Eris勒索病毒家族详情

勒索病毒家族名称：Eris勒索病毒家族
是否支持解密：否
详情：
被加密文件：ERIS
被加密文件后缀格式：

勒索提示信息：
文件名：@ READ ME TO RECOVER FILES @.txt
文件内容 ：
-------------------------------------------------------------------------------


***                                                 ***
*** READ THIS FILE CAREFULLY TO RECOVERY YOUR FILES ***
***                                                 ***


ALL OF YOUR FILES HAVE BEEN ENCRYPTED BY ERIS RANSOMWARE!
USING STRONG ENCRYPTION ALGORITHM.

Every your files encrypted with unique strong key using Salsa20 encryption algorithm:
https://en.wikipedia.org/wiki/Salsa20

Which is protected by RSA-1024 encryption algorithm:
https://en.wikipedia.org/wiki/RSA_(cryptosystem)

shadow copy, F8 or recuva and other recovery softwares cannot help you, but cause Irreparable damage to your files!

Technically no way to restore your files without our help.

we only accept cryptocurrency Bitcoin (BTC) as payment method! for cost of decryption service.
https://wikipedia.org/wiki/Cryptocurrency
https://wikipedia.org/wiki/Bitcoin

For speed and easily, please use localbitcoins website to purchase Bitcoin:
https://localbitcoins.com

* WE OFFER YOU 1 FREE FILE DECRYPTION (<1024 KB) WITHOUT ANY COST! TO TRUST OUR HONESTY BEFORE PAYMENT.
  THE SIMPLE FILE MUST NOT BE ARCHIVED!



-----BEGIN ERIS IDENTIFICATION-----
ZEA8QGRSmWn3K9NRD2PK9KuZkkp6p33YQNt49ZsRTmhTGgNAj3pDUB1wV2wSs4gK
f3GaoGR86joL7NurkWW72AoN9c46EGkMH1FfBq58M1JCNbD8kGmwrgEpvhApX1RN
6w16x3se36LPCz2dL5Nvhw1fV5Qvu4JrkSpXNvabvWbLb7XfCTyCCR5fGeGHoMDm
WkTBUK4ePsTxiGhjMGYTac3NsrNReKbGqVcTBoiX3vRrdtwdofE2YBDNbw5jXmek
uHEfVcWQap4FfZgsSZw62a4J1t1ma55wBHxty87FiPWFbo4MjHMnVwmST6VsXcbs
2eYALBuCiZNR4ZDWPyZG1mKFFGgebqL5vN9f9FfpVpAkSFvGhFVr1eP5TD2M5iGx
f5tLMsTtQ3LQfDE2DSv7LhTaYjYGPzNAhsc4Y3SHQ25QFQCN4qm18V1hJYoLo6QT
XssSr8iNGAz8uK3ct8wSDzVRqz7BXAeXFMEVVzkoQc1pweHqwnZY6Z2PuNycg1yh
ZEGf8ibh4tZ4c7nEM4iBMTYAQfFKDCVb5Us4tcbRMaTjKtwiwtnHZuRA7D77uTtV
6pMh2uKYQQQ4thLewP61wwntoewHQGvPaxJpeqqEvnq4N4nU1xQQTz5oUdDuL6GB
Q7tgT6p6T32EUaZW6mC49CD3gJGeSEsMJHgySvpyukCjnnTPUFFNjSm82nUS4LtN
z6pak9Z6XVgLtQJLVi5oBajWyh1Kri8gNBHZ8SrwZnR9dmqoMRi24zCgjUgrPExJ
fASReC5as2Q1HH2zrmKQxNKePLwyMNS4UbAEGXUmx35BBAs1pT3usGih4sj8zTtF
fqpgBXGak4nGZa5QgWs9WEa5AU2dCHFmR8wz79HMh2Xq2mLMDbLh9kW18y5VMMiA
QTF3oedcUQKJQE28YtyhT2GieQ5idT78rXSfR3zcoihS8rP1b9jUZqUKqk1eV8b4
ab6XUH6Nm7o1N5xeLLXTLCArWrqg2aWCbo5gE3sf5ZDBaKZHs3EmRShYajXg1AcX
kBrzSbhWaaVm8CMMnDddPxH77coBwDUrZaFBGkcfoRh5EDG9F9sZkdrXfRa4DDCs
PQbe6S3h4Fo53cy1YTf8qfRBzgq6n6Jxh5FfvRG7e42iTnnJyzc6SGQyFDWKDfAQ
4hxLWECU3SP2AdRQsrmZLPNvoM9Ldt2m1mc5Z1851gXKZzPYnpCsmskbU44TzqmR
ohNkqGTCmFwSJbAfEHaPgnQnady8873xDr9rG8uDCgE1ir799r8ZEEokkUdEZn4Q
atbKThJyqRhNymjHtVzyaasxijfvPfPn3vYxTh868yJuJdroSdcXTVuSybBY8rTe
eMnxsYHv9Wut5msk3XF8fjr9QXiscH3shRCBUeyx85rjCaehhbnsgpKSETXJ1g8q
zAGPz4pYuxYNvUXmAKgWLE9hfp2ziN5g5my8gXHVDuuSbWJxLqy4XBdD3wunzH7m
MgvRQ7RtLExEUASBVEAcsUX4kVpD2VJn8zcq87R1GuBUJo5nzwgJ5hv14RyuaMep
YL1KUS3Le3CUZJ
-----END ERIS IDENTIFICATION-----



===========================================================================================================

   (Decryption Instructions)

1. Send your ERIS IDENTIFICATION with one simple of your encrypted files (<1024 KB) to our email address:
   Limaooo@cock.li

2. Wait for reply from us.
   (usually in some hour)

3. Confirm your simple files are decrypted correct and ask us how to pay to decrypt all your files.

4. We will send you payment instructions in Bitcoin.

5. You made payment and send us TXID of Bitcoin transfer.

6. After we confirm the payment, you will soon get decryption package and everything back to normal.


* IN CASE OF FOLLOWING OUR INSTRUCTION,
  FAST AND EASILY EVERYTHING IS BACK TO NORMAL LIKE THAT NEVER HAPPENED!

  BUT IF YOU USE OTHER METHODS (THAT NEVER EVER HELPS) YOU JUST DESTROY EVERYTHING FOR GOODNESS!

  BE A SMART AND SAVE YOUR FILES! NOT A FOOL!

===========================================================================================================


===============================
* DO NOT MODIFY ENCRYPTED FILES
* DO NOT MOVE ENCRYPTED FILES
* DO NOT USE RECOVERY SOFTWARES
===============================


=============================================================================================

(Frequently Asked Questions)

Q: I can not pay for it, what I do now?
A: Format your hard disk, re-install your softwares and start everything from begin!

Q: What a guarantee I can recovery my files after payment?
A: There is no any reason for us to do not give you decryption software and your special key.

   The only our goal is help you not hurt!

=============================================================================================
-------------------------------------------------------------------------------
防护建议：
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括：
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。

家族：Eris勒索病毒
版本：Eris v2.0.3
被加密文件后缀：随机五位(例如1Y9AP)
勒索提示信息文件名：HELP-1Y9AP.txt
勒索提示信息内容：
---------------------------------------------------------------------------------
***                                                 ***
*** READ THIS FILE CAREFULLY TO RECOVERY YOUR FILES ***
***                                                 ***



ALERT!
ALL OF YOUR FILES HAVE BEEN ENCRYPTED BY ERIS RANSOMWARE v2.0.3!

Welcome to Eris System Security Encryption Program!

Keeping strong security for our clients in mind, we have implemented Strong Encryption Algorithm for securing the system.

To personally update regarding the available decryption software and payment methods. Follow the steps below to access the payment page.


Follow the steps below to access payment page.

1. Download and install Tor browser from here:
   URL - https://www.torproject.org/download/

2. Visit page below using Tor browser:
   URL - http://epaybfvlutydks6fpfwtwoe2f ... on/96dc809fa262a0b2

3. Enter your ERIS IDENTIFICATION. (You can find it in below)

4. Follow the next steps(instructions) displayed on the page for successful decryption.

Note:
We only accept payments via Bitcoin (BTC)!


ERIS IDENTIFICATION:

XrRYZnkc4sb9T1ZGareD6WfMHCtt97sFnrq4WyapHHtS17QsfhvUXZ4VSRxDCpKK
gZohsqZtk8QqV3xVLpdSUmr31FFP2grDbdi5wdmqQHDgF5T7KRNoHzQ52PGK9azi
sodCwUCHHuHJfJLDeukRQUepjCMPYvDYJpkajS65S2GdACkE4JeuzzXA2CgRMrXk
RW38NPCUVYF4NmiMiJugvbCJ8DWY631pvH1nvcCLvRvBhCo2wCZsH9AydtoU4M1k
ggQ6CLZFfPo9XuWw5WXhNeU6DXyoBH4sVvuSFDfYyrfyhmzJMeRm3KL9fUmCKi3T
paUva4vh1zkH5fXVGQmCH6u1fgt7vNAJy9pPhKwkq4BBNGucWuz9NvS9UYrCnqUX
tC5kEfUg8EhoYs8rVFDkRzSx6KdPRdTRHJNzd4hzT3qC6vJG4fo8m8XG9jRia4Up
c4CqLqprPbbW5S6bLuVxic7PcAzLye4L9AjYWbMvLR43zTxbXHA2iPmE8CNYnctP
18SRA9AzUXWTS3uTDes8CTWx28HwFxK9h4HFZtcCkaXQ8mqRq41q8b6iry4bQ8tg
khaHiBsmHYuxFMLSsKHS4zio8kM5Q9PeBZfcgiYKQrzozbyA6wFrJEP5YJPocG8j
qNzqq5Za7CwKdPAXHQqa8fsGUBL1frUa5ErGyb5LM9MbU7vcQWZaGtgkWHWwnALZ
EkGPnJhmEwLMpDJxGGSxwaB8Fd3fHRobLBFUY3kdF97DysLZrV123ZotdFcQ1KqB
eG59huzWnTaA8qi2SbKymBwix2CGUGFWSzWn6hucyKJJpz9UY2wbp8YmPd6nUsVz
GhAV6fTsD2xoEY2YubroMNeAW2mg7ErL635ipczMMJnx8mrqk9kmCaDm6Ug2qhRi
Sa5u7pv7EdMHQskVT8aNxPjHzqg5DPoCABTzuxBA8mA1Vjcz6VwVnKZbfSxwLyt5
JjekHBAccPdjsHRYooFhzXki2ypKn4S3W1Rf2APRWEM8ZfEjMzhfNgyZWDo2Zy8w
ZDVdF9yLJhfaD9aZpkwhhs6aMd1753mMP115kihrVxe6KoueUnpPW2xwmwX2jhDU
Zb32D4RE26cD5J7pDVwhNcfG3vxYi1x2qJ18BS4hyY1XcnHMndr7mQMhjyGtNkVW
qS5xLYBzomdNoVbVPQmjbKDGLxRLL2aGbKGSjcBmTkCY91SrZCFCDfxzUZetkTAK
f4tkaTLZ8wq8FH7VjN9tPTDyBntnW9zdHNDTq96Bwx4xvr9sbhGonVyD6sokCyBe
ogG7e2kgeaheA8HTggvoUPoch1G58iVcbYZwHa9sjmG6Bkkr5SgRCAoT7rqrVyYo
uBgGn1XURHSF44aFgRpkhvUbn9MbHxHpbuSKSPAtDZ56CQgSZGhtEVzF6G5weBUN
BFS2d7CJjoVjd3tKsiYnxF8pMogr1jPzCwpnYF9oXTuhifmMCLDjBiahJAUY13s1
zBJJzdmY1j3PenbEn35LSFphv4nnesit1XPLXU1eYAF9gRLDqzx9YZ3WrBEU4MZd
KXeRiL6F2Z9czwycuhKxQ9t6A63xy1HBU4s8N1U8HfVKayuBvJozTq8uspbJ6g82
E6XHCPAL3seGeE3EH1paja3KL6bHiU9w6dreTZxjgJ2nHMouoH1mjo6TXQfCqvio
dcKg6DrD8b7giWYVNxGP3ZAaPqKr9sbrWxogEpX79b8S4Y1oUCd2XxsEDfJF7idG
tX2wVZe5WECH3v25ACEpbS9pctKAxWzcKpLtRdPDbjvJgXCboFMcdpTTXu3RHeBz
deGwihw3FwZJz1WxJk8G1G37EyR867pFEv5TgFMwrdefnsFrMeEoNsBQNHePu44P
EabcYcJfHdaMFNDJ6z56zd7CariGCVT4hcqUEXJstjBgPuHXavQHtViFLJjReAir
1kXNdeRj5s3PE3R2EJqukPUGoMhGZTTVRLCY7CYHM4ugu726Fh8H3LRedUurrfnA
VuqpPLWVY2378KKH85gL4VHhQkmB1ShU1WoiqE6swAwavzEjeN5eAVJtaTPQt3NZ
ggS3q4coYfGkVADmXkqVWythqQacfwRfWfMFW6XxmjYhAmtRsn7SpCAb2iqtapEg
vceovbqdjNiAbz1NH9istX5GWYcnfRvt4rCyyHCVAvhMpUh6g77gg3i1ey9dbfQn
Vgbp2GWBpq4VayD1WVS1yF1dgbyPDwSCBHi87WNFnsH9HQSHaRENamWMZLJjdWqr
LuhjHK8pJ3iS5PeYqhCFefySCSJAFec34s29tfBBXxEDjQiNi3ibJdoNimuGRgH5
Vkfy4hNuHiduq3XMQrqumQWrE84DGQmdTUwDgJvwkAFmm25DwATacPSL9q4Fyhbx
iAFXbmvhEt9Uh6YtbPLGKeJ7rfAFUbbusTCsPdf29JFWacoysS6a2Twe7kJFjZjE
VW3kGgoFJRcgy8g89ESX4XTf3CtxSTkYpLt4eK7HAuEgBTrwRQr6HPRw4UiBzb7d
Rd78gHBSb7GhsLPDwUPAy5JXo5oqZ6VxhJLC


* IF YOU NOT FOLLOW INSTRUCTIONS IN PAYMENT PAGE MORE THAN  7 DAYS!,
  YOUR CANNOT ACCESS TO PAYMENT PAGE OR YOUR FILES ANYMORE!
  
* IN CASE OF FOLLOWING OUR INSTRUCTION,
  FAST AND EASILY EVERYTHING IS BACK TO NORMAL LIKE THAT NEVER HAPPENED!
  BUT IF YOU USE OTHER METHODS (THAT NEVER EVER HELPS) YOU JUST DESTROY EVERYTHING FOR GOODNESS!

---------------------------------
* DO NOT MODIFY ENCRYPTED FILE(S)
* DO NOT MOVE ENCRYPTED FILES
* DO NOT USE RECOVERY SOFTWARE(S)
---------------------------------
---------------------------------------------------------------------------------

家族：Eris
被加密文件后缀:uk6ge
黑客邮箱：DamianOlsonsnowdrop@cock.li

家族：Eris
被加密文件后缀:uk6ge
黑客邮箱：gibberishEdmundBass@protonmail.com

家族：Eris
被加密文件后缀:anenerbex
黑客邮箱：anenerbex@cock.li

家族：Eris
被加密文件后缀:anenerbex
黑客邮箱：anenerbex@protonmail.com

家族：Eris
被加密文件后缀:Velar
黑客邮箱：lanthanumRosaKiddgentile@cock.li

家族：Eris
被加密文件后缀:Velar
黑客邮箱：affrontUmerSummers@tutanota.com

家族：Eris
被加密文件后缀:UPPER
黑客邮箱：TentwenUpper1@protonmail.com

家族：Eris
被加密文件后缀:UPPER
黑客邮箱：Wenuptwen1@tutanota.com

家族：Eris
被加密文件后缀:fevrbdy
黑客邮箱：fevrbdy@protonmail.com

家族：Eris
被加密文件后缀:fevrbdy
黑客邮箱：fevrbdy@airmail.cc