The Tencent Security Guardian Threat Intelligence Center has recently detected that ERIS ransomware variants are partially infected in the country. ERIS ransomware variants are written in go language, and a 5-byte random extension suffix is added after the encrypted file is completed. After the virus encrypts the user data, it extorts 0.05 bitcoin (market value is about 4,000 yuan). Since the virus uses RSA+Salsa20 to encrypt the file, the encrypted file cannot be decrypted temporarily. ERIS ransomware to prevent users from using the anti-delete tool to recover files, the virus will call the disk erase tool cipher.exe to completely destroy the original files deleted after the virus completes the data encryption. We remind the government and enterprises to be highly vigilant.