Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomeware with .zzdomcl extension


  • Please log in to reply
3 replies to this topic

#1 kamiran

kamiran

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 15 October 2017 - 02:35 PM

Hi dears,

 

We have find new extension .zzdomcl that is Unknown Ransomware.

 

Any Ideas ?

 

reference case SHA1: 45e18428f137ddc50a4d3cec7cc68c663486af47

 

 

 

______________________________

www.KAMIRAN.Asia VirusLab

ESET NOD32 , Kaspersky & Bitdefender Authorized Partner in ME



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:12 PM

Posted 15 October 2017 - 03:55 PM

The extension looks random.

Did you find any ransom notes and if so, what is the actual name of the note?
Did the cyber-criminals provide an email address to send payment to? If so, what is the email address?

ID Ransomware cannot properly identify the ransomware without a ransom note since there are several different ransomware infections which append a random 4, 5, 6, 7, 8, etc character extension to the end of all affected filenames (i.e. CTB-Locker, Crypt0L0cker, CryptON (Cry9, Cry36, Cry128, Nemesis), Skull, SynAck, Maktub Locker, Alma Locker, Princess Locker, Locked-In, Mischa, Goldeneye, Al-Namrood 2.0, Cerber v4x/v5x and some Xorist variants).

The best way to identify the different ransomwares that use "random character extensions" is the ransom note (including it's name), samples of the encrypted files, any obvious extensions appended to the encrypted files, information related to any email addresses used by the cyber-criminals to request payment and the malware file responsible for the infection. If you have not done so, I suggest you try uploading both encrypted files and ransom notes together at ID Ransomware since that provides a more positive match.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 kamiran

kamiran
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 16 October 2017 - 08:44 AM

We request the ransom-note from the infected user and we will check it when it revived.

 

Best Regards.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:12 PM

Posted 16 October 2017 - 05:06 PM

Good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users