BL Virus Files of mr.black@disroot.org Ransomware
• MTX Virus (.MTX Files of Ransomware) — mtx88@onionmail.org
• CIP Virus (.CIP Files of Ransomware) — ciphercrypt@tuta.io
• BMO Ransomware (.bmo files) — How to remove virus?
• DR RANSOMWARE Virus Files of Ransomware — How to remove virus?
• C1024 Virus Files of Ransomware — How to remove virus?
• XQXQX Virus Files of Ransomware — How to remove virus?
• DEEEP Virus Files of Ransomware — [JimThompson@ctemplar.com].Deep
• WIKI Ransomware (.wiki FILES) — How to remove virus?
• ROGER File ☣ Virus — How to remove & decrypt [didoh@tutanota.com].ROGER?
• NEEH File ☣ Virus — How to remove & decrypt [needhelp@disroot.org].NEEH?
• NAS Virus Files of Ransomware — How to remove virus?
• WOLF Virus Files of Ransomware — [seawolf@onionmail.org].WOLF
• CHLD Virus Files of Ransomware — keychild@onionmail.org
• MOON Virus (.MOON File of Ransomware) — How to remove?
• HELPME Virus Files of Ransomware — detect0r@tuta.io
• CHARLIE Virus (!Charlie Files of Ransomware) — charlieAdmin@mail2tor.com
• NOMAD Virus Files of Ransomware — nomad.crypt@onionmail.org
• RETOOLS Virus (yUixN Files of Ransomware) — How to remove virus?
• RME Virus (.RME Files of Ransomware) — How to remove virus?
• RZA Ransomware: [ghostdog@onionmail.org].RZA Files — How to remove virus?
• 6IX9 Virus Files of Ransomware — How to remove 6ix9@asia.com virus?
• TCYO File ☣ Virus — How to remove & decrypt [yourfiles1@cock.li].TCYO?
• DTS Virus (.DTS Files of Ransomware) — How to remove virus?
• C0v File Virus Ransomware — Fix [c0v1d19@job4u.com]
• JRB File ☣ Virus — How to remove & decrypt [bidencrypt@onionmail.org].JRB?
• TOR File ☣ Virus — How to remove & decrypt [todecrypt@disroot.org].TOR?
• dance File ☣ Virus — How to remove & decrypt [cryptodancer@onionmail.org].dance?
• MYDAY File ☣ Virus — How to remove & decrypt [everyday@dr.com].myday?
• GREJKUGULIK Virus (GREJ Files of Ransomware) — How to remove virus?
• OFF File ☣ Virus — How to remove & decrypt [tiocapvbu@aol.com].OFF?
• Pause File ☣ Virus — How to remove & decrypt [python100@tutanota.com].pause?
• datos@onionmail.org (.DT Virus Files of Ransomware) — How to remove virus?
• PB File ☣ Virus — How to remove & decrypt [projectblack@criptext.com].PB?
• nmc File ☣ Virus — How to remove & decrypt [nomanscrypt@tuta.io].nmc?
• ZEUS File ☣ Virus — How to remove & decrypt [zeus1@msgsafe.io].ZEUS?
• Pr09 File ☣ Virus — How to remove & decrypt [khfsuca@protonmail.com].Pr09?
• Gamma File ☣ Virus — How to remove & decrypt .gamma files?
• Xcss File ☣ Virus — How to remove & decrypt [xcsset@criptext.com].Xcss?
• cnc File ☣ Virus — How to remove & decrypt [cryptoncrypt@tuta.io].cnc?
• PARTY File ☣ Virus — How to remove & decrypt [partydog@msgsafe.io].PARTY?
• DELTA File ☣ Virus — How to remove & decrypt [delta@onionmail.org].DELTA?
• RDP File ☣ Virus — How to remove & decrypt [rdphack@onionmail.org].RDP?
• root File ☣ Virus — How to remove & decrypt [getdecrypt@disroot.org].root?
• Cesar File ☣ Virus — How to remove & decrypt [yasomoto@tutanota.com].Cesar?
• COMS Virus Files of Golbnaty@Aol.com Ransomware
• DHLP File ☣ Virus — How to remove & decrypt [datahlp@tuta.io].dhlp?
• CUM File ☣ Virus — How to remove & decrypt [dagsdruyt@onionmail.org].cum
• BDEV Virus (.BDEV Files of Ransomware) — How to remove virus?
• HPJ File ☣ Virus — How to remove & decrypt [hpjar@keemail.me].HPJ?
• 888 File ☣ Virus — How to remove & decrypt [donald888@mail.fr].888?
• ctpl File ☣ Virus — How to remove & decrypt [catapultacrypt@tuta.io].ctpl?
• 4o4 File ☣ Virus — How to remove & decrypt [godecrypt@onionmail.org].4o4?
• bqd2 File ☣ Virus — How to remove & decrypt [badhach@aol.com].bqd2?
• Liz Ransomware — How to remove & decrypt [lizardcrypt@tuta.io].Liz Files?
• [stopencrypt@qq.com].adobe Virus Files of Ransomware
• LAO File ☣ Virus — How to remove & decrypt [filerecovery@zimbabwe.su].LAO?
• pirat File ☣ Virus — How to remove & decrypt [brokendig@zimbabwe.su].pirat?
• EOFYD Virus Files of Ransomware — How to remove filerecovery@zimbabwe.su virus?
• DUK Virus Files of Ransomware — How to remove dokulus@tutanota.com virus?
• BIDEN Virus Files of Ransomware — How to remove virus?
• ROG File ☣ Virus — How to remove & decrypt [embog@firemail.cc].ROG?
• Jessy File ☣ Virus — How to remove & decrypt [jessymail26@aol.com].Jessy?
• ORAL File ☣ Virus — How to remove & decrypt [oral@tuta.io].ORAL?
• URS File ☣ Virus — How to remove & decrypt [necurs@aol.com].urs?
• Clman File ☣ Virus — How to remove & decrypt [coleman2021@aol.com].Clman?
• LIZARDCRYPT (.FOUR Virus Files) Ransomware — How to remove DHARMA virus?
• [rassupport@cock.li].BK Virus File of Ransomware — How to remove rassupport virus?
• pauq File ☣ Virus — How to remove & decrypt [carbanak@aol.com].pauq?
• HAM Files Ransomware — How to remove backup24@msgsafe.io?
• word File ☣ Virus — How to remove & decrypt [vm1iqzi@aol.com].word?
• LOTUS File ☣ Virus — How to remove & decrypt [paymei@cock.li].LOTUS?
• TEXT File ☣ Virus — How to remove & decrypt [helpdecrypt@msgsafe.io].TEXT?
• CON30 File ☣ Virus — How to remove & decrypt [con3003@msgsafe.io].CON30?
• WCG File ☣ Virus — How to remove & decrypt [btc11@gmx.com].wcg?
• OVO File ☣ Virus — How to remove & decrypt [dable19@mail.fr].OVO?
• TomLe File ☣ Virus — How to remove & decrypt [tomlee240@aol.com].TomLe?
• Avaad File ☣ Virus — How to remove & decrypt [avaaddams@msgsafe.io].Avaad?
• btc22 File ☣ Virus — How to remove & decrypt [22btc@tuta.io].btc22?
• Yourfiles1@cock.li (.NOV File) Virus — How to remove NOV (DHARMA) Ransomware?
• AXI Virus File of Ransomware (DHARMA) — How to remove axitrun2@tutanota.com virus?
• DEXX Virus Files of Ransomware — How to remove virus?
• LTC File ☣ Virus — How to remove & decrypt [leeza@keemail.me].LTC?
• DIS File ☣ Virus Ransomware — [decrypt@disroot.org].dis
• hub File ☣ Virus — How to remove & decrypt [crypthub@tuta.io].hub?
• aol File ☣ Virus — How to remove & decrypt [astra2eneca@aol.com].aol?
• 14x File ☣ Virus — How to remove & decrypt [axitrun@cock.li].14x?
• [decrypt2021@aol.com].2021 Virus File of Ransomware
• Bip File ☣ Virus — How to remove & decrypt [buydecrypt@qq.com].Bip?
• 4help File ☣ Virus — How to remove & decrypt [hlper4y@tutanota.com].4help?
• GAC Ransomware (.gac Files) — How to remove virus?
• gac File ☣ Virus — How to remove & decrypt [getacrypt@tuta.io].gac?
• 21btc File ☣ Virus — How to remove & decrypt [21btc@cock.li].21btc?
• lock File ☣ Virus — How to remove & decrypt [datafiles@waifu.club].lock?
• GLB File ☣ Virus — How to remove & decrypt [gonald58@cock.li].GLB?
• ROGER File ☣ Virus — How to remove & decrypt [pexdatax@gmail.com].ROGER?
• data File ☣ Virus — How to remove & decrypt [data@recovery.sx].data?
• yoAD File ☣ Virus — How to remove & decrypt [yourfiles1@cock.li].yoAD?
• SUKA File ☣ Virus — How to remove & decrypt [kjingx@tuta.io].SUKA?
• World File ☣ Virus — How to remove & decrypt [worldsnake@cock.li].World?
• SWP File ☣ Virus — How to remove & decrypt [eusa@tuta.io].SWP?
• Cvc File ☣ Virus — How to remove & decrypt [patrik008@tutanota.com].Cvc?
• YOUF File ☣ Virus — How to remove & decrypt [yourfiles1@cock.li].YOUF?
• ZIN File ☣ Virus — How to remove & decrypt [zinnik321@cock.li].ZIN?
• Dex File ☣ Virus — How to remove & decrypt [decryptex@airmail.cc].Dex?
• sss File ☣ Virus — How to remove & decrypt [m5b92n5p1@mail.com].sss?
• zimba File ☣ Virus — How to remove & decrypt [backup@zimbabwe.su].zimba?
• help File ☣ Virus — How to remove & decrypt [linas89@aol.com].help?
• MUST File ☣ Virus — How to remove & decrypt [james2020m@aol.com].MUST?
• RXD File ☣ Virus — How to remove & decrypt [debri@keemail.me].RXD?
• zimba File ☣ Virus — How to remove & decrypt [backup@zimbabawe.su].zimba?
• Elvis File ☣ Virus — How to remove & decrypt [elvisdark@aol.com].Elvis?
• KUT File ☣ Virus — How to remove & decrypt [kuk1@tuta.io].kut?
• YUFL File ☣ Virus — How to remove & decrypt [yourfiles1@tuta.io].YUFL?
• bH4T File ☣ Virus — How to remove & decrypt [blackhat@iname.com].bH4T?
• 259 File ☣ Virus — How to remove & decrypt [259461356@qq.com].259?
• Crypt File ☣ Virus — How to remove & decrypt [decrypt@msgsafe.io].Crypt?
• LCK File ☣ Virus — How to remove & decrypt [triplock@tutanota.com].LCK?
• Gtsc File ☣ Virus — How to remove & decrypt [getscoin3@protonmail.com].Gtsc?
• Zxcv File ☣ Virus — How to remove & decrypt [decrypt@null.net].Zxcv?
• Dme File ☣ Virus — How to remove & decrypt [decrypttme@airmail.cc].Dme?
• Ransomware DLL File — How to remove [technopc@tuta.io].DLL Virus?
• FLYU File ☣ Virus Ransomware — FIX PC & REMOVAL TOOL
• cve File ☣ Virus — How to remove & decrypt [lpe-cve@usa.com].cve?
• FRESH File ☣ Virus — How to remove & decrypt [freshkart@420blaze.it].fresh?
• Arrow File ☣ Virus — How to remove & decrypt [biashabtc@redchan.it].Arrow?
• TEREN File ☣ Virus — How to remove & decrypt [databack44@tuta.io].TEREN?
• Lina File ☣ Virus — How to remove & decrypt [linajamser@aol.com].Lina?
• AHP File ☣ Virus — How to remove & decrypt [aihlp24@tuta.io].AHP?
• chuk File ☣ Virus — How to remove & decrypt [tchukopchu@tutanota.com].chuk?
• Blm File ☣ Virus — How to remove & decrypt [blacklivesmatter@qq.com].Blm?
• Eur File ☣ Virus — How to remove & decrypt [decrypt@europe.com].Eur?
• Zphs File ☣ Virus — How to remove & decrypt [zphc@cock.li].Zphs?
• Arena File ☣ Virus — How to remove & decrypt [macgregor@aolonline.top].Arena?
• Error File ☣ Virus — How to remove & decrypt [datahelp@techmail.info].Error?
• Gold File ☣ Virus — How to remove & decrypt [goldmind@tuta.io]].Gold?
• harma File ☣ Virus — How to remove & decrypt [pashmak@tutanota.com].harma?
• WSHLP File ☣ Virus — How to remove & decrypt [newhelper@cock.li].WSHLP?
• Eking File ☣ Virus — How to remove & decrypt [savemyself1@tutanota.com].Eking?
• Iranian low-skilled hackers are quite successful in “playing” with Dharma ransomware
• CL File Virus — How to remove & decrypt [cl_crypt@aol.com].cl?
• NW24 File ☣ Virus — How to remove & decrypt [newhelper24@protonmail.ch].NW24?
• AIM File ☣ Virus — How to remove & decrypt [yyuzhou13@tutanota.com].AIM?
• rec File ☣ Virus — How to remove & decrypt [enabledecrypt@aol.com].rec?
• Aim File ☣ Virus — How to remove & decrypt [smith1@mailfence.com].Aim?
• Back File ☣ Virus — How to remove & decrypt [backdata@zimbabwe.su].Back?
• xati File ☣ Virus — How to remove & decrypt [xatixxatix@mail.fr].xati?
• GET File ☣ Virus — How to remove & decrypt getscoin2@protonmail.com?
• 1dec File ☣ Virus — How to remove & decrypt [gocrypt@aol.com].1dec?
• WEEK File ☣ Virus — How to remove & decrypt [week1@tuta.io].WEEK?
• LOG File ☣ Virus — How to remove & decrypt [logan8833@aol.com].LOG?
• Mnbzr File Virus — How to remove [trfgklmbvzx@aol.com].Mnbzr?
• TCPRX File ☣ Virus — How to remove & decrypt [tcprx@tutanota.com].tcprx?
• PPHL File ☣ Virus — How to remove & decrypt [pvphlp@tutanota.com].PPHL?
• HAT File ☣ Virus — How to remove & decrypt [zagrec@protonmail.com].HAT?
• Spare File ☣ Virus — How to remove & decrypt [de.crypt@aol.com].Spare?
• homer File ☣ Virus — How to remove & decrypt [homersimpson777@mail.fr].homer?
• GNS File ☣ Virus — How to remove & decrypt [geniusid@protonmail.ch].GNS?
• Smpl File ☣ Virus — How to remove & decrypt [crimecrypt@aol.com].Smpl?
• null File ☣ Virus — How to remove & decrypt [nullcipher@cock.li].null?
• Felix File ☣ Virus — How to remove & decrypt [felix@countermail.com].Felix?
• “.teamV” File Virus — How to remove teamvv@protonmail.com ransomware?
• java File ☣ Virus — How to remove & decrypt [pain@onefinedstay.com].java?
• BAD File ☣ Virus — How to remove & decrypt [ucos2@elude.in].BAD?
• dtbc File ☣ Virus — How to remove & decrypt [databack2@protonmail.com].dtbc?
• BOOT File ☣ Virus — How to remove & decrypt [resetboot@aol.com].BOOT?
• Prnds File ☣ Virus — How to remove & decrypt [prndssdnrp@mail.fr].Prnds?
• gyga File ☣ Virus — How to remove & decrypt [gygabot@cock.li].gyga?
• NHLP File ☣ Virus — How to remove & decrypt [newhelper@protonmail.ch].NHLP?
• HOW File ☣ Virus — How to remove & decrypt [how_decrypt@aol.com].HOW?
• LXHLP File ☣ Virus — How to remove & decrypt [lxhlp@protonmail.com].LXHLP?
• Team File Virus — How to remove & decrypt teamvi@protonmail.com?
• base File ☣ Virus — How to remove & decrypt [savebase@aol.com].base?
• R3F5S File ☣ Virus — How to remove & decrypt [r3ad4@aol.com].R3F5S?
• club File ☣ Virus — How to remove & decrypt [admin@stelsdatas.com].club?
• Hlpp File ☣ Virus — How to remove & decrypt [hlpp@protonmail.ch].Hlpp?
• HCK File ☣ Virus — How to remove & decrypt [cavefat@tuta.io].HCK?
• Credo File ☣ Virus — How to remove & decrypt [recovery@qbmail.biz].Credo?
• DR File ☣ Virus — How to remove & decrypt [dr.decrypt@aol.com].DR?
• WCH File ☣ Virus — How to remove & decrypt [wecanhelpu@tuta.io].WCH?
• PGP File ☣ Virus — How to remove & decrypt [openpgp@foxmail.com].PGP?
• CLUB File ☣ Virus — How to remove & decrypt [admin@steldatas.com].club?
• WELL File ☣ Virus — How to remove & decrypt [mewellwisher@protonmail.ch].WELL?
• space File ☣ Virus — How to remove & decrypt [mail@qbmail.biz].space?
• ONE File ☣ Virus — How to remove & decrypt [onepconebtc@protonmail.com].ONE?
• BOMBO File ☣ Virus — How to remove & decrypt [bit_decrypt@protonmail.com].BOMBO?
• payB File ☣ Virus — How to remove & decrypt [paybit@aol.com].payB?
• .love$ Virus File (im.online@aol.com) – Ransomware Removal
• [dayonpay@aol.com].dop Virus Files. How to Remove?
• Ccd Virus File (CCD-help@protonmail.ch) – How to Remove It
• 1btc Virus File (decoding@qbmail.biz) – How to Remove It
• [bitcoin@email.tg].ncov Virus Files. How to Remove?
• .msplt Virus File (supermetasploit@aol.com Ransomware) – Remove It
• brokenbrow.teodorico@aol.com Virus Removal + Decrypt .eight Files
• Decrypt [decrypt2021@elude.in].eight Files Virus
• [btckeys@aol.com].2020 Virus Files. Ransomware Removal Guide
• [coronavirus@foxmail.com].c-vir Virus Files
• [lockhelp@qq.com].gate Virus Files. How to fix & decrypt data?
• Decrypt [help.crypt@aol.com].lx Files
• decoding@qbmail.biz Virus Removal + Decrypt .ipm Files
• GTF Virus Removal + Decrypt .gtf Files (grandtheftfiles@aol.com)
• Rxx Virus File (back_data@foxmail.com) – How to Remove Ransomware?
• [smithhelp@mail.ee].barak Virus Files. How to Fix?
• dryidik@tutanota.com Virus Removal + Decrypt .plex Files
• .ykup Virus File (Dharma Ransomware) – Remove It
• assonmolly5@gmail.com Virus Removal + Decrypt .8800 Files
• .ncov Virus File (Dharma Ransomware) – Remove It
• Restore [decrypt@qbmail.biz].pay Files
• black@gytmail.com Virus Removal + Decrypt .self Files
• [coronavirus@qq.com].ncov Virus Files. How to Fix?
• Z9 Virus File (help.me24@protonmail.com) – How to Remove It
• [mr.crypteur@protonmail.com].WHY Virus Files. How to Fix?
• R2D2 Virus File (1024back@tuta.io) – Remove ransomware
• CU Virus File ([cyberunion@tuta.io].cu) – How to Remove It
• new2crypt@aol.com Virus Removal + Decrypt “.2new” Files
• Devos Virus File (qq1935@mail.fr) – How to Remove It
• Harma Virus File (writehere@onlinehelp.host) – How to Remove It
• Wrar Virus File (supp37@cock.li) – How to Remove It
• .live Virus File (cryptlive@aol.com) – Remove It
• .NEWS Virus File (notgoodnews@tutanota.com) – How to Remove It
• backinfo@protonmail.com Virus Removal + Decrypt .devos Files
• Restore [help.me24@protonmail.com].z9 Files
• [sumpterzoila@aol.com].harma Virus Files. How to Fix?
• Pdf Virus File (Dharma) – How to Remove It
• RIDIK Virus File – recoverysql@protonmail.com – How to Remove It
• ROGER Virus File (anna.kurtz@protonmail.com) – Remove It
• Harma Virus File (whitwellpark@aol.com) – How to Remove It
• .harma Virus File (MerlinWebster@aol.com Ransomware)
• [manyfiles@aol.com].harma Virus Files
• .roger Virus File (admin@spacedatas.com) – Remove It
• [agent.dmr@protonmail.com].dmr64 Virus Files. How to Fix?
• returnmefiles@aol.com Virus Removal + Decrypt .actor Files
• [asdbtc@aol.com].asd Virus Files. How to Fix?
• ROGER Virus (.ROGER File Ransomware) – DECRYPT & REMOVAL
• Redrum [moncler@cock.li] Virus File (Dharma) – How to Remove It
• Calum Virus File (Dharma) – How to Remove It
• [corebitp@cock.li].bitcore Virus Files. How to Fix?
• imdecrypt@aol.com Virus Removal + Decrypt .imi Files
• admin@stex777.com Virus Removal + Decrypt .money Files
• [1btc@qbmail.biz].bitx Virus Files. How to Fix?
• admin@sectex.net Virus Removal + Decrypt .bot Files
• backdata.company@aol.com Virus Removal + Decrypt .roger Files
• CALUM [keysfordencryption@airmail.cc] virus. How to decrypt .calum files?
• 2048 Virus File (Dharma) – How to Remove It
• [decrypt@files.mn].angus Virus Files. How to Fix?
• teammarcy10@cock.li Virus Removal + Decrypt .kharma Files
• Restore [decrypt2020@aol.com].deuce Files
• Syss Virus File (Dharma) – How to Remove It
• Restore [ninja777@cock.li].ninja Files
• .kr Virus File (Dharma Ransomware) – Remove It
• clifieb@tutanota.com Virus Removal + Decrypt .nvram Files
• rsacrypt@aol.com Virus Removal + Decrypt .rsa Files
• Restore [amandacerny89@aol.com].virus Files
• HARMA File Virus. How To Remove Harma Ransomware?
• .start Virus File (Dharma Ransomware) – Remove It
• .asus Virus File (Dharma Ransomware) – Remove It
• .xda Virus File (Dharma Ransomware) – Remove It
• One Virus File (Dharma) – How to Remove It
• [bitlocker@foxmail.com].wiki Virus Files. How to Fix?
• nmode@tutanota.com Virus Removal + Decrypt .bot Files
• .uta Virus File (Dharma Ransomware) – Remove It
• [b1tc01n@aol.com].oo7 Virus Files. How to Fix?
• [blackmax@tutanota.com].krab Virus Files. How to Fix?
• .money Virus File (Dharma Ransomware) – Remove It
• [cryptocash@aol.com].cash Virus Files. How to Fix?
• Adame Ransomware Virus Removal + Decrypt .adame Files
• CALIX Ransomware — Restore .calix Files
• vivaldicrypt@outlook.com Virus Removal + Decrypt .vival Files
• Restore [locksvbox@tutamail.com].vbox Files