extension is more generic since it is used by several types of ransomware so the ransom note is needed for confirmation.
The best way to identify the different ransomwares is the ransom note
(including it's name), samples of the encrypted files
, any obvious extensions appended
to the encrypted files, information related to any email addresses
used by the cyber-criminals to request payment and the malware file
responsible for the infection.
You can submit samples of encrypted files and ransom notes to ID Ransomware
for assistance with identification
. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further assistance. Uploading both
encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.