For future and present reference I would like to keep a living file screening list for CryptoLocker, CryptoWall, CryptoTesla and other variants of Ransomware for Windows Server where administrators using File Server Resource Manager FSRM.msc actively monitor network shares and files. I will open this up for comment and will include matches found in common variants. If you have an extension or file name not on this list please list relative information in a reply! Original ransomware reference copied from Pastebin... Source: http://pastebin.com/BQV7yr8V Author: woodburyman Last Update: August 19th 2015 *.*AES256 *.*cry *.*crypto *.*darkness *.*enc* *.*kb15 *.*kraken *.*locked *.*nochance *.*oshit *.*exx *@gmail_com_* *@india.com* *cpyt* *crypt* *decipher* *install_tor*.* *keemail.me* *qq_com* *ukr.net* *restore_fi*.* *help_restore*.* *how_to_recover*.* *.ecc *.exx *.ezz *.frtrss *.vault *want your files back.* confirmation.key enc_files.txt last_chance.txt message.txt recovery_file.txt recovery_key.txt vault.hta vault.key vault.txt *.aaa Additional extensions... Source: http://www.bleepingcomputer.com/forums/t/588135/has-anyone-seen-this-ransomware/ Author: quietman7 (Global Moderator) Last Update: August 26 2015 *.xyz *.zzz *.abc PLEASE HELP KEEP THIS LIST GOING AND UPDATED! |
7s3v3n7 4 Posts |
thread locked Quote Subscribe |
Sep 9th 2015 5 years ago |
we did see .mp3 ext encrypted file. when ransomware encrypted any MS word file , It ext changed to XYZ.doc.mp3 |
Anonymous - |
Thread locked. Quote |
Mar 11th 2016 5 years ago |
Sign Up for Free or Log In to start participating in the conversation!