Victim of the Crysis family ransomware? ESET has an updated free decryptor tool for you

Next story
Image of a skull with code in the background

Today, ESET released an updated version of its free decryptor for ransomware victims.

Anyone who has had their data or devices hit by specific types of the Crysis ransomware family, (detected by ESET as Win32/Filecoder.Crysis) can now get their files back for free using this tool.

With the current update, ESET’s decrypting tool can help victims of six unique variants of this specific ransomware family. Each of them is identifiable by the use of a specific extension: .xtbl, .crysis, .crypt, .lock, .crypted, .dharma. (The most recent addition includes files encrypted by the .dharma extention.)

The tool was updated with master decryption keys recently released via a forum at – mirroring the same key release scenario seen in November 2016 for older variants of this malware.

The Crysis malware family began gaining prominence after one of its main “competitors,” TeslaCrypt, ceased operations in the first half of 2016. Since then, ESET’s free decryption tools for those two families of malware have been downloaded by more than 50,000 times by users around the globe.

If you have been a victim of Crysis ransomware, you can find and download the free ESET Crysis decryptor from our utilities page. If you need additional information on how to use the tool, please refer to the ESET Knowledgebase article.