Figure 1-1
Click +Details for more information and additional images associated with this ransomware
Win32/Filecoder.Crysis is a trojan that encrypts files on local drives. The user is told they must send information and make a payment using the Bitcoin payment service in order to decrypt their files.
Indicators of compromise
.{%EmailAddress%}.CrySiS
.{%EmailAddress%--%EmailAddress%}.xtbl
.[%EmailAddress%].dharma
.ID%hexnum%.%EmailAddress%.xtbl
.id-%hexnum%.{%EmailAddress%}.crypt
.id-%hexnum%.{%EmailAddress%}.lock
.id-%hexnum%.{%EmailAddress%}.crypted
.[%EmailAddress%].wallet
.[%EmailAddress%].onion
Image gallery
cd %userprofile%\Desktop
(do not replace "userprofile" with your username–type the command exactly as shown) and then press Enter.ESETCrysisDecryptor.exe
and press Enter.ESETCrysisDecryptor.exe C:
and press Enter to scan the C drive. To scan a different drive replace C:
with the applicable drive letter.Figure 1-2