Decryption Tools for Dharma Ransomware Variants are Now Available

[Bot]

Decryption keys for the Dharma ransomware have been dumped online in a move that will hopefully help out all those that have been infected by it and whose files are still locked up.

Well, yesterday, a user named gektar posted a link to a Pastebin note on the technical support forum of BleepingComputer.com. There, he claims, were all the decryption keys for the Dharma variants.

It's unclear just who this person is or why he'd do such a thing, or even how he got his hands on the keys, but there are clues indicating that he had access to the Dharma source code.

Regardless of who this is or what his purpose is, the keys are real, and that's what really matters.

Read more: Decryption Tools for Dharma Ransomware Variants are Now Available

 

[Winter Soldier]

It's unclear just who this person is or why he'd do such a thing, or even how he got his hands on the keys, but there are clues indicating that he had access to the Dharma source code.

If this person had access to the source code...well, probably he wrote the code.

I don't know the programming language of this malware but:as far as I know the executables compiled in C/C++ cannot be disassembled (because they are compiled and not assembled), the only way is Reverse Engineering, to see how the program behaves with the machine language (Ollydbg adds comments in Assembly to the Hex code).

An application can be written in any language. If this is a native language, you can go back to the Assembly code, disassembling it, but you can't get the real source code written in the original language.
If it is a interpreted or semi-interpreted language as.NET, AutoIT, Java, etc then you can also reconstruct the source code but if there is a protection (packer, protector, etc) you must also remove that before you can get the code of the program.
Really not easy....