ID Ransomware

Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.

Knowing is half the battle!
GI Joe

1 Result

Dharma (.cezar Family)

This ransomware has no known way of decrypting data at this time.

It is recommended to backup your encrypted files, and hope for a solution in the future.

Identified by

  • sample_extension: .id-<id>.[<email>].adobe
  • sample_bytes: [0xEC020 - 0xEC060] 0x00000000020000000CFE7A410000000000000000000000002000000000000000
  • custom_rule: Original filename "putty.exe" after filemarker

Click here for more information about Dharma (.cezar Family)


Would you like to be notified if there is any development regarding this ransomware? Click here.

Ransomware Got Past Your Antivirus?

Emsisoft Anti-Malware * This is an affiliate link, and I receive commission for purchases made. I do honestly recommend Emsisoft and their products even without this affiliation.