March 03, 2017

Out of the blue, someone posted in the forums the supposed master decryption keys for the Dharma Ransomware. This post was created at 1:42 PM EST by a member named gektar in the Dharma Ransomware Support Topic and contained a Pastebin link to a C header file that supposedly contains these master decryption keys.

master keys post                                                    post about Dharma Keys being Released

If these keys are the valid then anyone who was previously infected by Dharma will be able to get their files back for free. At this point, it is not known whether the released keys are actually valid. They have been provided to Kaspersky who is examining them, and if they are valid, will release a decryptor.

With that said, there is a good chance that the keys are valid. This is because the keys for Crysis, on which Dharma is based, were released in the same manner on our forums in the past. Using these keys Kaspersky was able to update their ransomware decryptor to help Crysis victims for free.

As for the poster, it is not known why they released the keys and whether or not they are affiliated with the ransomware.

key dump                                                                            Header file posted to Pastebin

When Kaspersky verifies if the keys are valid, we will be sure to post an article on how to use their decryptor to get victim's files back for free.

News Courtesy :