Ransomware recovery ,partial success

[bunty]

Hi all
We have got some success in recovery of standard database files. 5 out of 10 were recovered in readable format.
Those who are interested pls. PM.

[kash]

Hi
Is there any possibility to decrypt ONION ransomeware .

[bunty]

Hi What is the affected file types .Currently I can work on limited file types (database) only.
PM for more details.

[MindMergepk]

Hi
Is there any possibility to decrypt ONION ransomeware .

Onion is a Cry128 variant, there is decryptor available for this. see if it works

[northwind]

Onion is a Cry128 variant

I kindly disagree, .onion can be a lot of different Ransomware strains, and one (and most common) of them is Dharma. If it's Dharma it's game over.

[MindMergepk]

its possible,
can OP upload some files to identify the variant.

[bunty]

Hi all
With the help of one of my friend , we have successfully worked on Dharma ransomware. affected files.
As I have previously mentioned we have limited success ( some database files fully recovered)

[MindMergepk]

dharma old variants keys are already released in march 2017:
https://threatpost.com/keys-for-dharma- ... ed/124024/

new variant has no solution as far as i know, I would love to hear if anyone has decrypted new dharma variants.

[northwind]

Dharma .wallet .onion has no way to decrypt.
As far as we've seen, on countless analysis we've done, it has no weaknesses.
And .dharma was "broken" because the dev gave away the master key, not because it was possible to crack.

[RolandJS]

I assume full image backups of OS and Data partitions onto external media has already been done? If/when end-user gets the stuff back, then another set will be made?

[bunty]

As several peoples have mentioned full decryption may not be possible.
However I have got limited success with some file types (database)

[MindMergepk]

question is !
what is the variant you can partially decrypt ?

[bunty]

Bit difficult to answer as there are so many variants , pls .send me your file ,I will give it a try.

[northwind]

Dharma .wallet now decryptable

[MindMergepk]

yes, again master keys released;
https://www.bleepingcomputer.com/news/s ... decryptor/

[MindMergepk]

another variant master key released:
BTCWare Ramsomware

https://www.bleepingcomputer.com/news/s ... available/