ID Ransomware said “Crypt0l0cker”
Any files that are encrypted with Crypt0L0cker
(TorrentLocker) will have the .encrypted
extension appended to the end of the encrypted data filename and leave files (ransom notes) named DECRYPT_INSTRUCTIONS.TXT, DECRYPT_INSTRUCTIONS.HTML, INSTRUCCIONES_DESCIFRADO.HTML, How_To_Recover_Files.txt, How_To_Restore_Files.txt and HOW_TO_RESTORE_FILES.HTML. The newest variant of Crypt0L0cker
(TorrentLocker) will have the .enc
extension appended to the end of the encrypted data filename as explained here
There is an ongoing discussion in this topic where you can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.
...Also 6-character random extension behind regular extension...
This may not be Crypt0L0cker...ID Ransomware cannot properly identify the ransomware without a ransom note since there are several different ransomware infections which utilize a random 4, 5, 6, 7 character extension
. The best way to identify the different ransomwares that use "random character extensions" is the ransom note or at least information related to the email address used by the cyber-criminals.
I suggest you try uploading both encrypted files and ransom notes together at ID Ransomware
since that provides a more positive match.