.ADOBE File Extension
File TypeDharma Ransomware Encrypted File
What is an ADOBE file?
Dharma ransomware renames standard files, such as .MP4, .DOCX, and .PDF files with a ".ADOBE" extension. The files are encrypted with AES and RSA ciphers so it is not possible to open the files by simply changing the file extension.
The purpose of ransomware is to take your files hostage and force you to pay the perpetrator, often through bitcoin, to unlock your files. It may be introduced to your computer through an executable file disguised as another type of file. This may be an email attachment, a file downloaded from a website, or a file included in a software installer.
Once the executable file is run, it begins scrambling your files, renaming them with the .adobe extension, and encrypting them. The virus then generates a .TXT ransom note (FILES ENCRYPTED.txt or _openme.txt) informing you of the takeover and what you need to do to recover your files.
The virus renames your files using the following naming convention:
For example, if you have a sample.pdf file it may become sample.pdf.id-HDNFH438.[firstname.lastname@example.org].adobe.
ADOBE files became prevalent in late 2018 and early 2019 and are similar to .LOCKY and .WALLET files. Currently, there is no program available to effectively restore your files. If you have a recent backup of your files, you can perform a system restore.