The extension looks random.
There are several different ransomware infections which append a random 4, 5, 6, 7, 8, etc character extension
to the end of all affected filenames...CTB-Locker, Crypt0L0cker, Magniber, CryptON (Cry9, Cry36, Cry128, Nemesis), Skull, SynAck, Maktub Locker, Alma Locker, Princess Locker, Locked-In, Mischa, Goldeneye, Al-Namrood 2.0, Cerber v4x/v5x and some Xorist variants.
The best way to identify the different ransomwares that use "random character extensions" is the ransom note
(including it's name), samples of the encrypted files
, any obvious extensions appended
to the encrypted files, information related to any email addresses
provided by the cyber-criminals to request payment and the malware file
responsible for the infection. If you have not done so, I suggest you try uploading both
encrypted files and ransom notes together at ID Ransomware (IDR)
since that provides a more positive match.