Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CrySiS Ransomware


  • This topic is locked This topic is locked
2 replies to this topic

#1 eddiek989

eddiek989

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 13 May 2016 - 08:57 PM

on Feb 2016 I got an infection on one of my home network computers that had network access to many other shared folders over the network, the infection name on the internet is CrySiS. It encrypts most file types including documents, executables, media, spread sheets PDFs and the list goes on and on. I was able to isolate the infection from my computer but I was left with terabytes of 20 years worth of personal data. After searching for the ransom note I was able to find it on the desktop f the user that the infection has started under with the file name "How to decrypt your data.txt". All the infected files are encrypted and were renamed to include ".{TREE_OF_LIFE@INDIA.COM}.CrySiS" after the original file extension. the ransom note reads inside "Your data was encrypted to decrypt it contact me at TREE_OF_LIFE@INDIA.COM" I would really appreciate any tips on how to decrypt my files if anyone has figured it out yet. I would gladly provide more info if anyone needs to know more about this infection.

 

Attached are the ransom note and a sample encrypted file. I still have the ransomware executable and I can only share it privately.

 

This is the sample encrypted file name after the infection, it's a *.cfg file originally. I had to rename so I can upload it here. Sample.CFG.{TREE_OF_LIFE@INDIA.COM}.CrySiS

 

Any help with this infection is really appreciated.

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 17 May 2016 - 10:52 AM

Greetings.

Sorry for the delay. My recommendation would be for you to post in the Ransomware Tech Support and Help Forum where they may be better equipped to help you.

I will close this Topic by send me a Personal Message if necessary.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 17 May 2016 - 10:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users