Dkey ransomware is file-encrypting malware that belongs to the Dharma ransomware family. The point of this infection is to encrypt users’ files and sell a decryptor to victims who do not have backups. Encrypted files can be recognized by an extension added to them. The extension includes users’ unique IDs, and a contact email address, and ends in .dkey. Unfortunately, once files have been encrypted, they will not be openable unless users first use a decryptor on them. But getting the decryptor will not be easy because only the malware operators have it.


Dkey ransomware ransom note



Dkey ransomware targets all personal files, including photos, videos, images, documents, etc. Encrypted files are immediately recognizable because of the extension that is added to them. The extension contains users’ assigned IDs, and a contact email address, as well as .dkey. For example, image.jpg would become image.jpg.unique ID.[].dkey.

When files are fully encrypted, the ransomware shows a pop-up ransom note, as well as drops a FILES ENCRYPTED.txt text note. Both notes contain very little information and request that victims send an email to with their assigned ID. The malware operators would presumably send back instructions, as well as the price for the decryptor. While it’s not mentioned in the note, it’s likely safe to assume that the decryptor would cost around $1000 because that’s the usual price. Whatever it may be, it’s not recommended to pay because it does not guarantee a decryptor. Users should keep in mind that they are dealing with cybercriminals, and they don’t operate like legitimate businesses. There’s nothing stopping them from simply taking users’ money and not sending anything in return. This has happened to many victims in the past, unfortunately. Furthermore, it’s worth mentioning that users’ ransom money would go toward future criminal activities. And the reason ransomware is still such a big thing is that victims keep paying the ransom. As long as they continue doing that, ransomware will continue to thrive.

For users who have no backup, file recovery options are very limited. The only option is to wait for a free Dkey ransomware decryptor to be released. It’s not currently available but it’s not impossible that it would be released in the future. So users are recommended to back up their files and occasionally check for a Dkey ransomware decryptor.

Ransomware distribution methods

Most malware is distributed via the same methods. Those methods include email attachments, torrents, downloads from unsafe sources, etc. Users who have bad browsing habits are much more likely to infect their computers with malware. Developing better habits can go a long way toward avoiding malware infections.

Email attachments are a very common malware distribution method. Malicious actors buy email addresses from hacker forums, attach malicious files to emails, and send them. When users open the attachments, they infect their computers. It’s a pretty low-effort method, which is why it’s quite popular among malicious actors. Fortunately for users, such emails are usually quite obvious. First of all, they are full of grammar/spelling mistakes. Senders usually claim to be from legitimate companies so the mistakes seem very out of place. Legitimate emails from companies will rarely contain mistakes because they look very unprofessional.

Malicious emails are usually sent from random-looking email addresses, which is another giveaway. Users should always first check the email address before interacting with an email that asks them to click on a link or open an attachment. If it looks completely random, it’s likely a malicious email. But even if it looks legitimate, it’s still recommended to research it to see whether it belongs to whomever the sender claims to be.

How an email addresses users can also tell a lot about it. When emailing customers, legitimate companies will usually address users by name. It’s a common tactic used by companies to make an email seem more personal. But because cybercriminals usually do not have users’ personal information, they are forced to use generic words like “User”, “Member”, “Customer”, etc., when addressing users.

Some malicious emails may be much more sophisticated, especially if cybercriminals are targeting someone specific and have information about them. Such an email would have correct grammar and no spelling mistakes, address users by name, and have bits of information that would make the whole thing seem much more credible. To avoid opening malicious files, it’s highly recommended to scan all email attachments with anti-virus software or VirusTotal before opening them.

Users can also infect their computers with all kinds of malware by downloading from unsafe sources. Malware is lurking on every corner of the Internet, which is why downloads should be done only from official/verified sources.

Lastly, malware is often spread via torrents. Malicious actors upload torrents with malware in them onto poorly-moderated torrent websites. It’s usually torrents for entertainment content that have malware in them. More specifically, torrents for movies, TV series, and video games. Not only is torrenting copyrighted content essentially stealing but it’s also dangerous for the computer.

Dkey ransomware removal

Ransomware is considered to be one of the more serious malware infections. Unless users know exactly what to do, it’s not a good idea to try to remove Dkey ransomware manually. It could result in even more damage to the computer. Considering it’s a sophisticated malware infection, its removal should be left to a professional tool.

If users have a backup, they can start recovering files as soon as the anti-virus software fully removes Dkey ransomware from the computer. If the ransomware was still present when users connect to their backup, the backed-up files would become encrypted as well.

If there’s no backup, there’s nothing users can do besides waiting for a free Dkey ransomware decryptor to be released. When, or even if, that will happen is not certain. If it does get released, users will find it on NoMoreRansom.

Dkey ransomware is detected as:

  • Win32:RansomX-gen [Ransom] by AVG/Avast
  • Trojan.Ransom.Crysis.E by Bitdefender
  • Trojan.Ransom.Crysis.E (B) by Emsisoft
  • A Variant Of Win32/Filecoder.Crysis.P by ESET
  • Ransom.Crysis by Malwarebytes
  • Ransom.Win32.CRYSIS.SM by TrendMicro
  • Ransom:Win32/Wadhrama!hoa by Microsoft
  • Ransom-Dharma!C8436825A054 by McAfee
  • by Kaspersky

Dkey ransomware detections



Quick Menu

Step 1. Delete Dkey ransomware using Safe Mode with Networking.

Remove Dkey ransomware from Windows 7/Windows Vista/Windows XP
  1. Click on Start and select Shutdown.
  2. Choose Restart and click OK. Windows 7 - restart
  3. Start tapping F8 when your PC starts loading.
  4. Under Advanced Boot Options, choose Safe Mode with Networking. Remove Dkey ransomware - boot options
  5. Open your browser and download the anti-malware utility.
  6. Use the utility to remove Dkey ransomware
Remove Dkey ransomware from Windows 8/Windows 10
  1. On the Windows login screen, press the Power button.
  2. Tap and hold Shift and select Restart. Windows 10 - restart
  3. Go to Troubleshoot → Advanced options → Start Settings.
  4. Choose Enable Safe Mode or Safe Mode with Networking under Startup Settings. Win 10 Boot Options
  5. Click Restart.
  6. Open your web browser and download the malware remover.
  7. Use the software to delete Dkey ransomware

Step 2. Restore Your Files using System Restore

Delete Dkey ransomware from Windows 7/Windows Vista/Windows XP
  1. Click Start and choose Shutdown.
  2. Select Restart and OK Windows 7 - restart
  3. When your PC starts loading, press F8 repeatedly to open Advanced Boot Options
  4. Choose Command Prompt from the list. Windows boot menu - command prompt
  5. Type in cd restore and tap Enter. Uninstall Dkey ransomware - command prompt restore
  6. Type in rstrui.exe and press Enter. Delete Dkey ransomware - command prompt restore execute
  7. Click Next in the new window and select the restore point prior to the infection. Dkey ransomware - restore point
  8. Click Next again and click Yes to begin the system restore. Dkey ransomware removal - restore message
Delete Dkey ransomware from Windows 8/Windows 10
  1. Click the Power button on the Windows login screen.
  2. Press and hold Shift and click Restart. Windows 10 - restart
  3. Choose Troubleshoot and go to Advanced options.
  4. Select Command Prompt and click Restart. Win 10 command prompt
  5. In Command Prompt, input cd restore and tap Enter. Uninstall Dkey ransomware - command prompt restore
  6. Type in rstrui.exe and tap Enter again. Delete Dkey ransomware - command prompt restore execute
  7. Click Next in the new System Restore window. Get rid of Dkey ransomware - restore init
  8. Choose the restore point prior to the infection. Dkey ransomware - restore point
  9. Click Next and then click Yes to restore your system. Dkey ransomware removal - restore message


More information about WiperSoft and Uninstall Instructions. Please review WiperSoft EULA and Privacy Policy. WiperSoft scanner is free. If it detects a malware, purchase its full version to remove it.

  • wipersoft

    WiperSoft Review Details WiperSoft ( is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

  • mackeeper

    Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

  • malwarebytes-logo2

    While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...


Site Disclaimer is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply