ESET Releases Update of Decryption Tool for Victims of the Crysis Family Ransomware

Today, ESET has released an updated version of its free decryptor for ransomware victims. Anyone whose data or devices have been hit by the Crysis family, (detected by ESET as Win32/Filecoder.Crysis) - now adding  the .dharma extension, can now get their files back for free. 

The tool has been updated with master decryption keys recently released via a forum at BleepingComputer.com – mirroring the same key release scenario seen in November 2016 for older variants of this malware.

With the current update, ESET’s decrypting tool can help victims of six unique variants of this specific ransomware family. Each of them is identifiable by the use of a specific extension: .xtbl, .crysis, .crypt, .lock, .crypted, and .dharma.

The Crysis malware family began gaining prominence after one of its main “competitors”, TeslaCrypt, ceased operations in the first half of 2016. Since then, ESET’s free decryption tools for those two families of malware have been downloaded by more than 50.000 users around the globe.

If you have been a victim of Crysis ransomware, you can find and download the free ESET Crysis decryptor from our free utilities page. If you need additional information on how to use the tool, please refer to ESET Knowledgebase

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit www.eset.com or follow us on LinkedInFacebook and Twitter.