ESET releases free decryptor for Crysis ransomware

enzozo-623x410.jpg

Update (March 2nd, 2017): Decryption tool for Crysis ransomware updated for new version

Today, ESET has released updated version of its free decryptor for victims of Crysis ransomware, adding new variant of the infamous ransomware – .dharma – to its list. The current update of ESET’s decrypting tool now can help victims of six variants of Crysis ransomware family with following extensions: .xtbl, .crysis, .crypt, .lock, .crypted, and .dharma.

If you have been a victim of Crysis ransomware, you can find and download the free ESET Crysis decryptor from our free utilities page. If you need additional information on how to use the tool, please refer to ESET Knowledgebase.

ESET has prepared a free decryptor for ransomware victims, offering a helping hand to anyone whose data or devices have been hit by the Crysis family (detected by ESET as Win32/Filecoder.Crysis). The tool was prepared using the master decryption keys, recently released via a forum at BleepingComputer.com.

The Crysis malware family began gaining prominence after one of its main “competitors”, TeslaCrypt, ceased operations earlier this year. Spreading via multiple channels, it has been detected by our systems thousands of times all over the globe.

If you have been a victim of Crysis ransomware, you can find and download the ESET Crysis decryptor from our free utilities page. If you need additional information on how to use the tool, please refer to ESET Knowledgebase.

Note: New variants of this ransomware family may use new keys, making the affected files un-decryptable.

What is Crysis?

Crysis is a Filecoder-type malicious code whose purpose, as its name suggests, is to encrypt information and request the payment of a ransom in exchange for the return of said information. Crysis uses RSA and AES encryption with long encryption keys, which makes the recovery of processed files almost impossible.

This family of malware gained popularity after TeslaCrypt, another ransomware that also spread widely while it was active (it ceased its operations early this year upon the launch of a tool to revert it).

Top 10 most affected countries by Crysis

Crysis spreads via multiple vectors, ranging from emails to ads in social networks.

The growth in the number of worldwide detections started at the end of May. To date, ESET solutions have detected variants of this malware family in 123 countries, although almost 60% is concentrated in only 10 countries:

Top-10-countries_Crysis.png

One of the threats that has had a significant impact and infected a considerable number of users worldwide was the family detected by ESET solutions as Win32/Filecoder.Crysis. However, and luckily, ESET has developed a free tool to decrypt files and recover the information that might have been compromised.

For full technical details, see the article on ESET’s We Live Security blog.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s