Please note that these free tools are provided as-is and without warranty of any kind. The tools may only work with specific ransomware versions, and may not work with versions that were released after a tool was created. Technical support for the tools is available only to customers using a paid Emsisoft product.
Cry9 is the successor of the CryptON ransomware family that is mostly used for targetted attacks via RDP. Files are encrypted using a customized version of AES, RSA and SHA-512. We have seen the following extensions being used by Cry9: ".-juccy[a]protonmail.ch", ".id-", ".id-_[[email protected]].xj5v2", ".id-_r9oj", ".id-_x3m", ".id-_[[email protected]]_[[email protected]].x3m", ".", ".-sofia_lobster[a]protonmail.ch" and "._[wqfhdgpdelcgww4g.onion.to].r2vy6".
To use the decrypter, you will require an encrypted file of at least 128 KB in size as well as its unencrypted version. To start the decrypter select both the encrypted and unencrypted file and drag and drop them onto the decrypter executable.