{
	"id": "4f27014a-a898-4601-b880-eb480d154397",
	"created_at": "2026-04-06T00:12:12.704977Z",
	"updated_at": "2026-04-10T03:21:00.089755Z",
	"deleted_at": null,
	"sha1_hash": "d995754f5254d49f60e29f03941d031224ffd640",
	"title": "If it sounds too good to be true, it most likely is: Nobody can decrypt the Dharma ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 36038,
	"plain_text": "If it sounds too good to be true, it most likely is: Nobody can\r\ndecrypt the Dharma ransomware\r\nBy Gareth Corfield\r\nPublished: 2019-11-11 · Archived: 2026-04-02 11:31:17 UTC\r\nA data recovery company is dubiously claiming it has cracked decryption of Dharma ransomware – despite there\r\nbeing no known method of unscrambling its files.\r\nInfosec researcher Brett Callow of Emsisoft had a little fun trying to replicate Emsisoft's exposure of ransomware\r\nmiddleman company Red Mosquito Data Recovery earlier this year, now he has turned his attention in another\r\ndirection.\r\nAustralian biz Fast Data Recovery boasted that it is capable of decrypting Dharma, which data recovery biz\r\nCoveware's chief exec Bill Siegel described as implying \"they have tools and computing power beyond that of the\r\nNSA\".\r\n\"If this was the case, they would sell their technology for millions, if not billions, rather than using it to help small\r\nbusinesses,\" he added.\r\nCallow posed as a customer (having borrowed his wife's business email address, with her consent) while\r\ncontacting Fast Data Recovery, asking if the firm could decrypt encrypted files that mentioned the word Dharma.\r\nWhat Callow had done was encrypt the files himself.\r\nHe got back a standard auto-reply email:\r\nThat was followed up with an offer to carry out a \"server prevention and network security audit\" at AU$750 per\r\nserver and $120 per PC – with a discount to $70 if one had more than 10 PCs.\r\nMichael Gillespie, creator of ID Ransomware, opined: \"There is no way to 'reverse engineer the ransomware\r\ndecryption key' for Dharma. The encryption is perfectly implemented, and it's simply not possible. The only way\r\nto recover files encrypted by Dharma is with the ransomware dev's key. Any company which claims it can recover\r\nfiles by other means is almost certainly just paying the ransom.\"\r\nWhen Emsisoft's Callow didn't reply to the quote, Fast Data Recovery tried again:\r\nAt this point, Callow broke off contact with the firm, but the case smells similar to other companies claiming to be\r\nable to decrypt ransomware when all they do is act as a middleman, taking money on the pretence of \"decrypting\"\r\nransomware, then paying the ransom and in turn banking a margin for doing so.\r\nThe most outrageous case aside from Red Mosquito (as mentioned above) was Dr Shifro, a Russian firm that also\r\nclaimed to be able to decrypt Dharma. This turned out to be one Belarusian man who had made around £300,000\r\nfrom taking Bitcoin payments while negotiating with ransomware authors.\r\nhttps://www.theregister.com/2019/11/11/dharma_decryption_promises_data_recovery/\r\nPage 1 of 2\n\nEmsisoft's CTO, Fabian Wosar, concluded: \"Since emerging in 2016, Dharma has been reverse engineered to\r\ndeath by the entire malware research community. If a flaw existed that enabled the encryption to be broken, it\r\nwould almost certainly have been discovered a long time ago. To break Dharma within any of our lifetimes\r\nwithout having discovered a flaw would require access to a quantum computer that is capable of running Shor's\r\nalgorithm. The highest number ever factorized using said algorithm and quantum computers is 21, which is just\r\nshort of the 307 digits that would be required to break Dharma.\"\r\nSometimes, these types of services really are too good to be true.\r\nFast Data Recovery has been asked for comment. ®\r\nSource: https://www.theregister.com/2019/11/11/dharma_decryption_promises_data_recovery/\r\nhttps://www.theregister.com/2019/11/11/dharma_decryption_promises_data_recovery/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.theregister.com/2019/11/11/dharma_decryption_promises_data_recovery/"
	],
	"report_names": [
		"dharma_decryption_promises_data_recovery"
	],
	"threat_actors": [],
	"ts_created_at": 1775434332,
	"ts_updated_at": 1775791260,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d995754f5254d49f60e29f03941d031224ffd640.pdf",
		"text": "https://archive.orkl.eu/d995754f5254d49f60e29f03941d031224ffd640.txt",
		"img": "https://archive.orkl.eu/d995754f5254d49f60e29f03941d031224ffd640.jpg"
	}
}