Cry9 is the successor of the CryptON ransomware family that is mostly used for targetted attacks via RDP. Files are encrypted using a customized version of AES, RSA and SHA-512. We have seen the following extensions being used by Cry9: ".-juccy[a]protonmail.ch", ".id-", ".id-_[[email protected]].xj5v2", ".id-_r9oj", ".id-_x3m", ".id-_[[email protected]]_[[email protected]].x3m", ".", ".-sofia_lobster[a]protonmail.ch" and "._[wqfhdgpdelcgww4g.onion.to].r2vy6".
To use the decrypter, you will require an encrypted file of at least 128 KB in size as well as its unencrypted version. To start the decrypter select both the encrypted and unencrypted file and drag and drop them onto the decrypter executable.