What is Java NotDharma ransomware? And how does it carry out its attack?
Java NotDharma ransomware is a new crypto-malware discovered mid-April 2018. It got its name due to some of its traits that are similar to the infamous Dharma ransomware though it their relation is not confirmed yet. And besides, it adds the .java extension to the files it encrypts which is why it is named Java NotDharma ransomware by security analysts in the first place.
At the time of writing, the original file used to distribute Java NotDharma ransomware is still unknown. However, as soon as it is rooted in the system, the crypto-malware will start to look for certain file types to encrypt such as:
.PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG .CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG
Java NotDharma ransomware appends the .java extension it the files it has encrypted. After the encryption, it will drop a ransom note named “Decrypt Instructions.txt” that contains a brief and short message:
“All of your files are encrypted, to decrypt them write us to email: [email protected]”
Victims are asked to contact the given email address ([email protected]) in the ransom note. Usually, cyber crooks demand a ransom to be paid in digital currency such as Bitcoins, Monero, and other digital currency. Once the ransom payment is sent, cyber crooks are supposed to give the decryptor to the victims. However, do not ever make this mistake as more often than not, ransomware victims are ignored by crooks after they get what they want. The best thing you could do is to eliminate the ransomware first and then try out alternative ways to recover your encrypted files.
How is Java NotDharma ransomware disseminated over the web?
Cybercrooks behind Java NotDharma ransomware relies on spam emails in distributing the malicious payload of this cryptovirus. Crooks tend to disguise the malware-laden emails to trick users into opening them and downloading the corrupted attachment. So you have to be careful in downloading email attachments no matter who they came from.
Use the given removal instructions below to eliminate Java NotDharma ransomware from your computer.
Step 1: Open the Task Manager simply by tapping Ctrl + Shift + Esc keys on your keyboard.
Step 2: Under the Task Manager, go to the Processes tab and look for any suspicious-looking process which takes up most of your CPU’s resources and is most likely related to Java NotDharma ransomware.
Step 3: After that, close the Task Manager.
Step 4: Tap Win + R, type in appwiz.cpl and click OK or tap Enter to open Control Panel’s list of installed programs.
Step 5: Under the list of installed programs, look for Java NotDharma ransomware or anything similar and then uninstall it.
Step 6: Next, close Control Panel and tap Win + E keys to launch File Explorer.
Step 7: Go to the directories listed below and look for any malicious components like Decrypt Instructions.txt created by Java NotDharma ransomware and delete them right away.
- %TEMP%
- %APPDATA%\Microsoft\Windows\Templates\
- %USERPROFILE%\Downloads
- %USERPROFILE%\Desktop
Step 8: Close the File Explorer.
Before you proceed to the next steps below, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use [product-name], this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then, by all means, go on to the next steps.
Step 9: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.
Step 10: Navigate to the following path:
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HKCU\SOFTWARE
- HKCU\SOFTWARE\WOW6432Node
Step 11: Delete the registry keys and sub-keys created by Java NotDharma ransomware.
Step 12: Close the Registry Editor and empty the Recycle Bin.
Following the removal guide above isn’t enough to ensure the removal of Java NotDharma ransomware – you have to refer to the following advanced steps to complete the removal of Java NotDharma ransomware.
Perform a full system scan using [product-code]. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the SafeMode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in the URL address, [product-url] in the Run dialog box and then tap Enter or click OK.
- After that, it will download the program. Wait for the download to finish and then open the launcher to install the program.
- Once the installation process is completed, run [product-code] to perform a full system scan.
- After the scan is completed click the “Fix, Clean & Optimize Now”button.
