Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ID Ransomware - Identify What Ransomware Encrypted Your Files


  • Please log in to reply
404 replies to this topic

#31 Amigo-A

Amigo-A

  • Members
  • 249 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:09:54 PM

Posted 23 May 2016 - 12:38 PM

Zylok Locker???

May be Zyklon Locker???


Need info about Crypto-Ransomware? A huge safe base here!

Digest about Crypto-Ransomwares (In Russian) + Google Translate Technology

Anti-Ransomware Project  (In Russian) + Google Translate Technology and links


BC AdBot (Login to Remove)

 


m

#32 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,300 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:54 AM

Posted 23 May 2016 - 12:40 PM

Zylok Locker???

May be Zyklon Locker???

 

Yes, my typo from memory.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#33 Amigo-A

Amigo-A

  • Members
  • 249 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:09:54 PM

Posted 23 May 2016 - 12:57 PM

OK. Thanks for answer.


Need info about Crypto-Ransomware? A huge safe base here!

Digest about Crypto-Ransomwares (In Russian) + Google Translate Technology

Anti-Ransomware Project  (In Russian) + Google Translate Technology and links


#34 CharlyG

CharlyG

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 27 May 2016 - 09:37 PM

Hello, I'm trying to identified the encryptation method used on one infected file with locky virus, and the website: https://id-ransomware.malwarehunterteam.com/identify.php have a Error 524 Time A timeout occurred. Anyone knows if the site is down temporarily or permanent? Thank you! 



#35 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,300 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:54 AM

Posted 27 May 2016 - 10:15 PM

I was messing with a poor-man's cron job that went awry on me, lol. It should be up; should have only affected a few people for a short amount of time.

 

*Edit: might be still wrestling with it... if anyone gets a timeout error, it is definitely temporary, sorry.


Edited by Demonslay335, 28 May 2016 - 09:21 AM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#36 antimodes

antimodes

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 28 May 2016 - 09:29 AM

Hello,

it was a very useful website to recognize which ransomware infect the computer....if it will not go online, please post any other alternatives!! :)

Many thanks!!



#37 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,300 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:54 AM

Posted 28 May 2016 - 10:08 AM

Hello,

it was a very useful website to recognize which ransomware infect the computer....if it will not go online, please post any other alternatives!! :)

Many thanks!!

 

To my knowledge no such thing exists online or offline - thus why I made the site. :)

 

I've got the issues resolved now.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#38 antimodes

antimodes

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 28 May 2016 - 10:18 AM

Really appreciated!!
Many thanks!!
Paolo

#39 CharlyG

CharlyG

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 28 May 2016 - 10:53 AM

I could see the infection was locky, and no luck to decrypt the files! Start from scratch, and work with backups. Thank's for put the web online! :)

Edited by CharlyG, 28 May 2016 - 11:12 AM.


#40 elhack4

elhack4

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 31 May 2016 - 01:53 AM

PLEASE HELP MY FILES :(  thump_9595396sin-ttulo.jpg



#41 vilhavekktesla

vilhavekktesla

  • Members
  • 917 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:54 PM

Posted 31 May 2016 - 01:11 PM

At elhack4, have you tried to follw the links from https://id-ransomware.malwarehunterteam.com/index.php service?

 

For each identified data you will find a link directiing you to the correct forum topic.

 

This tiopic is to inform the creatorof id-ransomware and creator of this thopi (read post one) about issues.

If your data above are important to you and have privat info, you have now give with knowledge to decrypt three of your files.

 

That is not very smart, so follow the links, and read the topic you will be posting to, to see if there is any way to save the data, then you may ask the topic for help, if you need anything.

 

 

 

 

Regards


The signature points to post one in each topic. Post one is very important to read.

Now Teslacrypt may be decrypted with Blooddolly's Tesladecoder version 1.0 or newer (if needed)

The master key is released so there is no need to pay to get the key.

More than 200 different ransomwares exist so think safe backups at all time.


#42 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,101 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:54 AM

Posted 31 May 2016 - 07:35 PM

elhack4 started a topic here and I replied.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#43 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 18,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:11:54 AM

Posted 07 June 2016 - 09:56 AM

Mind if I submit a few corrections for the French translation of the website?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @AuraTheWhiteHat
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#44 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,300 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:54 AM

Posted 07 June 2016 - 09:58 AM

Mind if I submit a few corrections for the French translation of the website?

 

Sure, feel free to PM me any potential corrections. As a courtesy to my original translators, I will typically run it by them before implementing any changes to the public site.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#45 Rvt

Rvt

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:KSA
  • Local time:07:54 PM

Posted 07 June 2016 - 12:08 PM

 

ID Ransomware
 
logo-150.png
 
 
ID Ransomware (beta) is a website I have created where a victim can identify what ransomware encrypted their files.
 
All too often after a ransomware attack, the first question is, "what encrypted my files?", followed by "can I decrypt my data?". This web service aims to help answer those questions, and guide a victim to the correct information relating to their infection.
 
By simply uploading a ransom note, and/or an encrypted file (preferably both for best results), the site will use several techniques to help identify what ransomware may have encrypted the files. This includes assessing the ransom note name, file name patterns of the encrypted file, and in some cases, even byte patterns in the encrypted file itself.
 
When the ransomware(s) has been identified, a clean-cut answer will be displayed on the current known status of decrypting the data, along with a link to more information on the particular ransomware.
 
Naturally, there are cases where multiple ransomwares could be detected, as some ransomware share signs. It is best to review the provided links for more information on manually determining which is the real infector. It is also possible there could be dual-infections. There is also the chance that no ransomware will be identified. Some ransomware show few, or very complicated signs, and cannot be determined simply from the ransom note and encrypted sample.
 
A current list of ransomware that are supported is displayed on the front page, with newest additions in bold (all will be bold at launch here naturally).
 
I will be continuously trying to keep the database as accurate as possible when new developments are found, and when new ransomware are discovered. I also have plans for new detection techniques in the future.
 
This project is technically in beta, so let me know if there are any bugs, or if you believe detection was not accurate for a case. I can be reached on this forum, and my Twitter handle is at the bottom of the page.
 
In a way, I see this as a spiritual successor of Nathan's IDTool, so I thank him for the inspiration. :)
 
The website is accessible at the following link: https://id-ransomware.malwarehunterteam.com/
 
Special thanks to @malwrhunterteam for usage of their sub-domain. :)
 
Currently Identified Ransomware - 03/25/16

  • 7ev3n
  • BuyUnlockCode
  • Cerber
  • Coverton
  • Crypt0L0cker
  • CryptoFortress
  • CryptoHasYou
  • CryptoJoker
  • CryptoWall 2.0
  • CryptoWall 3.0
  • CryptoWall 4.0
  • DMA Locker
  • ECLR Ransomware
  • EnCiPhErEd
  • HOW TO DECRYPT FILES
  • HydraCrypt
  • KeRanger
  • LeChiffre
  • Locky
  • Magic
  • MakTub Locker
  • NanoLocker
  • Nemucod
  • PadCrypt
  • PClock
  • PowerWare
  • Radamant
  • Sanction
  • Shade
  • SuperCrypt
  • Surprise
  • TeslaCrypt 0.x
  • TeslaCrypt 2.x
  • TeslaCrypt 3.0
  • TeslaCrypt 4.0
  • UmbreCrypt

 

Sir, what about the .cryp1 as cryptorbit? is it similar to ultracrypt?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users