A new variant of the Gryphon Ransomware has been discovered by ID-Ransomware's
Michael Gillespie that appends the
%s.[gladius_rectus@aol.com ].crypton extension to encrypted files. First discovered at the end of July 2017, Gryphon Ransomware is actually a variant of the BTCWare ransomware.
The BTCWare family of ransomware is distributed by the developers hacking into remote computers with weak passwords using Remote Desktop services. Once they are able to gain access to a computer, they will install the ransomware and encrypt the victim's files.
Unfortunately, at this time there is no way to decrypt files encrypted by the Gryphon Ransomware for free. If you wish to discuss this ransomware or receive any support, you can use our dedicated
Btcware Ransomware Support Topic. In the past, the developers rhave eleased the decryption keys for variants that were no longer in distribution. It appears they decided to no longer offer this to their victims. We hope they change their mind.
Unknown ransomware - .dthnrHygS extension (Session messenger note)
New HybridPetya ransomware can bypass UEFI Secure Boot
Surge in Magniber ransomware attacks impact home users worldwide