Severity scale:  
  (92/100)

Remove ERIS ransomware (Free Instructions) - Decryption Steps Included

removal by Alice Woods - - | Type: Ransomware

ERIS ransomware is the virus that encrypts data while using Salsa20 and RSA algorithms and requires ransom from victims

 ERIS ransomware

ERIS ransomware is cryptovirus that focuses on locking files on the infected machine, so there is a reason for ransom demands. Unfortunately, this malware is created by cybercriminals and the decryption, in most cases, is only a lie used to lure people. You may be especially concerned about your encoded data, but paying the $825 for these people can lead to even more severe damage to your device or data and permanent loss of money.[1] 

What makes this cryptovirus more dangerous is the distribution technique because many sources reported that this particular ransomware is recently distributed via RIG exploit kit and other malvertising campaigns.[2] Victims have no idea when and how the ransomware got on the system because the installation happens without their knowledge by visiting a malicious website and triggering the payload dropper.

Name ERIS ransomware
Type Cryptovirus
File marker .ERIS
Distribution Spam email attachments, infected files, malvertising campaigns, exploit kits
Ransom amount $825 in Bitcoin
Ransom note @ READ ME TO RECOVER FILES @ .txt
Malicious files Server.exe; dev_man.exe; eris.was; l.bat ; 00000000.pky; 00000000.eky
Contact emails limaooo@cock.li; Limaooo@cock.li 
Elimination Get a reliable anti-malware tool and remove ERIS ransomware from the machine

ERIS ransomware is the virus created to demand payments from people, so the initial process of file encryption happens immediately after the infiltration. Criminals also perform other alterations and make much more changes to ensure the persistence of the malware later on.

This is the virus that gets the name from the file extensions .ERIS that gets placed on every file encrypted by the threat. Once you notice this modification and the ransom note appears on the desktop, ERIS ransomware virus has already infected your device and altered more parts of the whole system than those documents, photos or video files which become useless and locked.

ERIS ransomware relies on Salsa20 and RSA encryption algorithms and encodes users' photos, documents, images, video files, and even archives that can be found on the machine. When all those personal files get locked, the virus delivers a ransom message in the file @ READ ME TO RECOVER FILES @ .txt.

When ERIS ransomware marks files with .ERIS appendix and demands victims to pay up, the only solution seems to be paying the ransom. It was also reported that the virus adds the “_FLAG_ENCRYPTED_” file marker at the end of every file affected. However, these people cannot be trusted since they have the only goal of profiting from people.

Initially, this virus was spotted back in May 2019, but the start of July showed that this ransomware is more dangerous than everyone may be thinking when the newest campaign started to use RIG exploit kit to deliver the virus. Stay away from contacting these people and clean the system as soon as possible.

ERIS ransomware virus
ERIS ransomware is the cryptovirus that asks for $825 in Bitcoin for the alleged decryption.

As mentioned before, ERIS ransomware does more than just encrypting files, all the system changes include installing programs, adding malicious files, and alerting crucial settings on the affected computer. For example, the virus adds new or alters existing Windows Registry Keys to run the processes continuously after each system reboot.

ERIS ransomware can also launch other processes in the background, or even infect the machine with additional malware, drop secondary payloads. Your device may get affected and even damaged if you let this threat run on the system for a while.

Make sure to remove ERIS ransomware as soon as possible, react to the suspicious activity immediately, and get the anti-malware tool that can detect such threat and remove all the associated files or programs. Running a full scan on the machine indicates all the virus damage and malicious files that can, later on, get terminated using the same antivirus program.

Make sure to focus on ERIS ransomware removal first, then worry about the file recovery. There is no possibility to restore encoded data for free because the official decryption tool hasn't been released. However, paying is also not the best solution. Install anti-malware, clean the machine fully with Reimage Reimage Cleaner and then rely on data backups for file recovery.

ERIS files virus
ERIS ransomware is the product from cybercriminals who offer to decrypt your files for $825. Never trust people behind such malware or scams.

Ransomware uses system vulnerabilities and infected files to get on the system 

The primary method of the ransomware payload dropping are spam email attachments and other malware, but more and more criminals rely on exploit kits and not so common delivery techniques. Since the first campaigns, this threat was delivered via legitimate-looking emails and files filled with macros, but later on, researcers[3] spotted new methods.

The later attacks were analyzed, and those investigations revealed that the RIG exploit kit was used to drop ransomware during malvertising campaigns. The pop-up redirect shows up to expose users to the exploit kit and web requests triggered after that automatically downloads and installs the virus on the machine. It happens in the background, and the victim only notices the encryption and other system modifications.

Since this exploit kit uses vulnerabilities and specific weaknesses on the machines, you should patch any flaws as soon as possible to avoid cush infiltrations or even more dangerous malware campaigns. Also, paying attention to emails you receive can help you prevent ransomware infiltrations. Make sure to delete suspicious content from the email box before opening and never download questionable files.

Get rid of the ERIS ransomware cryptovirus and make sure to clean the system completely 

When it comes to threats like ransomware and other more damaging cyber threats, it is essential to clean the machine entirely. As we mentioned the primary payload of the cryptovirus comes as a malicious file and gets dropped without your knowledge, To remove ERIS ransomware entirely, you need to eliminate those associated files and other possibly installed programs.

You cannot do that manually because data gets hidden in various system folders and other places on the device. Go for automatic ERIS ransomware removal and use Reimage Reimage Cleaner , SpyHunter 5Combo Cleaner, or Malwarebytes for the thorough system scanning and malware damage elimination process.

There is no way to decrypt ERIS ransomware virus affected files for free, but paying not an option too. So rely on virus termination and then try to recover data with proper tools or use backed-up data from external devices or cloud services. We have a few methods and tools listed below.

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Reimage Cleaner Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Reimage Cleaner, submit a question to our support team and provide as much details as possible.
Reimage Reimage Cleaner has a free limited scanner. Reimage Reimage Cleaner offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage Cleaner, try running Combo Cleaner.

To remove ERIS virus, follow these steps:

Remove ERIS using Safe Mode with Networking

ERIS ransomware elimination can be easier if you reboot the machine in Safe Mode with Networking

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove ERIS

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete ERIS removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove ERIS using System Restore

Try System Restore feature as an alternative virus termination method and remove ERIS ransomware by restoring the machine in a previous state

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of ERIS. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner and make sure that ERIS removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove ERIS from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by ERIS, you can use several methods to restore them:

Data Recovery Pro is the alternate method for file recovery when the user has no file backups

You can rely on Data Recovery Pro when you accidentally deleted files yourself or malware like ERIS ransomware encrypted them

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by ERIS ransomware;
  • Restore them.

Windows Previous Versions is the feature capable of restoring data

When you don't have file backups, but you enabled System Restore for the ERIS ransomware removal, you can restore data with Windows Previous Versions

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer is the alternative method for file restoring purposes

When Shadow Volume Copies are left untouched, you can use ShadowExplorer

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Decryption is not possible for ERIS ransomware

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from ERIS and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner , SpyHunter 5Combo Cleaner or Malwarebytes

About the author

Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions

References


Your opinion regarding ERIS ransomware