How to Remove .java (Crysis) Ransomware and Recover Your Files

28 August 2018 | 13:53 Code : 6157 IT News
If your files have been encrypted, and .id-[your-id].[contact-email].java extension has been added to them, that was the work of the newest variant of Crysis (Dharma) ransomware.

What is Java ransomware

That ransomware takes advantage of unsecure RDP setups (a weak password usually) to enter the machine and encrypt all files that might be of any importance to the user/company (by targeting certain file types). Crysis ransmware uses strong encryption method, and so far security researches weren’t able to find vulnerabilities that would allow them to create a decrypter. However, two first versions of Crysis ransomware – .crysis and .dharma – had their master decryption keys anonymously posted on computer security forums, making it possible for antivirus vendors to create decryption tools. Of course, these tools will only work on files encrypted by those two ransomware variants, and won’t work on .java files. At the time of writing no free decrypter for .java ransomware exists, however you can use some other methods of recovering encrypted files.

How to Remove Java Ransomware

If you have working backups of your encrypted files or you are not going to try and recover lost files, then scan your computer with one or several antivirus and anti-malware programs or reinstall the operating system altogether.

How to Recover Files Encrypted by Java Ransomware

If you want to recover files encrypted by ransomware you can either try to decrypt them or use methods of file recovery.
Ways to decrypt the files:

  1. Contact the ransomware authors, pay the ransom and possibly get the decryptor from them. This is not reliable: they might not send you the decryptor at all, or it might be poorly done and fail to decrypt your files.
  2. Wait for security researchers to find some vulnerability in the ransomware that would allow you to decrypt files without paying. This turn of events is possible but not very probable: out of thousands of known ransomware variants only dozens were found to be decryptable for free. You can visit NoMoreRansom site from time to time to see if free decryptor for Java version of Crysis exists.
  3. Use paid services for decryption. For example, antivirus vendor Dr. Web offers its own decryption services. They are free for users of Dr.Web Security Space and some other Dr. Web’s products if Dr. Web have been installed and running at the time of encryption (more detail). For users of other antiviruses the decryption, if it’s deemed possible, will cost €150. According to Dr. Web’s statistics, the probability of them being able to restore files is roughly 10%.

( 1 )

Your Comment :