Dharma/Crysis Ransomware File Decryption Scams on the Rise

Last updated July 6, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

The Dharma/Crysis ransomware strain has caused a lot of trouble since it was first launched in 2016, and it remains an unsolvable threat. Researchers estimate the victim count to be about 23150, who have no way to unlock their AES-256 encrypted files when things go wrong. This “service gap” has created an opportunity for malicious actors and entities, who are promising data recovery to Dharma victims, claiming that they have cracked the decryption of the strain. As experts point out, all of these claims are false, and people should disregard any offerings of this type without second thoughts.

These “Data Recovery” firms that promise to help you get back your original files after a Dharma attack are basically claiming that they have cracked encryption methods that would require humongous computing power. If they did have such capabilities in their hands, they would prefer to sell this technology for millions. Instead, they are asking for $350 from the ransomware victim or $175 for an evaluation of the infection. What these actors are doing with the money is to actually contact the ransomware actor, pay the ransom, and then have the files unlocked. In about 88% of the cases, the actor provides the decryptor for Dharma after the payment of the ransom. As the actors are asking for much less than $350, whatever is left goes into the scammers’ pockets.

While there have been other ransomware strains that were unlocked even though they used a robust encryption algorithm, the case of Dharma is different. What makes it unbreakable is that it comes with no flaws or vulnerabilities, so the researchers don’t have a way to unlock it. The entire malware community has reverse-engineered it to great extents since 2016, and no flaws were found by anyone, ever. It seems that the only way to unlock it would be to use a quantum computer and run Shor’s algorithm on it. Emsisoft’s expert, Michael Gillespie, stated: “There is no way to 'reverse engineer the ransomware decryption key for Dharma. The encryption is perfectly implemented, and it's simply not possible.”

All that said, if you have been infected by the Dharma strain, forget about data recovery services. If you are ready to pay someone, pay the actors directly. It will be cheaper, and it will come with the same chances of failure (about 12%). Obviously, you shouldn't hold your breath for the release of a Dharma decryptor either. The closest we’ve gotten to factorized digits using quantum computers running Shor’s algorithm is 21, while the requirement to unlock Dharma is 328 digits. Unless something really ground-breaking takes place soon, we’re many years, even decades away from unlocking Dharma.

Have something to comment on the above? Let us know of your opinion in the comments down below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: