Update (March 2nd, 2017): Decryption tool for Crysis ransomware updated for new version
Today, ESET has released updated version of its free decryptor for victims of Crysis ransomware, adding new variant of the infamous ransomware – .dharma – to its list. The current update of ESET’s decrypting tool now can help victims of six variants of Crysis ransomware family with following extensions: .xtbl, .crysis, .crypt, .lock, .crypted, and .dharma.
If you have been a victim of Crysis ransomware, you can find and download the free ESET Crysis decryptor from our free utilities page. If you need additional information on how to use the tool, please refer to ESET Knowledgebase.
ESET has prepared a free decryptor for ransomware victims, offering a helping hand to anyone whose data or devices have been hit by the Crysis family (detected by ESET as Win32/Filecoder.Crysis). The tool was prepared using the master decryption keys, recently released via a forum at BleepingComputer.com.
The Crysis malware family began gaining prominence after one of its main “competitors”, TeslaCrypt, ceased operations earlier this year. Spreading via multiple channels, it has been detected by our systems thousands of times all over the globe.
If you have been a victim of Crysis ransomware, you can find and download the ESET Crysis decryptor from our free utilities page. If you need additional information on how to use the tool, please refer to ESET Knowledgebase.
Note: New variants of this ransomware family may use new keys, making the affected files un-decryptable.
What is Crysis?
Crysis is a Filecoder-type malicious code whose purpose, as its name suggests, is to encrypt information and request the payment of a ransom in exchange for the return of said information. Crysis uses RSA and AES encryption with long encryption keys, which makes the recovery of processed files almost impossible.
This family of malware gained popularity after TeslaCrypt, another ransomware that also spread widely while it was active (it ceased its operations early this year upon the launch of a tool to revert it).
Top 10 most affected countries by Crysis
Crysis spreads via multiple vectors, ranging from emails to ads in social networks.
The growth in the number of worldwide detections started at the end of May. To date, ESET solutions have detected variants of this malware family in 123 countries, although almost 60% is concentrated in only 10 countries:
One of the threats that has had a significant impact and infected a considerable number of users worldwide was the family detected by ESET solutions as Win32/Filecoder.Crysis. However, and luckily, ESET has developed a free tool to decrypt files and recover the information that might have been compromised.
For full technical details, see the article on ESET’s We Live Security blog.