mayowa 1 Posted July 16, 2020 Posted July 16, 2020 Hello All, A customer was infected with a virus encrypting their documents with file extension .pgp requesting they contact openpgp@foxmail.com.pgp for them to make payments and a decryptor sent to them Note: all features are enable on the AV -see attached document Kindly confirm if they is a decryptor or a ways to decrypt encrypted documents -See attached for encrypted documents Encrypted Data.zip Encrypted Data.pdf ESET CP shots.pdf
Administrators Marcos 5,461 Posted July 16, 2020 Administrators Posted July 16, 2020 Files were encrypted by Filecoder.Crysis. Unfortunately decryption is not possible. A typical way how Crysis is used to encrypt files is via RDP when attackers perform a brute-force attack, log into the system, pause or disable the AV and then run the ransomware. If the user had ESET installed, please email samples[at]eset.com and provide: - logs collected with ESET Log Collector (ESET must be installed and running) - a handful of examples of encrypted files - the ransomware note.
Recommended Posts