Eris Ransomware
Virustotal
This is a new ransomware. Sample is allowed to run in a sandboxed environment. Encryption is fast as it encrypted almost all of my documents in drive C: in under a minute the sample was running.
Removal is easy, just do a full scan with an updated antivirus/antimalware (refer to virustotal.com for list of programs that can detect Eris ransomware).
Decryption is another story. Although I've seen may sites with instructions on how to decrypt Eris, I doubt if any of them really works.
 |
| Ransomware Readme |
 |
| Documents encrypted by Eris Ransomware |
 |
| Original document filesize is reduced to zero byte after encryption |
 |
| Encrypted document |
Notes:
- Ransomware sample is detected by Kaspersky Security Cloud. Sample was tested with AV disabled
- AppCheck wasn't able to detect the encryption
- After the test, Recuva failed to recover any encrypted documents
Ok, abother one. Still non-decryptable?
ReplyDeleteMayber, there's another way of ransomware data recovery ?