ID Ransomware is a website I have created where a victim can identify what ransomware encrypted their files.
All too often after a ransomware attack, the first question is, "what encrypted my files?", followed by "can I decrypt my data?". This web service aims to help answer those questions, and guide a victim to the correct information relating to their infection.
By simply uploading a ransom note, and/or an encrypted file (preferably both for best results), the site will use several techniques to help identify what ransomware may have encrypted the files. This includes assessing the ransom note name, file name patterns of the encrypted file, and in some cases, even byte patterns in the encrypted file itself.
When the ransomware(s) has been identified, a clean-cut answer will be displayed on the current known status of decrypting the data, along with a link to more information on the particular ransomware.
Naturally, there are cases where multiple ransomwares could be detected, as some ransomware share signs. It is best to review the provided links for more information on manually determining which is the real infector. It is also possible there could be dual-infections. There is also the chance that no ransomware will be identified. Some ransomware show few, or very complicated signs, and cannot be determined simply from the ransom note and encrypted sample.
A current list of ransomware that are supported is displayed on the front page, with newest additions in bold (all will be bold at launch here naturally).
I will be continuously trying to keep the database as accurate as possible when new developments are found, and when new ransomware are discovered. I also have plans for new detection techniques in the future.
This project is technically in beta, so let me know if there are any bugs, or if you believe detection was not accurate for a case. I can be reached on this forum, and my Twitter handle is at the bottom of the page.
In a way, I see this as a spiritual successor of Nathan's IDTool, so I thank him for the inspiration.
The website is accessible at the following link: https://id-ransomware.malwarehunterteam.com/
Special thanks to @malwrhunterteam for usage of their sub-domain.
Please see the dynamic list on the front page of the website for a list of ransomwares that can currently be identified by ID Ransomware.
Edited by Demonslay335, 03 May 2017 - 08:06 AM.