About Dharma/CrySiS Ransomware – 2022

General information

The Dharma/CrySiS stands for a large family of ransomware threats that has been attacking PCs since 2016. Some analysts say that the modern actor – REvil ransomware – is a part of this group that forked at certain point of time. This is a ransomware encrypting the personal data stored on the victim’s PC.

Once the encryption is successfully implemented, the ransomware shows a message which demands a payment in Bitcoin for restoring the data.

Typical evidences of the attack:

Owners of infected devices will find a scary warning on their screens once the encryption process has been already performed. They may also be surprised to find out that all the available restore points are no longer available and that their documents are inaccessible because of encryption that added a new extension into each modified file.

Stages of Dharma ransomware infection:

As soon as Dharma infects the system, it makes its appropriate registry entries to maintain its presence and encrypts literally every file type, without modifying important system and malware files. It initiates the encryption mechanism by means of a complex encryption algorithm (AES-256 in conjunction with RSA-1024 asymmetric encryption), which is often used for fixed, removable, and network drives.

Preliminary to the encryption process, Dharma removes all the Windows Restore Points by executing the following command:

vssadmin delete shadows /all /quiet

The Trojan that injects the ransomware obtains the computer’s name and a range of encrypted files according to the specific formats, transferring them to a remote C&C server owned by the threat developer. In some cases with specific Windows versions, it also manages to run itself with administrator privileges, thus broadening the list of files that are subject to encryption.

Upon completion of the successful RDP-based attack, many people report that before actually displaying the scary alerts demanding the random to be paid, Crysis additionally removes all available security software installed on the attacked device.

Technical details

Dharma ransomware mostly comes via RDP, so please disable it or change the default port for RDP!

Dharma is identified by anti-virus programs as Ransom.Crysis or Ransom.Dharma. It attacks Windows systems. It mainly attacks businesses. It refers to the help of several channels for promotion:

1. Dharma can also present itself as installation files for reputable programs, including anti-virus software. Dharma distributors will disguise these harmless-looking installers for various legitimate programs as downloadable executables, which they have been promoting via numerous online resources and shared networks.
2. In many cases, Dharma is spread manually during the targeted attacks by means of the leaked or weak RDP credentials. This implies that a human attacker is getting access to the victim’s computer prior to injecting the malware by misusing the Windows RDP protocol on port 3389.
3. Based on the analysis of the latest attack, Dharma was installed as a download link via a spam email. The link directed to a password-protected, self-extracting bundle installer. The password was specified for the potential victims in the email and, in addition to the Dharma executable, the installer contained an outdated removal utility elaborated by a well-known security developer.
4. This social engineering approach aims to bypass existing security barriers. Encountering a well-known security solution in the installation package misled people and made them think that the downloadable file was secure, and this is the way the attack got successfully accomplished.

The following Dharma note names have been found:

• README.txt
• HOW TO DECRYPT YOUR DATA.txt
• Readme to restore your files.txt
• Decryption instructions.txt
• FILES ENCRYPTED.txt
• Files encrypted!!.txt
• Info.hta

Dharma typically appends the following extensions for all the files it encrypts:

.vbox, .crysis, .dharma, wallet, .java, .adobe, .viper1, .write, .bip, .zzzzz, .viper2, .arrow, .gif, .xtbl, .onion, .bip, .cezar, .combo, .cesar, .cmb, .AUF, .arena, .brrr, .btc, .cobra, .gamma, .heets, .java, .monro, .USA, .bkp, .xwx, .btc, .best, .bgtx, .boost, .heets, .waifu, .qwe, .gamma, .ETH, .bet, ta, .air, .vanss, . 888, .FUNNY, .amber, .gdb, .frend, .like, .KARLS, .xxxxx, .aqva, .lock, .korea, .plomb, .tron, .NWA, .AUDIT, .com, .cccmn, .azero, .Bear, .bk666, .fire, .stun, .myjob, .ms13, .war, .carcn, .risk, .btix, .bkpx, .he, .ets, .santa, .gate, .bizer, .LOVE, .LDPR, .MERS, .bat, .qbix, .aa1, and .wal, .14x, .hub, .aol, .harma, .NOV, 22btc, .text, .con30, .LOTUS, .wcg, .word, .ROGER, .pauq

The list of Dharma (CrySiS) Ransomware.

• FX Files Ransomware – Remove FX Virus
• UST29 Virus Files of Ransomware — How to remove?
• UST29 Ransomware (.UST29 Files) — Virus Removal Guide
• MILLENNIUM Rasnomware — [MILLENNIUMCRYPT@MSGSAFE.IO].ME
• XGPR Virus (.XGPR Files of Ransomware) — How to remove virus?
• DC Virus Files of Ransomware — How to remove virus?
• BL Virus Files of mr.black@disroot.org Ransomware
• MTX Virus (.MTX Files of Ransomware) — mtx88@onionmail.org
• CIP Virus (.CIP Files of Ransomware) — ciphercrypt@tuta.io
• BMO Ransomware (.bmo files) — How to remove virus?
• DR RANSOMWARE Virus Files of Ransomware — How to remove virus?
• C1024 Virus Files of Ransomware — How to remove virus?
• XQXQX Virus Files of Ransomware — How to remove virus?
• DEEEP Virus Files of Ransomware — [JimThompson@ctemplar.com].Deep
• WIKI Ransomware (.wiki FILES) — How to remove virus?
• ROGER File ☣ Virus — How to remove & decrypt [didoh@tutanota.com].ROGER?
• NEEH File ☣ Virus — How to remove & decrypt [needhelp@disroot.org].NEEH?
• NAS Virus Files of Ransomware — How to remove virus?
• WOLF Virus Files of Ransomware — [seawolf@onionmail.org].WOLF
• CHLD Virus Files of Ransomware — keychild@onionmail.org
• MOON Virus (.MOON File of Ransomware) — How to remove?
• HELPME Virus Files of Ransomware — detect0r@tuta.io
• CHARLIE Virus (!Charlie Files of Ransomware) — charlieAdmin@mail2tor.com
• NOMAD Virus Files of Ransomware — nomad.crypt@onionmail.org
• RETOOLS Virus (yUixN Files of Ransomware) — How to remove virus?
• RME Virus (.RME Files of Ransomware) — How to remove virus?
• RZA Ransomware: [ghostdog@onionmail.org].RZA Files — How to remove virus?
• 6IX9 Virus Files of Ransomware — How to remove 6ix9@asia.com virus?
• TCYO File ☣ Virus — How to remove & decrypt [yourfiles1@cock.li].TCYO?
• DTS Virus (.DTS Files of Ransomware) — How to remove virus?
• C0v File Virus Ransomware — Fix [c0v1d19@job4u.com]
• JRB File ☣ Virus — How to remove & decrypt [bidencrypt@onionmail.org].JRB?
• TOR File ☣ Virus — How to remove & decrypt [todecrypt@disroot.org].TOR?
• dance File ☣ Virus — How to remove & decrypt [cryptodancer@onionmail.org].dance?
• MYDAY File ☣ Virus — How to remove & decrypt [everyday@dr.com].myday?
• GREJKUGULIK Virus (GREJ Files of Ransomware) — How to remove virus?
• OFF File ☣ Virus — How to remove & decrypt [tiocapvbu@aol.com].OFF?
• Pause File ☣ Virus — How to remove & decrypt [python100@tutanota.com].pause?
• datos@onionmail.org (.DT Virus Files of Ransomware) — How to remove virus?
• PB File ☣ Virus — How to remove & decrypt [projectblack@criptext.com].PB?
• nmc File ☣ Virus — How to remove & decrypt [nomanscrypt@tuta.io].nmc?
• ZEUS File ☣ Virus — How to remove & decrypt [zeus1@msgsafe.io].ZEUS?
• Pr09 File ☣ Virus — How to remove & decrypt [khfsuca@protonmail.com].Pr09?
• Gamma File ☣ Virus — How to remove & decrypt [bebenrowan@aol.com].gamma?
• Xcss File ☣ Virus — How to remove & decrypt [xcsset@criptext.com].Xcss?
• cnc File ☣ Virus — How to remove & decrypt [cryptoncrypt@tuta.io].cnc?
• PARTY File ☣ Virus — How to remove & decrypt [partydog@msgsafe.io].PARTY?
• DELTA File ☣ Virus — How to remove & decrypt [delta@onionmail.org].DELTA?
• RDP File ☣ Virus — How to remove & decrypt [rdphack@onionmail.org].RDP?
• root File ☣ Virus — How to remove & decrypt [getdecrypt@disroot.org].root?
• Cesar File ☣ Virus — How to remove & decrypt [yasomoto@tutanota.com].Cesar?
• COMS Virus Files of Golbnaty@Aol.com Ransomware
• DHLP File ☣ Virus — How to remove & decrypt [datahlp@tuta.io].dhlp?
• CUM File ☣ Virus — How to remove & decrypt [dagsdruyt@onionmail.org].cum
• BDEV Virus (.BDEV Files of Ransomware) — How to remove virus?
• HPJ File ☣ Virus — How to remove & decrypt [hpjar@keemail.me].HPJ?
• 888 File ☣ Virus — How to remove & decrypt [donald888@mail.fr].888?
• ctpl File ☣ Virus — How to remove & decrypt [catapultacrypt@tuta.io].ctpl?
• 4o4 File ☣ Virus — How to remove & decrypt [godecrypt@onionmail.org].4o4?
• bqd2 File ☣ Virus — How to remove & decrypt [badhach@aol.com].bqd2?
• Liz Ransomware — How to remove & decrypt [lizardcrypt@tuta.io].Liz Files?
• [stopencrypt@qq.com].adobe Virus Files of Ransomware
• LAO File ☣ Virus — How to remove & decrypt [filerecovery@zimbabwe.su].LAO?
• pirat File ☣ Virus — How to remove & decrypt [brokendig@zimbabwe.su].pirat?
• EOFYD Virus Files of Ransomware — How to remove filerecovery@zimbabwe.su virus?
• DUK Virus Files of Ransomware — How to remove dokulus@tutanota.com virus?
• BIDEN Virus Files of Ransomware — How to remove virus?
• ROG File ☣ Virus — How to remove & decrypt [embog@firemail.cc].ROG?
• Jessy File ☣ Virus — How to remove & decrypt [jessymail26@aol.com].Jessy?
• ORAL File ☣ Virus — How to remove & decrypt [oral@tuta.io].ORAL?
• URS File ☣ Virus — How to remove & decrypt [necurs@aol.com].urs?
• Clman File ☣ Virus — How to remove & decrypt [coleman2021@aol.com].Clman?
• LIZARDCRYPT (.FOUR Virus Files) Ransomware — How to remove DHARMA virus?
• [rassupport@cock.li].BK Virus File of Ransomware — How to remove rassupport virus?
• pauq File ☣ Virus — How to remove & decrypt [carbanak@aol.com].pauq?
• HAM Files Ransomware — How to remove backup24@msgsafe.io?
• word File ☣ Virus — How to remove & decrypt [vm1iqzi@aol.com].word?
• LOTUS File ☣ Virus — How to remove & decrypt [paymei@cock.li].LOTUS?
• TEXT File ☣ Virus — How to remove & decrypt [helpdecrypt@msgsafe.io].TEXT?
• CON30 File ☣ Virus — How to remove & decrypt [con3003@msgsafe.io].CON30?
• WCG File ☣ Virus — How to remove & decrypt [btc11@gmx.com].wcg?
• OVO File ☣ Virus — How to remove & decrypt [dable19@mail.fr].OVO?
• TomLe File ☣ Virus — How to remove & decrypt [tomlee240@aol.com].TomLe?
• Avaad File ☣ Virus — How to remove & decrypt [avaaddams@msgsafe.io].Avaad?
• btc22 File ☣ Virus — How to remove & decrypt [22btc@tuta.io].btc22?
• Yourfiles1@cock.li (.NOV File) Virus — How to remove NOV (DHARMA) Ransomware?
• AXI Virus File of Ransomware (DHARMA) — How to remove axitrun2@tutanota.com virus?
• DEXX Virus Files of Ransomware — How to remove virus?
• LTC File ☣ Virus — How to remove & decrypt [leeza@keemail.me].LTC?
• DIS File ☣ Virus Ransomware — [decrypt@disroot.org].dis
• hub File ☣ Virus — How to remove & decrypt [crypthub@tuta.io].hub?
• aol File ☣ Virus — How to remove & decrypt [astra2eneca@aol.com].aol?
• 14x File ☣ Virus — How to remove & decrypt [axitrun@cock.li].14x?
• [decrypt2021@aol.com].2021 Virus File of Ransomware
• Bip File ☣ Virus — How to remove & decrypt [buydecrypt@qq.com].Bip?
• 4help File ☣ Virus — How to remove & decrypt [hlper4y@tutanota.com].4help?
• GAC Ransomware (.gac Files) — How to remove virus?
• gac File ☣ Virus — How to remove & decrypt [getacrypt@tuta.io].gac?
• 21btc File ☣ Virus — How to remove & decrypt [21btc@cock.li].21btc?
• lock File ☣ Virus — How to remove & decrypt [datafiles@waifu.club].lock?
• GLB File ☣ Virus — How to remove & decrypt [gonald58@cock.li].GLB?
• ROGER File ☣ Virus — How to remove & decrypt [pexdatax@gmail.com].ROGER?
• data File ☣ Virus — How to remove & decrypt [data@recovery.sx].data?
• yoAD File ☣ Virus — How to remove & decrypt [yourfiles1@cock.li].yoAD?
• SUKA File ☣ Virus — How to remove & decrypt [kjingx@tuta.io].SUKA?
• World File ☣ Virus — How to remove & decrypt [worldsnake@cock.li].World?
• SWP File ☣ Virus — How to remove & decrypt [eusa@tuta.io].SWP?
• Cvc File ☣ Virus — How to remove & decrypt [patrik008@tutanota.com].Cvc?
• YOUF File ☣ Virus — How to remove & decrypt [yourfiles1@cock.li].YOUF?
• ZIN File ☣ Virus — How to remove & decrypt [zinnik321@cock.li].ZIN?
• Dex File ☣ Virus — How to remove & decrypt [decryptex@airmail.cc].Dex?
• sss File ☣ Virus — How to remove & decrypt [m5b92n5p1@mail.com].sss?
• zimba File ☣ Virus — How to remove & decrypt [backup@zimbabwe.su].zimba?
• help File ☣ Virus — How to remove & decrypt [linas89@aol.com].help?
• MUST File ☣ Virus — How to remove & decrypt [james2020m@aol.com].MUST?
• RXD File ☣ Virus — How to remove & decrypt [debri@keemail.me].RXD?
• zimba File ☣ Virus — How to remove & decrypt [backup@zimbabawe.su].zimba?
• Elvis File ☣ Virus — How to remove & decrypt [elvisdark@aol.com].Elvis?
• KUT File ☣ Virus — How to remove & decrypt [kuk1@tuta.io].kut?
• YUFL File ☣ Virus — How to remove & decrypt [yourfiles1@tuta.io].YUFL?
• bH4T File ☣ Virus — How to remove & decrypt [blackhat@iname.com].bH4T?
• 259 File ☣ Virus — How to remove & decrypt [259461356@qq.com].259?
• Crypt File ☣ Virus — How to remove & decrypt [decrypt@msgsafe.io].Crypt?
• LCK File ☣ Virus — How to remove & decrypt [triplock@tutanota.com].LCK?
• Gtsc File ☣ Virus — How to remove & decrypt [getscoin3@protonmail.com].Gtsc?
• Zxcv File ☣ Virus — How to remove & decrypt [decrypt@null.net].Zxcv?
• Dme File ☣ Virus — How to remove & decrypt [decrypttme@airmail.cc].Dme?
• Ransomware DLL File — How to remove [technopc@tuta.io].DLL Virus?
• FLYU File ☣ Virus Ransomware — FIX PC & REMOVAL TOOL
• cve File ☣ Virus — How to remove & decrypt [lpe-cve@usa.com].cve?
• FRESH File ☣ Virus — How to remove & decrypt [freshkart@420blaze.it].fresh?
• Arrow File ☣ Virus — How to remove & decrypt [biashabtc@redchan.it].Arrow?
• TEREN File ☣ Virus — How to remove & decrypt [databack44@tuta.io].TEREN?
• Lina File ☣ Virus — How to remove & decrypt [linajamser@aol.com].Lina?
• AHP File ☣ Virus — How to remove & decrypt [aihlp24@tuta.io].AHP?
• chuk File ☣ Virus — How to remove & decrypt [tchukopchu@tutanota.com].chuk?
• Blm File ☣ Virus — How to remove & decrypt [blacklivesmatter@qq.com].Blm?
• Eur File ☣ Virus — How to remove & decrypt [decrypt@europe.com].Eur?
• Zphs File ☣ Virus — How to remove & decrypt [zphc@cock.li].Zphs?
• Arena File ☣ Virus — How to remove & decrypt [macgregor@aolonline.top].Arena?
• Error File ☣ Virus — How to remove & decrypt [datahelp@techmail.info].Error?
• Gold File ☣ Virus — How to remove & decrypt [goldmind@tuta.io]].Gold?
• harma File ☣ Virus — How to remove & decrypt [pashmak@tutanota.com].harma?
• WSHLP File ☣ Virus — How to remove & decrypt [newhelper@cock.li].WSHLP?
• Eking File ☣ Virus — How to remove & decrypt [savemyself1@tutanota.com].Eking?
• Iranian low-skilled hackers are quite successful in “playing” with Dharma ransomware
• CL File Virus — How to remove & decrypt [cl_crypt@aol.com].cl?
• NW24 File ☣ Virus — How to remove & decrypt [newhelper24@protonmail.ch].NW24?
• AIM File ☣ Virus — How to remove & decrypt [yyuzhou13@tutanota.com].AIM?
• rec File ☣ Virus — How to remove & decrypt [enabledecrypt@aol.com].rec?
• Aim File ☣ Virus — How to remove & decrypt [smith1@mailfence.com].Aim?
• Back File ☣ Virus — How to remove & decrypt [backdata@zimbabwe.su].Back?
• xati File ☣ Virus — How to remove & decrypt [xatixxatix@mail.fr].xati?
• GET File ☣ Virus — How to remove & decrypt getscoin2@protonmail.com?
• 1dec File ☣ Virus — How to remove & decrypt [gocrypt@aol.com].1dec?
• WEEK File ☣ Virus — How to remove & decrypt [week1@tuta.io].WEEK?
• LOG File ☣ Virus — How to remove & decrypt [logan8833@aol.com].LOG?
• Mnbzr File Virus — How to remove [trfgklmbvzx@aol.com].Mnbzr?
• TCPRX File ☣ Virus — How to remove & decrypt [tcprx@tutanota.com].tcprx?
• PPHL File ☣ Virus — How to remove & decrypt [pvphlp@tutanota.com].PPHL?
• HAT File ☣ Virus — How to remove & decrypt [zagrec@protonmail.com].HAT?
• Spare File ☣ Virus — How to remove & decrypt [de.crypt@aol.com].Spare?
• homer File ☣ Virus — How to remove & decrypt [homersimpson777@mail.fr].homer?
• GNS File ☣ Virus — How to remove & decrypt [geniusid@protonmail.ch].GNS?
• Smpl File ☣ Virus — How to remove & decrypt [crimecrypt@aol.com].Smpl?
• null File ☣ Virus — How to remove & decrypt [nullcipher@cock.li].null?
• Felix File ☣ Virus — How to remove & decrypt [felix@countermail.com].Felix?
• “.teamV” File Virus — How to remove teamvv@protonmail.com ransomware?
• java File ☣ Virus — How to remove & decrypt [pain@onefinedstay.com].java?
• BAD File ☣ Virus — How to remove & decrypt [ucos2@elude.in].BAD?
• dtbc File ☣ Virus — How to remove & decrypt [databack2@protonmail.com].dtbc?
• BOOT File ☣ Virus — How to remove & decrypt [resetboot@aol.com].BOOT?
• Prnds File ☣ Virus — How to remove & decrypt [prndssdnrp@mail.fr].Prnds?
• gyga File ☣ Virus — How to remove & decrypt [gygabot@cock.li].gyga?
• NHLP File ☣ Virus — How to remove & decrypt [newhelper@protonmail.ch].NHLP?
• HOW File ☣ Virus — How to remove & decrypt [how_decrypt@aol.com].HOW?
• LXHLP File ☣ Virus — How to remove & decrypt [lxhlp@protonmail.com].LXHLP?
• Team File Virus — How to remove & decrypt teamvi@protonmail.com?
• base File ☣ Virus — How to remove & decrypt [savebase@aol.com].base?
• R3F5S File ☣ Virus — How to remove & decrypt [r3ad4@aol.com].R3F5S?
• club File ☣ Virus — How to remove & decrypt [admin@stelsdatas.com].club?
• Hlpp File ☣ Virus — How to remove & decrypt [hlpp@protonmail.ch].Hlpp?
• HCK File ☣ Virus — How to remove & decrypt [cavefat@tuta.io].HCK?
• Credo File ☣ Virus — How to remove & decrypt [recovery@qbmail.biz].Credo?
• DR File ☣ Virus — How to remove & decrypt [dr.decrypt@aol.com].DR?
• WCH File ☣ Virus — How to remove & decrypt [wecanhelpu@tuta.io].WCH?
• PGP File ☣ Virus — How to remove & decrypt [openpgp@foxmail.com].PGP?
• CLUB File ☣ Virus — How to remove & decrypt [admin@steldatas.com].club?
• WELL File ☣ Virus — How to remove & decrypt [mewellwisher@protonmail.ch].WELL?
• space File ☣ Virus — How to remove & decrypt [mail@qbmail.biz].space?
• ONE File ☣ Virus — How to remove & decrypt [onepconebtc@protonmail.com].ONE?
• BOMBO File ☣ Virus — How to remove & decrypt [bit_decrypt@protonmail.com].BOMBO?
• payB File ☣ Virus — How to remove & decrypt [paybit@aol.com].payB?
• .love$ Virus File (im.online@aol.com) – Ransomware Removal
• [dayonpay@aol.com].dop Virus Files. How to Remove?
• Ccd Virus File (CCD-help@protonmail.ch) – How to Remove It
• 1btc Virus File (decoding@qbmail.biz) – How to Remove It
• [bitcoin@email.tg].ncov Virus Files. How to Remove?
• .msplt Virus File (supermetasploit@aol.com Ransomware) – Remove It
• brokenbrow.teodorico@aol.com Virus Removal + Decrypt .eight Files
• Decrypt [decrypt2021@elude.in].eight Files Virus
• [btckeys@aol.com].2020 Virus Files. Ransomware Removal Guide
• [coronavirus@foxmail.com].c-vir Virus Files
• [lockhelp@qq.com].gate Virus Files. How to fix & decrypt data?
• Decrypt [help.crypt@aol.com].lx Files
• decoding@qbmail.biz Virus Removal + Decrypt .ipm Files
• GTF Virus Removal + Decrypt .gtf Files (grandtheftfiles@aol.com)
• Rxx Virus File (back_data@foxmail.com) – How to Remove Ransomware?
• [smithhelp@mail.ee].barak Virus Files. How to Fix?
• dryidik@tutanota.com Virus Removal + Decrypt .plex Files
• .ykup Virus File (Dharma Ransomware) – Remove It
• assonmolly5@gmail.com Virus Removal + Decrypt .8800 Files
• .ncov Virus File (Dharma Ransomware) – Remove It
• Restore [decrypt@qbmail.biz].pay Files
• black@gytmail.com Virus Removal + Decrypt .self Files
• [coronavirus@qq.com].ncov Virus Files. How to Fix?
• Z9 Virus File (help.me24@protonmail.com) – How to Remove It
• [mr.crypteur@protonmail.com].WHY Virus Files. How to Fix?
• R2D2 Virus File (1024back@tuta.io) – Remove ransomware
• CU Virus File ([cyberunion@tuta.io].cu) – How to Remove It
• new2crypt@aol.com Virus Removal + Decrypt “.2new” Files
• Devos Virus File (qq1935@mail.fr) – How to Remove It
• Harma Virus File (writehere@onlinehelp.host) – How to Remove It
• Wrar Virus File (supp37@cock.li) – How to Remove It
• .live Virus File (cryptlive@aol.com) – Remove It
• .NEWS Virus File (notgoodnews@tutanota.com) – How to Remove It
• backinfo@protonmail.com Virus Removal + Decrypt .devos Files
• Restore [help.me24@protonmail.com].z9 Files
• [sumpterzoila@aol.com].harma Virus Files. How to Fix?
• Pdf Virus File (Dharma) – How to Remove It
• RIDIK Virus File – recoverysql@protonmail.com – How to Remove It
• ROGER Virus File (anna.kurtz@protonmail.com) – Remove It
• Harma Virus File (whitwellpark@aol.com) – How to Remove It
• .harma Virus File (MerlinWebster@aol.com Ransomware)
• [manyfiles@aol.com].harma Virus Files
• .roger Virus File (admin@spacedatas.com) – Remove It
• [agent.dmr@protonmail.com].dmr64 Virus Files. How to Fix?
• returnmefiles@aol.com Virus Removal + Decrypt .actor Files
• [asdbtc@aol.com].asd Virus Files. How to Fix?
• ROGER Virus (.ROGER File Ransomware) – DECRYPT & REMOVAL
• Redrum [moncler@cock.li] Virus File (Dharma) – How to Remove It
• Calum Virus File (Dharma) – How to Remove It
• [corebitp@cock.li].bitcore Virus Files. How to Fix?
• imdecrypt@aol.com Virus Removal + Decrypt .imi Files
• admin@stex777.com Virus Removal + Decrypt .money Files
• [1btc@qbmail.biz].bitx Virus Files. How to Fix?
• admin@sectex.net Virus Removal + Decrypt .bot Files
• backdata.company@aol.com Virus Removal + Decrypt .roger Files
• CALUM [keysfordencryption@airmail.cc] virus. How to decrypt .calum files?
• 2048 Virus File (Dharma) – How to Remove It
• [decrypt@files.mn].angus Virus Files. How to Fix?
• teammarcy10@cock.li Virus Removal + Decrypt .kharma Files
• Restore [decrypt2020@aol.com].deuce Files
• Syss Virus File (Dharma) – How to Remove It
• Restore [ninja777@cock.li].ninja Files
• .kr Virus File (Dharma Ransomware) – Remove It
• clifieb@tutanota.com Virus Removal + Decrypt .nvram Files
• rsacrypt@aol.com Virus Removal + Decrypt .rsa Files
• Restore [amandacerny89@aol.com].virus Files
• HARMA File Virus. How To Remove Harma Ransomware?
• .start Virus File (Dharma Ransomware) – Remove It
• .asus Virus File (Dharma Ransomware) – Remove It
• .xda Virus File (Dharma Ransomware) – Remove It
• One Virus File (Dharma) – How to Remove It
• [bitlocker@foxmail.com].wiki Virus Files. How to Fix?
• nmode@tutanota.com Virus Removal + Decrypt .bot Files
• .uta Virus File (Dharma Ransomware) – Remove It
• [b1tc01n@aol.com].oo7 Virus Files. How to Fix?
• [blackmax@tutanota.com].krab Virus Files. How to Fix?
• .money Virus File (Dharma Ransomware) – Remove It
• [cryptocash@aol.com].cash Virus Files. How to Fix?
• checkcheck07@qq.com Virus Removal + Decrypt .adame Files
• Restore [painplain98@protonmail.com].calix Files
• vivaldicrypt@outlook.com Virus Removal + Decrypt .vival Files
• Restore [locksvbox@tutamail.com].vbox Files