Jump to content

Recommended Posts

Hello All,

A customer was infected with a virus encrypting their documents with file extension .pgp requesting they contact openpgp@foxmail.com.pgp  for them to make payments and a decryptor sent to them

Note: all features are enable on the AV -see attached document

Kindly confirm if they is a decryptor or a ways to decrypt encrypted documents 

-See attached for encrypted documents 

Encrypted Data.zip Encrypted Data.pdf ESET CP shots.pdf

Share this post

Link to post
Share on other sites

Files were encrypted by Filecoder.Crysis. Unfortunately decryption is not possible. A typical way how Crysis is used to encrypt files is via RDP when attackers perform a brute-force attack, log into the system, pause or disable the AV and then run the ransomware.

If the user had ESET installed, please email samples[at]eset.com and provide:
- logs collected with ESET Log Collector (ESET must be installed and running)
- a handful of examples of encrypted files
- the ransomware note.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...