ERIS Ransomware encrypts user files with Salsa20 + RSA, and then requires a ransom to give it back. It is distributed via RIG exploit kit. A user would simple have visit a malicious web page to get infected with ERIS. Once the user on infected page JavaScript automatically tries to exploit a SWF vulnerability, if successful, it will download and execute the ransomware. All file name are appended with .ERIS extension.