Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Updated List of Ransomware File Names and Extensions


  • Please log in to reply
5 replies to this topic

#1 souldjer777

souldjer777

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 09 September 2015 - 01:32 PM

Good Afternoon Moderators,

 

First, thank you very much for all that you do! This is an incredible resource and you are helping everyone to fight ransomware, viruses and malware - I would say around the world. That is an amazing thing. Great job - honestly. Thank you everyone at Bleeping Computer!

 

Okay on with the business side of things...

 

If it's not already in production, I would ask that you please create and maintain an updated list of file names and extensions for all ransomware variants at Bleeping Computer.com (not external of your site)

 

This will cut down on confusion and also be an invaluable resource for any who seek to monitor and take action against any ransomware variant using File Server Resource Manager (FSRM) for example.

 

BTW - FSRM actively monitors your Windows Server shares and files and could alert you of any malicious activity you specify. Which would require the actively updated list I'm suggesting.

 

You would know first... you would get word, examples, requests first... so that's why I'm asking...

 

External Example of FSRM Setup:

"Stop CryptoLocker (and copy-cat variants of this badware) before it ruins your day"

http://jpelectron.com/sample/Info%20and%20Documents/Stop%20crypto%20badware%20before%20it%20ruins%20your%20day/1-PreventCrypto-Readme.htm

 

External Example of FSRM Setup Video - Windows 2012 Server:

 

External Example of File List:
"File Screening List for Ransomeware”

 

LIST BELOW:

 

*.*cry
*.*crypto
*.*darkness
*.*enc*
*.*kb15
*.*kraken
*.*locked
*.*nochance
*.*obleep
*.*exx
*@gmail_com_*
*@india.com*
*cpyt*
*crypt*
*decipher*
*install_tor*.*
*keemail.me*
*qq_com*
*ukr.net*
*restore_fi*.*
*help_restore*.*
*how_to_recover*.*
*.ecc
*.exx
*.ezz
*.frtrss
*.vault
*want your files back.*
confirmation.key
enc_files.txt
last_chance.txt
message.txt
recovery_file.txt
recovery_key.txt
vault.hta
vault.key
vault.txt
*.aaa
*.zzz
*.abc
 
Thank you Bleeping Computer!!!
 
:bowdown:
 
Also, feel free to nuke my subject / forum post / etc if you deem it necessary to direct folks to your own consolidated list of ransomware extensions files names!

Edited by souldjer777, 09 September 2015 - 01:36 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:48 PM

Posted 09 September 2015 - 04:49 PM

A repository listing of all Bleeping Computer Crypto malware Information and ransomware topics can be found in this index.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 nexxai

nexxai

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 06 June 2016 - 01:22 PM

I built a site to keep track of the various ransomware file extensions since this list hasn't been updated with the most recent file groups.  I also offer an unauthenticated API that contains the entire up-to-date list so that you can schedule a task to always grab the last filters.

 

https://fsrm.experiant.ca/

 

If you have any suggestions for the site, I am absolutely all ears!



#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:48 PM

Posted 06 June 2016 - 02:00 PM

I have an HMAC-authenticated API for ID Ransomware that you are welcome access to. It is kept up to date as I add definitions for new ransomware detections constantly. It also includes ransom notes, and you can query it for extensions and ransom notes on a particular ransomware. It also will give you the regular expressions if you want, since some don't use a strict extension, but a full pattern (e.g. Locky, Troldesh, etc.).

 

Here's the documentation on what the API provides. If you are interested in using it, you may PM me for an access code.

 

https://id-ransomware.malwarehunterteam.com/api/documentation.php


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:48 PM

Posted 07 June 2016 - 06:13 AM


And if ID Ransomware cannot identify the infection, folks can post the case SHA1 it gives for Demonslay335 to manually inspect the files.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 souldjer777

souldjer777
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 07 June 2016 - 01:01 PM

Noticed you guys cranked up the ADs to help pay for the lawsuit.

 

Hopefully someone that uses Bleeping Computer is a lawyer that will help you Pro-Bono ( For the public good - of the WORLD! )

 

Receipt for your donation to Bleeping Computer, LLC






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users