I know someone with no backups who recently had his entire computer
encrypted with the .arrow variant of Dharma (.cezar Family). (BTW, this
isn't me.)
There is apparently no way to decrypt without paying the ransom or
recovering deleted files.
So two questions:
1)Does anyone know if the ransomware encryption encrypts the file to a
new file, then deletes the old one (giving me the possibility of deleted
file recovery)? If so, what software is recommend for an Windows NTFS
system (so far, Recuva and R-Studio have found squat).
2)If he decides to pay the ransom and take his chances, what are legit
sites to purchase bitcoin (never done that before)?
T
- [H] Ransomware, File Recovery, Bitcoin, Oh My! Thane K. Sherrington
-
