The extension looks random.
Did you find any ransom notes
and if so, what is the actual name of the note?
Did the cyber-criminals provide an email address
to send payment to? If so, what is the email address?
ID Ransomware cannot properly identify the ransomware without a ransom note since there are several different ransomware infections which append a random 4, 5, 6, 7, 8, etc character extension
to the end of all affected filenames (i.e. CTB-Locker, Crypt0L0cker, CryptON (Cry9, Cry36, Cry128, Nemesis), Skull, SynAck, Maktub Locker, Alma Locker, Princess Locker, Locked-In, Mischa, Goldeneye, Al-Namrood 2.0, Cerber v4x/v5x and some Xorist variants).
The best way to identify the different ransomwares that use "random character extensions" is the ransom note
(including it's name), samples of the encrypted files
, any obvious extensions appended
to the encrypted files, information related to any email addresses
used by the cyber-criminals to request payment and the malware file
responsible for the infection. If you have not done so, I suggest you try uploading both
encrypted files and ransom notes together at ID Ransomware
since that provides a more positive match.