ERIS Ransomware encrypts user files with Salsa20 + RSA, and then requires a ransom to give it back. It is distributed via RIG exploit kit. A user would simple have visit a malicious web page to get infected with ERIS. Once the user on infected page JavaScript automatically tries to exploit a SWF vulnerability, if successful, it will download and execute the ransomware. All file name are appended with .ERIS extension.
ERIS Ransomware Signatures
Family: Trojan:Win32/Occamy.C
MD5: 7fd8fc98d8028afb6426244e61524b69
SHA256: 574b7439b7469ed10331f4f383da0631a78c71b388eab0db1399d8606108b0ea
ERIS Ransomware Download