Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Jul 2019

How to remove ERIS ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Alice Woods · Likes to teach users about virus prevention

ERIS ransomware is the virus that encrypts data while using Salsa20 and RSA algorithms and requires ransom from victims

 ERIS ransomware

ERIS ransomware is cryptovirus that focuses on locking files on the infected machine, so there is a reason for ransom demands. Unfortunately, this malware is created by cybercriminals and the decryption, in most cases, is only a lie used to lure people. You may be especially concerned about your encoded data, but paying the $825 for these people can lead to even more severe damage to your device or data and permanent loss of money.[1] 

What makes this cryptovirus more dangerous is the distribution technique because many sources reported that this particular ransomware is recently distributed via RIG exploit kit and other malvertising campaigns.[2] Victims have no idea when and how the ransomware got on the system because the installation happens without their knowledge by visiting a malicious website and triggering the payload dropper.

Name ERIS ransomware
Type Cryptovirus
File marker .ERIS
Distribution Spam email attachments, infected files, malvertising campaigns, exploit kits
Ransom amount $825 in Bitcoin
Ransom note @ READ ME TO RECOVER FILES @ .txt
Malicious files Server.exe; dev_man.exe; eris.was; l.bat ; 00000000.pky; 00000000.eky
Contact emails limaooo@cock.li; Limaooo@cock.li 
Elimination Get a reliable anti-malware tool and remove ERIS ransomware from the machine

ERIS ransomware is the virus created to demand payments from people, so the initial process of file encryption happens immediately after the infiltration. Criminals also perform other alterations and make much more changes to ensure the persistence of the malware later on.

This is the virus that gets the name from the file extensions .ERIS that gets placed on every file encrypted by the threat. Once you notice this modification and the ransom note appears on the desktop, ERIS ransomware virus has already infected your device and altered more parts of the whole system than those documents, photos or video files which become useless and locked.

ERIS ransomware relies on Salsa20 and RSA encryption algorithms and encodes users' photos, documents, images, video files, and even archives that can be found on the machine. When all those personal files get locked, the virus delivers a ransom message in the file @ READ ME TO RECOVER FILES @ .txt.

When ERIS ransomware marks files with .ERIS appendix and demands victims to pay up, the only solution seems to be paying the ransom. It was also reported that the virus adds the “_FLAG_ENCRYPTED_” file marker at the end of every file affected. However, these people cannot be trusted since they have the only goal of profiting from people.

Initially, this virus was spotted back in May 2019, but the start of July showed that this ransomware is more dangerous than everyone may be thinking when the newest campaign started to use RIG exploit kit to deliver the virus. Stay away from contacting these people and clean the system as soon as possible.

ERIS ransomware virus

As mentioned before, ERIS ransomware does more than just encrypting files, all the system changes include installing programs, adding malicious files, and alerting crucial settings on the affected computer. For example, the virus adds new or alters existing Windows Registry Keys to run the processes continuously after each system reboot.

ERIS ransomware can also launch other processes in the background, or even infect the machine with additional malware, drop secondary payloads. Your device may get affected and even damaged if you let this threat run on the system for a while.

Make sure to remove ERIS ransomware as soon as possible, react to the suspicious activity immediately, and get the anti-malware tool that can detect such threat and remove all the associated files or programs. Running a full scan on the machine indicates all the virus damage and malicious files that can, later on, get terminated using the same antivirus program.

Make sure to focus on ERIS ransomware removal first, then worry about the file recovery. There is no possibility to restore encoded data for free because the official decryption tool hasn't been released. However, paying is also not the best solution. Install anti-malware, clean the machine fully with FortectIntego and then rely on data backups for file recovery.

ERIS files virus

Ransomware uses system vulnerabilities and infected files to get on the system 

The primary method of the ransomware payload dropping are spam email attachments and other malware, but more and more criminals rely on exploit kits and not so common delivery techniques. Since the first campaigns, this threat was delivered via legitimate-looking emails and files filled with macros, but later on, researcers[3] spotted new methods.

The later attacks were analyzed, and those investigations revealed that the RIG exploit kit was used to drop ransomware during malvertising campaigns. The pop-up redirect shows up to expose users to the exploit kit and web requests triggered after that automatically downloads and installs the virus on the machine. It happens in the background, and the victim only notices the encryption and other system modifications.

Since this exploit kit uses vulnerabilities and specific weaknesses on the machines, you should patch any flaws as soon as possible to avoid cush infiltrations or even more dangerous malware campaigns. Also, paying attention to emails you receive can help you prevent ransomware infiltrations. Make sure to delete suspicious content from the email box before opening and never download questionable files.

Get rid of the ERIS ransomware cryptovirus and make sure to clean the system completely 

When it comes to threats like ransomware and other more damaging cyber threats, it is essential to clean the machine entirely. As we mentioned the primary payload of the cryptovirus comes as a malicious file and gets dropped without your knowledge, To remove ERIS ransomware entirely, you need to eliminate those associated files and other possibly installed programs.

You cannot do that manually because data gets hidden in various system folders and other places on the device. Go for automatic ERIS ransomware removal and use FortectIntego, SpyHunterCombo Cleaner, or MalwarebytesMalwarebytes for the thorough system scanning and malware damage elimination process.

There is no way to decrypt ERIS ransomware virus affected files for free, but paying not an option too. So rely on virus termination and then try to recover data with proper tools or use backed-up data from external devices or cloud services. We have a few methods and tools listed below.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.