Dharma Ransomware Removal Guide

Do you know what Dharma Ransomware is?

We want to inform you about a newly discovered malicious program called Dharma Ransomware. This program was designed to encrypt your personal files with a unique AES encryption algorithm, so you must remove it if you want to use your PC safely. Its developers seek to encrypt your files so that they could try to sell you a decryption key. However, there is no guarantee that you will receive the key after you have paid. The developers of this ransomware are nothing short of cybercriminals, and they have to be held accountable for their actions. Unfortunately, holding them to account is difficult because nothing is known about them. In this short description, we will discuss how this ransomware is distributed, how it works and how you can get rid of it.

Let us begin our analysis by taking a look at how Dharma Ransomware is disseminated. Our cyber security experts have found that it can infect your computer via email. They say that the developers of this ransomware have set up a server dedicated to spamming email boxes of potential victims. The emails can be disguised as CVs, invoices, and so on. The emails feature an attached file that should be a self-extracting file archive. If you open the attached file, then all hell will break loose as this ransomware will be dropped onto your computer secretly. The executable should be dropped in the Downloads folder and execute automatically. The name of the executable is generated randomly.

Once on your computer, it will scan it for files that it can encrypt. Our security experts have tested a sample of this ransomware, and they found that it can encrypt nearly all file formats, but will skip Windows files located in %WINDIR%. It also will not encrypt files of other Microsoft products such as Internet Explorer. Dharma Ransomware uses the AES encryption algorithm which is a very strong. Security researchers have yet to find a vulnerability that they could exploit to create a free decryption key, so as things stand now, you can only get the decryption key by paying the unspecified ransom.Dharma Ransomware Removal GuideDharma Ransomware screenshot
Scroll down for full removal instructions

While encrypting your files Dharma Ransomware will append them with the [e-mail].dharma file extension. You will not be able to decrypt the files by deleting this extension, and it serves as more of an indication that the files have been encrypted. Once the encryption process is complete, it will generate a file named Hallo our dear friend.txt and place it on the desktop. It will also change the desktop wallpaper. Both the image files and Hallo our dear friend.txt are ransom notes that ask you to contact lavandos@dr.com or lavandos@india.com if you do not get a reply from the first email within 24 hours. You will receive the rest of the instructions on how to pay the ransom. The sum to be paid is not specified, and our malware researchers say that it should vary with each case.

That is all of the information we have for you at the moment. However, it is enough to make it clear that this ransomware is very dangerous because it can encrypt your files with a unique encryption algorithm that currently cannot be decrypted. Researchers say that it does not copy itself anywhere so all you have to do is locate its executable and delete it. You can also an antimalware tool such as SpyHunter to remove it for you if you experience any difficulties.

Removal Guide

  1. Go to the Downloads folder.
  2. Locate Dharma Ransomware.
  3. Right-click it and click Delete.
  4. Empty the Recycle Bin.

In non-techie terms:

Dharma Ransomware is a typical ransomware-type infection that was designed to encrypt your personal files and then demand that you pay a ransom for the decryption tool to get them back. However, there is no guarantee that you will get this tool and we recommend that you remove it because of that. You can delete it manually but if you have any trouble, we suggest using an antimalware program.