Java NotDharma Ransomware

Java NotDharma Ransomware Description

The Java NotDharma Ransomware is an encryption ransomware Trojan. The name Java NotDharma Ransomware was applied to this threat by PC security researchers as a temporary moniker while new versions of the Java NotDharma Ransomware are released. The Java NotDharma Ransomware is characterized by the way it identifies the files it corrupts in its attack, which will be marked with the file extension '.java,' added to the end of the affected files' names. The Java NotDharma Ransomware was first observed in early April of 2018, and the Java NotDharma Ransomware seems to carry out a ransomware Trojan attack similar to many ransomware Trojans being used to target small businesses and Web servers currently. The Java NotDharma Ransomware may be delivered through the use of corrupted spam email attachments and by taking advantage of unsecured RDP connections.

How the Java NotDharma Ransomware Attack Works

The Java NotDharma Ransomware will remove various Windows backup methods that could be used to restore the lost files, such as the Shadow Volume copies and the System Restore copies, as well as some backup methods used by commonly used backup clients. PC researchers suspected that the Java NotDharma Ransomware was a variant in a large family of ransomware known as Dharma initially, although it has been confirmed that the Java NotDharma Ransomware doesn't belong to this threat family. The Java NotDharma Ransomware will target a wide variety of user-generated files in its attack, which may encompass files with the following file extensions:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Java NotDharma Ransomware marks the files it encrypts with the file extension '.java,' and these files will no longer be readable without the decryption key (which the con artists hold in their possession).

The Java NotDharma Ransomware's Ransom Demands

The Java NotDharma Ransomware delivers a ransom note in the form of an HTA file named 'Info.hta' and a text file named 'Decrypt Instructions.txt,' both dropped on the infected computer's desktop after the encryption is complete. The victims will be asked to contact the cybercrooks at an email account associated with the Java NotDharma Ransomware and pay for a decryption program that would allow them to restore their files.The Java NotDharma Ransomware has been associated with a variety of email contact addresses, including the following:

biglocker@airmail.cc
ffgghtdfg@cock.li
gettkey@qq.com
xtrachance@qq.com

It is mandatory to take steps to ensure that your data is safe from threats like the Java NotDharma Ransomware. There are several ways you can do this. The first, and most important, is to have file backups. The Java NotDharma Ransomware infection itself can be removed with the help of a security product that is fully up-to-date. However, this will not restore the files corrupted by the attack. Its restoration requires the decryption key, which the con artists hold in their possession. This is why dealing with threats like the Java NotDharma Ransomware requires that computer users have backup copies or alternate means of restoring their files. In fact, this is the single best way to stop the proliferation of threats like the Java NotDharma Ransomware, since having file backups computer users can remove completely any power the con artists can have over their victims when carrying out these kinds of attacks.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.