The best way to identify the different ransomwares is the ransom note
(including it's name), samples of the encrypted files
, any obvious extensions appended
to the encrypted files, information related to any email addresses
provided by the cyber-criminals to request payment and the malware file
responsible for the infection.
You can submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals toID Ransomware
for assistance with identification
. This is a service that helps identify what ransomware may have encrypted your files, whether it is decryptable and then attempts to direct you to an appropriate support topic where you can seek further assistance. Uploading both
encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals together provides a more positive match and helps to avoid false detections. Any email addresses or hyperlinks provided by the criminals may also be helpful with identification. If ID Ransomware cannot identify the infection, you can post the case SHA1
it gives you in your next reply for Demonslay335
to manually inspect the files.
Without the above information or if this is something new (or if there is no extension or filemarker in encrypted files), our crypto malware experts most likely will need a sample of the malware file itself to analyze before the type of infection can be confirmed. Samples of any suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted (uploaded) here
with a link to this topic...it's best to zip (compress) all files before sharing. There is a "Link to topic where this file was requested
" box under the Browse button.