Computer users who have been affected by the Dharma ransomware and have held onto their encrypted files can now restore them for free. Researchers have created decryption tools for this ransomware strain after someone recently leaked the decryption keys.

Dharma first appeared in November and is based on an older ransomware program known as Crysis. It’s easy to recognize files affected by it because they will have the extension: .[email_address].dharma, where the email address is the one used by the attacker as a point of contact.

On Wednesday, a user named gektar published a link to a Pastebin post on the BleepingComputer.com technical support forum. The post, he claimed, contained the decryption keys for all Dharma variants.

Interestingly, the exact same thing happened back in November with the keys for Crysis, Dharma’s predecessor, allowing researchers to create decryption tools for it.

and — to work for Dharma affected files, too.

This should serve as a reminder to ransomware victims to keep a copy of their affected files, even if they decide not to give into attackers’ ransom demands. Researchers sometimes find flaws in the encryption implementations of ransomware programs that allow them to break the encryption keys. Other times law enforcement authorities seize command-and-control servers used by ransomware gangs and release the decryption keys.

regularly. The website is maintained by a coalition of security companies and law enforcement agencies and is frequently updated with new information and decryption tools.