Dharma (.Cezar) ransomware

My client was got by this ransomware. How can I decrypt the files ?
Jose BredariolPMPAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSenior Systems AdminCommented:
https://id-ransomware.malwarehunterteam.com/ has a good tool to use for identifying the ransomware variant and determining what is available to break the encryption. There may not be a way to decrypt the files without paying the ransom (Avoid paying at all risks...It encourages the spread of ransomware). If the client has a good backup, restore that.
Dariusz TykaICT Infrastructure Specialist Senior Commented:
There is decryptol tool from Rakhni. More info:
https://www.nomoreransom.org/en/decryption-tools.html
Direct download link: http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.zip

You need to check if it works for you.
btanExec ConsultantCommented:
Can try to use idransomware to confirm the type and see if there are tools available.
https://id-ransomware.malwarehunterteam.com
Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.

In the past it is named Crysis ransomware which has a decryptor
but it is likely not going to work for this variant. A full list of decryptor.
https://www.avast.com/ransomware-decryption-tools

Backup data to be recovered is your last resort and likely approach. I strongly discourage paying the ransomware.
CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

Jose BredariolPMPAuthor Commented:
I´ve tried with rakhni, but no result. The ransom is Dharma (.Cezar).
Any other tool ?
btanExec ConsultantCommented:
Afraid not. Backup those encrypted files on view someone releases any tool in future. Rebuild system, recover from backup data and move on..

There are variants that has extension supposedly is .Cesar instead.
https://www.bleepingcomputer.com/forums/t/654592/ransomware-with-cesar-extension/

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jose BredariolPMPAuthor Commented:
Thanks all.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Ransomware

From novice to tech pro — start learning today.