Ransomware Overview
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAABACADAE
1
ExtensionsExtension PatternRansom Note Filename(s)CommentEncryption AlgorithmAlso known asDate Added/ModifiedDecryptorInfo 1Info 2Screenshots
2
.CryptoHasYou..enc YOUR_FILES_ARE_LOCKED.txtAES(256)http://www.nyxbone.com/malware/CryptoHasYou.htmlhttps://www.google.de/search?tbm=isch&q=Ransomware+.CryptoHasYou.
3
777.777
._[timestamp]_$[email]$.777
e.g. ._14-05-2016-11-59-36_$ninja.gaiver@aol.com$.777
read_this_file.txtXORSevleghttps://decrypter.emsisoft.com/777https://www.google.de/search?tbm=isch&q=Ransomware+777
4
7ev3n.R4A
.R5A
FILES_BACK.txt7ev3n-HONE$Thttps://github.com/hasherezade/malware_analysis/tree/master/7ev3n
https://www.youtube.com/watch?v=RDNbH5HDO1E&feature=youtu.be
http://www.nyxbone.com/malware/7ev3n-HONE$T.html
https://www.google.de/search?tbm=isch&q=Ransomware+7ev3n
5
7h9r.7h9rREADME_.TXTAEShttp://www.nyxbone.com/malware/7h9r.htmlhttps://www.google.de/search?tbm=isch&q=Ransomware+7h9r
6
8lock8.8lock8READ_IT.txtBased on HiddenTearAES(256)http://www.bleepingcomputer.com/forums/t/614025/8lock8-help-support-topic-8lock8-read-ittxt/https://www.google.de/search?tbm=isch&q=Ransomware+8lock8
7
AiraCrop
._AiraCropEncrypted
How to decrypt your files.txtrelated to TeamXRathttps://twitter.com/PolarToffee/status/796079699478900736https://www.google.de/search?tbm=isch&q=Ransomware+AiraCrop
8
Al-Namrood
.unavailable
.disappeared
Read_Me.Txthttps://decrypter.emsisoft.com/al-namroodhttps://www.google.de/search?tbm=isch&q=Ransomware+Al-Namrood
9
Alcatraz Locker.Alcatrazransomed.htmlhttps://twitter.com/PolarToffee/status/792796055020642304https://www.google.de/search?tbm=isch&q=Ransomware+Alcatraz+Locker
10
ALFA Ransomware.binREADME HOW TO DECRYPT YOUR FILES.HTMLMade by creators of Cerberhttp://www.bleepingcomputer.com/news/security/new-alfa-or-alpha-ransomware-from-the-same-devs-as-cerber/https://www.google.de/search?tbm=isch&q=Ransomware+ALFA+Ransomware
11
Alma Ransomwarerandomrandom(x5)Unlock_files_randomx5.htmlAES(128)https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=d4173312-989b-4721-ad00-8308fff353b3&placement_guid=22f2fe97-c748-4d6a-9e1e-ba3fb1060abe&portal_id=326665&redirect_url=APefjpGnqFjmP_xzeUZ1Y55ovglY1y1ch7CgMDLit5GTHcW9N0ztpnIE-ZReqqv8MDj687_4Joou7Cd2rSx8-De8uhFQAD_Len9QpT7Xvu8neW5drkdtTPV7hAaou0osAi2O61dizFXibewmpO60UUCd5OazCGz1V6yT_3UFMgL0x9S1VeOvoL_ucuER8g2H3f1EfbtYBw5QFWeUmrjk-9dGzOGspyn303k9XagBtF3SSX4YWSyuEs03Vq7Fxb04KkyKc4GJx-igK98Qta8iMafUam8ikg8XKPkob0FK6Pe-wRZ0QVWIIkM&hsutk=34612af1cd87864cf7162095872571d1&utm_referrer=https%3A%2F%2Finfo.phishlabs.com%2Fblog%2Falma-ransomware-analysis-of-a-new-ransomware-threat-and-a-decrypter&canon=https%3A%2F%2Finfo.phishlabs.com%2Fblog%2Falma-ransomware-analysis-of-a-new-ransomware-threat-and-a-decrypter&__hstc=61627571.34612af1cd87864cf7162095872571d1.1472135921345.1472140656779.1472593507113.3&__hssc=61627571.1.1472593507113&__hsfp=1114323283https://info.phishlabs.com/blog/alma-ransomware-analysis-of-a-new-ransomware-threat-and-a-decrypterhttp://www.bleepingcomputer.com/news/security/new-alma-locker-ransomware-being-distributed-via-the-rig-exploit-kit/https://www.google.de/search?tbm=isch&q=Ransomware+Alma+Ransomware
12
Alpha Ransomware.encryptRead Me (How Decrypt) !!!!.txtAES(256)AlphaLockerhttp://download.bleepingcomputer.com/demonslay335/AlphaDecrypter.ziphttp://www.bleepingcomputer.com/news/security/decrypted-alpha-ransomware-continues-the-trend-of-accepting-amazon-cards/https://twitter.com/malwarebread/status/804714048499621888https://www.google.de/search?tbm=isch&q=Ransomware+Alpha+Ransomware
13
AlphabetDoesn't encrypt any files / provides you the keyhttps://twitter.com/PolarToffee/status/812331918633172992https://www.google.de/search?tbm=isch&q=Ransomware+Alphabet
14
AMBA.ambaПРОЧТИ_МЕНЯ.txt
READ_ME.txt
Websites only
amba@riseup.net
https://twitter.com/benkow_/status/747813034006020096https://www.google.de/search?tbm=isch&q=Ransomware+AMBA
15
Angela Merkel.angelamerkelhttps://twitter.com/malwrhunterteam/status/798268218364358656https://www.google.de/search?tbm=isch&q=Ransomware+Angela+Merkel
16
AngleWare.AngleWareREAD_ME.txthttps://twitter.com/BleepinComputer/status/844531418474708993
17
Angry Duck.adkDemands 10 BTChttps://twitter.com/demonslay335/status/790334746488365057https://www.google.de/search?tbm=isch&q=Ransomware+Angry+Duck
18
AnonyBased on HiddenTear
ngocanh
https://twitter.com/struppigel/status/842047409446387714https://www.google.de/search?tbm=isch&q=Ransomware+Anony
19
Anubis.codedDecryption Instructions.txtEDA2AES(256)http://nyxbone.com/malware/Anubis.htmlhttps://www.google.de/search?tbm=isch&q=Ransomware+Anubis
20
Apocalypse
.encrypted
.SecureCrypted
.FuckYourData
.unavailable
.bleepYourFiles
.Where_my_files.txt
[filename].ID-*8characters+countrycode[cryptservice@inbox.ru].[random7characters]
*filename*.ID-[A-F0-9]{8}+countrycode[cryptcorp@inbox.ru].[a-z0-9]{13}
*.How_To_Decrypt.txt
*.Contact_Here_To_Recover_Your_Files.txt
*.Where_my_files.txt
*.Read_Me.Txt
*md5*.txt
decryptionservice@mail.ru
recoveryhelp@bk.ru
ransomware.attack@list.ru
esmeraldaencryption@mail.ru
dr.compress@bk.ru
Fabiansomewarehttps://decrypter.emsisoft.com/apocalypsehttp://blog.emsisoft.com/2016/06/29/apocalypse-ransomware-which-targets-companies-through-insecure-rdp/https://www.google.de/search?tbm=isch&q=Ransomware+Apocalypse
21
ApocalypseVM.encrypted
.locked
*.How_To_Get_Back.txt Apocalypse ransomware version which uses VMprotecthttp://decrypter.emsisoft.com/download/apocalypsevmhttps://www.google.de/search?tbm=isch&q=Ransomware+ApocalypseVM
22
ASN1!!!!!readme!!!!!.htmhttps://malwarebreakdown.com/2017/03/02/rig-ek-at-92-53-105-43-drops-asn1-ransomware/
23
AutoLocky.lockyinfo.txt
info.html
https://decrypter.emsisoft.com/autolockyhttps://www.google.de/search?tbm=isch&q=Ransomware+AutoLocky
24
Aw3s0m3Sc0t7.enchttps://twitter.com/struppigel/status/828902907668000770
25
BadBlockHelp Decrypt.htmlhttps://decrypter.emsisoft.com/badblockhttp://www.nyxbone.com/malware/BadBlock.htmlhttp://www.nyxbone.com/images/articulos/malware/badblock/5.png
26
BadEncript.briptMore.htmlhttps://twitter.com/demonslay335/status/813064189719805952https://www.google.de/search?tbm=isch&q=Ransomware+BadEncript
27
BaksoCrypt.adrBased on my-Little-Ransomwarehttps://twitter.com/JakubKroustek/status/760482299007922176https://0xc1r3ng.wordpress.com/2016/06/24/bakso-crypt-simple-ransomware/https://www.google.de/search?tbm=isch&q=Ransomware+BaksoCrypt
28
Bandarchor
.id-1235240425_help@decryptservice.info
.id-[ID]_[EMAIL_ADDRESS]
HOW TO DECRYPT.txtFiles might be partially encryptedAES(256)Rakhnihttps://reaqta.com/2016/03/bandarchor-ransomware-still-active/https://www.bleepingcomputer.com/news/security/new-bandarchor-ransomware-variant-spreads-via-malvertising-on-adult-sites/https://www.google.de/search?tbm=isch&q=Ransomware+Bandarchor
29
BarRax.BarRaxBased on HiddenTearhttps://twitter.com/demonslay335/status/835668540367777792
30
Bart.bart.zip
.bart
.perl
recover.txt
recover.bmp
Possible affiliations with RockLoader, Locky and DridexBaCrypthttp://now.avg.com/barts-shenanigans-are-no-match-for-avg/http://phishme.com/rockloader-downloading-new-ransomware-bart/https://www.proofpoint.com/us/threat-insight/post/New-Bart-Ransomware-from-Threat-Actors-Spreading-Dridex-and-Lockyhttps://www.google.de/search?tbm=isch&q=Ransomware+Bart
31
BitCryptor.clf
Has a GUI.
CryptoGraphic Locker family. Newer CoinVault variant.
https://noransom.kaspersky.com/https://www.google.de/search?tbm=isch&q=Ransomware+BitCryptor
32
BitStak.bitstakBase64 + String Replacementhttps://download.bleepingcomputer.com/demonslay335/BitStakDecrypter.ziphttps://www.google.de/search?tbm=isch&q=Ransomware+BitStak
33
BlackShades Crypter.SilentHacked_Read_me_to_decrypt_files.html
YourID.txt
AES(256)SilentShadehttp://nyxbone.com/malware/BlackShades.htmlhttps://www.google.de/search?tbm=isch&q=Ransomware+BlackShades+Crypter
34
Blocatto.blocattoBased on HiddenTearAES(256)http://www.bleepingcomputer.com/forums/t/614456/bloccato-ransomware-bloccato-help-support-leggi-questo-filetxt/https://www.google.de/search?tbm=isch&q=Ransomware+Blocatto
35
BooyahEXE was replaced to neutralize threatSalam!https://www.google.de/search?tbm=isch&q=Ransomware+Booyah
36
Brazilian.lockMENSAGEM.txtBased on EDA2AES(256)http://www.nyxbone.com/malware/brazilianRansom.htmlhttp://www.nyxbone.com/images/articulos/malware/brazilianRansom/0.png
37
Brazilian Globe
.id-%ID%_garryweber@protonmail.ch
HOW_OPEN_FILES.htmlhttps://twitter.com/JakubKroustek/status/821831437884211201
38
BrLockAEShttps://www.proofpoint.com/us/threat-insight/post/ransomware-explosion-continues-cryptflle2-brlock-mm-locker-discoveredhttps://www.google.de/search?tbm=isch&q=Ransomware+BrLock
39
Browlockno local encryption, browser onlyhttps://www.google.de/search?tbm=isch&q=Ransomware+Browlock
40
BTCWare.btcware#_HOW_TO_FIX_!.htaRelated to / new version of CryptXXXhttps://twitter.com/malwrhunterteam/status/845199679340011520
41
Bucbi
no file name change, no extensionGOSThttp://researchcenter.paloaltonetworks.com/2016/05/unit42-bucbi-ransomware-is-back-with-a-ukrainian-makeover/https://www.google.de/search?tbm=isch&q=Ransomware+Bucbi
42
BuyUnlockCode
(.*).encoded.([A-Z0-9]{9})
BUYUNLOCKCODE.txtDoes not delete Shadow Copieshttps://www.google.de/search?tbm=isch&q=Ransomware+BuyUnlockCode
43
Central Security Treatment Organization
.cry!Recovery_[random_chars].html
!Recovery_[random_chars].txt
http://www.bleepingcomputer.com/forums/t/625820/central-security-treatment-organization-ransomware-help-topic-cry-extension/https://www.google.de/search?tbm=isch&q=Ransomware+Central+Security+Treatment+Organization
44
Cerber
.cerber
.cerber2
.cerber3
# DECRYPT MY FILES #.html
# DECRYPT MY FILES #.txt
# DECRYPT MY FILES #.vbs
# README.hta
_{RAND}_README.jpg
_{RAND}_README.hta
_HELP_DECRYPT_[A-Z0-9]{4-8}_.jpg
_HELP_DECRYPT_[A-Z0-9]{4-8}_.hta
_HELP_HELP_HELP_%random%.jpg
_HELP_HELP_HELP_%random%.hta
_HOW_TO_DECRYPT_[A-Z0-9]{4-8}_.jpg
_HOW_TO_DECRYPT_[A-Z0-9]{4-8}_.hta
AEShttps://blog.malwarebytes.org/threat-analysis/2016/03/cerber-ransomware-new-but-mature/https://community.rsa.com/community/products/netwitness/blog/2016/11/04/the-evolution-of-cerber-v410https://www.google.de/search?tbm=isch&q=Ransomware+Cerber
45
CerberTearhttps://twitter.com/struppigel/status/795630452128227333https://www.google.de/search?tbm=isch&q=Ransomware+CerberTear
46
Chimera
.crypt
4 random characters, e.g., .PzZs, .MKJL
YOUR_FILES_ARE_ENCRYPTED.HTML
YOUR_FILES_ARE_ENCRYPTED.TXT
<random>.gif
http://www.bleepingcomputer.com/news/security/chimera-ransomware-decryption-keys-released-by-petya-devs/https://blog.malwarebytes.org/threat-analysis/2015/12/inside-chimera-ransomware-the-first-doxingware-in-wild/https://www.google.de/search?tbm=isch&q=Ransomware+Chimera
47
CHIP.CHIP
.DALE
CHIP_FILES.txt
DALE_FILES.TXT
http://malware-traffic-analysis.net/2016/11/17/index.htmlhttps://www.bleepingcomputer.com/news/security/rig-e-exploit-kit-now-distributing-new-chip-ransomware/https://www.google.de/search?tbm=isch&q=Ransomware+CHIP
48
Click Me Gamehttps://www.youtube.com/watch?v=Xe30kV4ip8whttps://www.google.de/search?tbm=isch&q=Ransomware+Click+Me+Game
49
ClockDoes not encrypt anythinghttps://twitter.com/JakubKroustek/status/794956809866018816https://www.google.de/search?tbm=isch&q=Ransomware+Clock
50
CloudSwordWarning警告.htmlhttps://twitter.com/BleepinComputer/status/822653335681593345https://www.google.de/search?tbm=isch&q=Ransomware+CloudSword
51
Cockblocker.hannahhttps://twitter.com/jiriatvirlab/status/801910919739674624https://www.google.de/search?tbm=isch&q=Ransomware+Cockblocker
52
CoinVault.clfwallpaper.jpg CryptoGraphic Locker family.
Has a GUI.
Do not confuse with CrypVault!
https://noransom.kaspersky.com/https://www.google.de/search?tbm=isch&q=Ransomware+CoinVault
53
Coverton
.coverton
.enigma
.czvxce
!!!-WARNING-!!!.html
!!!-WARNING-!!!.txt
AES(256)http://www.bleepingcomputer.com/news/security/paying-the-coverton-ransomware-may-not-get-your-data-back/https://www.google.de/search?tbm=isch&q=Ransomware+Coverton
54
Crptxxx.crptxxxHOW_TO_FIX_!.txtUses @enigma0x3's UAC bypasshttps://twitter.com/malwrhunterteam/status/839467168760725508
55
Cryaki
.{CRYPTENDBLACKDC}
https://support.kaspersky.com/viruses/disinfection/8547https://www.google.de/search?tbm=isch&q=Ransomware+Cryaki
56
Crybolahttps://support.kaspersky.com/viruses/disinfection/8547https://www.google.de/search?tbm=isch&q=Ransomware+Crybola
57
CryFile
.criptiko
.criptoko
.criptokod
.cripttt
.aga
SHTODELATVAM.txt
Instructionaga.txt
Moves byteshttp://virusinfo.info/showthread.php?t=185396https://www.google.de/search?tbm=isch&q=Ransomware+CryFile
58
CryLocker.cry!Recovery_[random_chars].html
!Recovery_[random_chars].txt
Identifies victim locations w/Google Maps APICry, CSTO, Central Security Treatment Organizationhttp://www.bleepingcomputer.com/news/security/the-crylocker-ransomware-communicates-using-udp-and-stores-data-on-imgur-com/https://www.google.de/search?tbm=isch&q=Ransomware+CryLocker
59
CrypMICREADME.TXT
README.HTML
README.BMP
CryptXXX clone/spinoffAES(256)http://blog.trendmicro.com/trendlabs-security-intelligence/crypmic-ransomware-wants-to-follow-cryptxxx/https://www.google.de/search?tbm=isch&q=Ransomware+CrypMIC
60
Crypren.ENCRYPTEDREAD_THIS_TO_DECRYPT.htmlhttps://github.com/pekeinfo/DecryptCryprenhttp://www.nyxbone.com/malware/Crypren.htmlhttp://www.nyxbone.com/images/articulos/malware/crypren/0.png
61
Crypt38.crypt38AEShttps://download.bleepingcomputer.com/demonslay335/Crypt38Keygen.ziphttps://blog.fortinet.com/2016/06/17/buggy-russian-ransomware-inadvertently-allows-free-decryptionhttps://www.google.de/search?tbm=isch&q=Ransomware+Crypt38
62
CryptConsolerandom
decipher_ne@outlook.com_[encrypted_filename]
unCrypte@outlook.com_[encrypted_filename]
How decrypt files.htaImpersonates the Globe Ransomware
Will not actually encrypt files
https://www.bleepingcomputer.com/forums/t/638344/cryptconsole-uncrypteoutlookcom-support-topic-how-decrypt-fileshta/https://twitter.com/PolarToffee/status/824705553201057794
63
CryptearAES(256)Hidden Tearhttp://www.utkusen.com/blog/dealing-with-script-kiddies-cryptear-b-incident.htmlhttps://www.google.de/search?tbm=isch&q=Ransomware+Cryptear
64
CrypterDoes not actually encrypt the files, but simply renames themhttps://twitter.com/jiriatvirlab/status/802554159564062722
65
CryptFIle2.scl
id[_ID]email_xerx@usa.com.scl
RSAhttps://www.proofpoint.com/us/threat-insight/post/ransomware-explosion-continues-cryptflle2-brlock-mm-locker-discoveredhttps://www.google.de/search?tbm=isch&q=Ransomware+CryptFIle2
66
CryptInfinite.crinfhttps://decrypter.emsisoft.com/https://www.google.de/search?tbm=isch&q=Ransomware+CryptInfinite
67
CryptoBitOKSOWATHAPPENDTOYOURFILES.TXTsekretzbel0ngt0us.KEY
do not confuse with CryptorBit
AES and RSAhttp://www.pandasecurity.com/mediacenter/panda-security/cryptobit/http://news.softpedia.com/news/new-cryptobit-ransomware-could-be-decryptable-503239.shtmlhttps://www.google.de/search?tbm=isch&q=Ransomware+CryptoBit
68
CryptoBlockRaaShttps://twitter.com/drProct0r/status/810500976415281154https://blog.malwarebytes.com/threat-analysis/2017/03/cryptoblock-and-its-c2/https://www.google.de/search?tbm=isch&q=Ransomware+CryptoBlock
69
CryptoDefenseHOW_DECRYPT.TXT
HOW_DECRYPT.HTML
HOW_DECRYPT.URL
no extension changehttps://decrypter.emsisoft.com/https://www.google.de/search?tbm=isch&q=Ransomware+CryptoDefense
70
CryptoDevil.devilhttps://twitter.com/PolarToffee/status/843527738774507522
71
CryptoFinancialRanscamhttp://blog.talosintel.com/2016/07/ranscam.htmlhttps://nakedsecurity.sophos.com/2016/07/13/ransomware-that-demands-money-and-gives-you-back-nothing/https://www.google.de/search?tbm=isch&q=Ransomware+CryptoFinancial
72
CryptoFortress.frtrssREAD IF YOU WANT YOUR FILES BACK.htmlMimics Torrentlocker. Encrypts only 50% of each file up to 5 MBAES(256), RSA (1024)https://www.google.de/search?tbm=isch&q=Ransomware+CryptoFortress
73
CryptoGraphic Locker.clfwallpaper.jpgHas a GUI.
Subvariants: CoinVault
BitCryptor
https://www.google.de/search?tbm=isch&q=Ransomware+CryptoGraphic+Locker
74
CryptoHostRAR's victim's files
has a GUI
AES(256) (RAR implementation)Manamecrypt, Telograph, ROI Lockerhttp://www.bleepingcomputer.com/news/security/cryptohost-decrypted-locks-files-in-a-password-protected-rar-file/https://www.google.de/search?tbm=isch&q=Ransomware+CryptoHost
75
CryptoJackyhttps://twitter.com/jiriatvirlab/status/838779371750031360
76
CryptoJoker.crjokerREADME!!!.txt
GetYouFiles.txt
crjoker.html
AES-256https://www.google.de/search?tbm=isch&q=Ransomware+CryptoJoker
77
CryptoLocker.encrypted
.ENC
no longer relevantRSAhttps://www.fireeye.com/blog/executive-perspective/2014/08/your-locker-of-information-for-cryptolocker-decryption.htmlhttps://reaqta.com/2016/04/uncovering-ransomware-distribution-operation-part-2/https://www.google.de/search?tbm=isch&q=Ransomware+CryptoLocker
78
CryptoLocker 1.0.0https://twitter.com/malwrhunterteam/status/839747940122001408https://www.google.de/search?tbm=isch&q=Ransomware+CryptoLocker+1.0.0
79
CryptoLocker 5.1https://twitter.com/malwrhunterteam/status/782890104947867649https://www.google.de/search?tbm=isch&q=Ransomware+CryptoLocker+5.1
80
CryptoLuck / YafunnLocker
.[victim_id]_luck[A-F0-9]{8}_luck%AppData%\@WARNING_FILES_ARE_ENCRYPTED.[victim_id].txt.via RIG EKAES(256)http://www.bleepingcomputer.com/news/security/cryptoluck-ransomware-being-malvertised-via-rig-e-exploit-kits/https://twitter.com/malwareforme/status/798258032115322880https://twitter.com/malwareforme/status/798258032115322880
81
CryptoMix
.code
.scl
.rmd
.lesli
.rdmk
.CRYPTOSHIELD
.CRYPTOSHIEL
.id_(ID_MACHINE)_email_xoomx@dr.com_.code
.id_*_email_zeta@dr.com
.id_(ID_MACHINE)_email_anx@dr.com_.scl
.email[supl0@post.com]id[\[[a-z0-9]{16}\]].lesli
*filename*.email[*email*]_id[*id*].rdmk
HELP_YOUR_FILES.html (CryptXXX)
HELP_YOUR_FILES.txt (CryptoWall 3.0, 4.0)
INSTRUCTION RESTORE FILE.TXT
Zetahttp://www.nyxbone.com/malware/CryptoMix.htmlhttps://www.cert.pl/en/news/single/technical-analysis-of-cryptomixcryptfile2-ransomware/https://www.google.de/search?tbm=isch&q=Ransomware+CryptoMix
82
CryptON
_crypt
.id-_locked
.id-_locked_by_krec
.id-_locked_by_perfect
.id-_x3m
.id-_r9oj
.id-_garryweber@protonmail.ch
.id-_steaveiwalker@india.com_
.id-_julia.crown@india.com_
.id-_tom.cruz@india.com_
.id-_CarlosBoltehero@india.com_
.id-_maria.lopez1@india.com_
name_crypt..extensionRSA, AES-256 and SHA-256Nemesis
X3M
https://decrypter.emsisoft.com/cryptonhttps://www.bleepingcomputer.com/news/security/crypton-ransomware-is-here-and-its-not-so-bad-/https://twitter.com/JakubKroustek/status/829353444632825856https://www.google.de/search?tbm=isch&q=Ransomware+CryptON
83
CryptoRansomewarehttps://twitter.com/malwrhunterteam/status/817672617658347521https://www.google.de/search?tbm=isch&q=Ransomware+CryptoRansomeware
84
Cryptorium.ENCOnly renames files and does not encrypt themhttps://www.google.de/search?tbm=isch&q=Ransomware+Cryptorium
85
CryptoRoger.crptrgr!Where_are_my_files!.htmlAEShttp://www.bleepingcomputer.com/news/security/new-ransomware-called-cryptoroger-that-appends-crptrgr-to-encrypted-files/https://www.google.de/search?tbm=isch&q=Ransomware+CryptoRoger
86
CryptoShadow.doomedLEER_INMEDIATAMENTE.txthttps://twitter.com/struppigel/status/821992610164277248
87
CryptoShield.CRYPTOSHIELDgrfg.wct.CRYPTOSHIELD# RESTORING FILES #.HTML
# RESTORING FILES #.TXT
CryptoMix VariantAES(256) / ROT-13https://www.bleepingcomputer.com/news/security/cryptomix-variant-named-cryptoshield-1-0-ransomware-distributed-by-exploit-kits/
88
CryptoShocker.lockedATTENTION.urlAEShttp://www.bleepingcomputer.com/forums/t/617601/cryptoshocker-ransomware-help-and-support-topic-locked-attentionurl/https://www.google.de/search?tbm=isch&q=Ransomware+CryptoShocker
89
CryptoTorLocker2015
.CryptoTorLocker2015!
HOW TO DECRYPT FILES.txt
%Temp%\<random>.bmp
http://www.bleepingcomputer.com/forums/t/565020/new-cryptotorlocker2015-ransomware-discovered-and-easily-decrypted/https://www.google.de/search?tbm=isch&q=Ransomware+CryptoTorLocker2015
90
CryptoTrooperAEShttp://news.softpedia.com/news/new-open-source-linux-ransomware-shows-infosec-community-divide-508669.shtml
91
CryptoWall 1no filename changeDECRYPT_INSTRUCTION.HTML
DECRYPT_INSTRUCTION.TXT
DECRYPT_INSTRUCTION.URL
INSTALL_TOR.URL
https://www.google.de/search?tbm=isch&q=Ransomware+CryptoWall+1
92
CryptoWall 2no filename changeHELP_DECRYPT.TXT
HELP_DECRYPT.PNG
HELP_DECRYPT.URL
HELP_DECRYPT.HTML
https://www.google.de/search?tbm=isch&q=Ransomware+CryptoWall+2
93
CryptoWall 3no filename changeHELP_DECRYPT.TXT
HELP_DECRYPT.PNG
HELP_DECRYPT.URL
HELP_DECRYPT.HTML
https://blogs.technet.microsoft.com/mmpc/2015/01/13/crowti-update-cryptowall-3-0/https://www.virustotal.com/en/file/45317968759d3e37282ceb75149f627d648534c5b4685f6da3966d8f6fca662d/analysis/https://www.google.de/search?tbm=isch&q=Ransomware+CryptoWall+3
94
CryptoWall 4
<random>.<random>, e.g.,
27p9k967z.x1nep
HELP_YOUR_FILES.HTML
HELP_YOUR_FILES.PNG
https://www.google.de/search?tbm=isch&q=Ransomware+CryptoWall+4
95
CryptoWireAES(256)https://twitter.com/struppigel/status/791554654664552448https://www.bleepingcomputer.com/news/security/-proof-of-concept-cryptowire-ransomware-spawns-lomix-and-ultralocker-families/
96
CryptXXX.cryptde_crypt_readme.bmp, .txt, .htmlComes with BedepCryptProjectXXXhttps://support.kaspersky.com/viruses/disinfection/8547http://www.bleepingcomputer.com/virus-removal/cryptxxx-ransomware-help-informationhttps://www.google.de/search?tbm=isch&q=Ransomware+CryptXXX
97
CryptXXX 2.0.crypt<personal-ID>.txt, .html, .bmpLocks screen. Ransom note names are an ID.
Comes with Bedep.
CryptProjectXXXhttps://support.kaspersky.com/viruses/disinfection/8547https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-toolhttp://blogs.cisco.com/security/cryptxxx-technical-deep-divehttps://www.google.de/search?tbm=isch&q=Ransomware+CryptXXX+2.0
98
CryptXXX 3.0
.crypt
.cryp1
.crypz
.cryptz
random
Comes with BedepUltraDeCrypter
UltraCrypter
https://support.kaspersky.com/viruses/disinfection/8547http://www.bleepingcomputer.com/news/security/cryptxxx-updated-to-version-3-0-decryptors-no-longer-work/http://blogs.cisco.com/security/cryptxxx-technical-deep-divehttps://www.google.de/search?tbm=isch&q=Ransomware+CryptXXX+3.0
99
CryptXXX 3.1.cryp1StilerX credential stealinghttps://support.kaspersky.com/viruses/disinfection/8547https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-samba-other-new-tricks-with-version3100https://www.google.de/search?tbm=isch&q=Ransomware+CryptXXX+3.1
100
CryPy.cryREADME_FOR_DECRYPT.txtAEShttps://www.google.de/search?tbm=isch&q=Ransomware+CryPy
Loading...