ERIS ransomware, originally identified in May 2019, was discovered proliferating via a malvertising campaign using the RIG exploit kit over the 4th of July, 2019 holiday weekend. The malvertising campaign used the popcash ad network to redirect users, where the exploit kit will attempt to exploit an Adobe Shockwave (SWF) vulnerability within the browser. ERIS Ransomware will automatically download and install if exploitation is successful. The .ERIS extension will encrypt and rename all files, e.g., “<myphoto.jpg.ERIS>.” There is currently no known decryption tool for this variant.

  • Bleeping Computer provides technical details and analysis, here.