Jump to content

PGP virus

Recommended Posts

Hello All,

A customer was infected with a virus encrypting their documents with file extension .pgp requesting they contact openpgp@foxmail.com.pgp  for them to make payments and a decryptor sent to them

Note: all features are enable on the AV -see attached document

Kindly confirm if they is a decryptor or a ways to decrypt encrypted documents 

-See attached for encrypted documents 

Encrypted Data.zip Encrypted Data.pdf ESET CP shots.pdf

Link to comment
Share on other sites

  • Administrators

Files were encrypted by Filecoder.Crysis. Unfortunately decryption is not possible. A typical way how Crysis is used to encrypt files is via RDP when attackers perform a brute-force attack, log into the system, pause or disable the AV and then run the ransomware.

If the user had ESET installed, please email samples[at]eset.com and provide:
- logs collected with ESET Log Collector (ESET must be installed and running)
- a handful of examples of encrypted files
- the ransomware note.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...