Documentos de Académico
Documentos de Profesional
Documentos de Cultura
.CryptoHasYou. .enc
777 .777 ._[timestamp]_$[email]$.777
7ev3n .R4A e.g. ._14-05-2016-11-59-36_$ninja.gaiver@aol.com$.777
7h9r .R5A
.7h9r
8lock8 .8lock8
AiraCrop ._AiraCropEncrypted
Al-Namrood .unavailable
Alcatraz Locker .disappeared
.Alcatraz
ALFA Ransomware .bin
Alma Ransomware random random(x5)
Alpha Ransomware .encrypt
Alphabet
AMBA .amba
Angela Merkel .angelamerkel
AngleWare .AngleWare
Angry Duck .adk
Anony
Anubis .coded
Apocalypse .encrypted [filename].ID-*8characters+countrycode[cryptservice@inbox.ru].[random
ApocalypseVM .SecureCrypted
.encrypted *filename*.ID-[A-F0-9]{8}+countrycode[cryptcorp@inbox.ru].[a-z0-9]{13
ASN1 .locked
AutoLocky .locky
Aw3s0m3Sc0t7 .enc
BadBlock
BadEncript .bript
BaksoCrypt .adr
Bandarchor .id-1235240425_help@dec
.id-[ID]_[EMAIL_ADDRESS]
BarRax .BarRax
Bart .bart.zip
BitCryptor .bart
.clf
BitStak .bitstak
BlackShades Crypter .Silent
Blocatto .blocatto
Booyah
Brazilian .lock
Brazilian Globe .id-%ID%_garryweber@protonmail
BrLock
Browlock
BTCWare .btcware
Bucbi
BuyUnlockCode (.*).encoded.([A-Z0-9]{9})
Central Security Treatment Organi.cry
Cerber .cerber
CerberTear .cerber2
Chimera .crypt
CHIP 4 random characters, e.g., .PzZs, .MKJL
.CHIP
Click Me Game .DALE
Clock
CloudSword
Cockblocker .hannah
CoinVault .clf
Coverton .coverton
Crptxxx .enigma
.crptxxx
Cryaki .{CRYPTENDBLACKDC}
Crybola
CryFile .criptiko
CryLocker .criptoko
.cry
CrypMIC
Crypren .ENCRYPTED
Crypt38 .crypt38
CryptConsole random decipher_ne@outlook.com_[encrypted_filename]
Cryptear unCrypte@outlook.com_[encrypted_filename]
Crypter
CryptFIle2 .scl id[_ID]email_xerx@usa.com.scl
CryptInfinite .crinf
CryptoBit
CryptoBlock
CryptoDefense
CryptoDevil .devil
CryptoFinancial
CryptoFortress .frtrss
CryptoGraphic Locker .clf
CryptoHost
CryptoJacky
CryptoJoker .crjoker
CryptoLocker .encrypted
CryptoLocker 1.0.0 .ENC
CryptoLocker 5.1
CryptoLuck / YafunnLocker .[victim_id]_luck [A-F0-9]{8}_luck
CryptoMix .code .id_(ID_MACHINE)_email_xoomx@dr.com_.code
CryptON .scl
_crypt .id_*_email_zeta@dr.com
name_crypt..extension
.id-_locked
CryptoRansomeware
Cryptorium .ENC
CryptoRoger .crptrgr
CryptoShadow .doomed
CryptoShield .CRYPTOSHIELD grfg.wct.CRYPTOSHIELD
CryptoShocker .locked
CryptoTorLocker2015 .CryptoTorLocker2015!
CryptoTrooper
CryptoWall 1 no filename change
CryptoWall 2 no filename change
CryptoWall 3 no filename change
CryptoWall 4 <random>.<random>, e.g.,
CryptoWire 27p9k967z.x1nep
CryptXXX .crypt
CryptXXX 2.0 .crypt
CryptXXX 3.0 .crypt
CryptXXX 3.1 .cryp1
CryPy .cry
CTB-Faker
CTB-Locker .ctbl .([a-z]{6,7})
CTB-Locker WEB
CuteRansomware .已加密
Cyber SpLiTTer Vbs .encrypted
Damage .damage
Dharma .dharma .<email>.(dharma|wallet|zzzzz)
Deadly for a Good Purpose .wallet .id-%ID%.[moneymaker2@india.com].wallet
Death Bitches .locked
DeCrypt Protect .html
DEDCryptor .ded
Demo .encrypted
Depsex .Locked-by-Mafia
DeriaLock .deria
DetoxCrypto
Digisom
DirtyDecrypt
DMALocker
DMALocker 3.0
DNRansomware .fucked
Domino .domino
Donald Trump .ENCRYPTED
DoNotChange .id-7ES642406.cry
.Do_not_change_the_filename
DummyLocker .dCrypt
DXXD .dxxd
DynA-Crypt .crypt
EDA2 / HiddenTear .locked
EdgeLocker .edgel
EduCrypt .isis
EiTest .locked
.crypted
El-Polocker .ha3
Encoder.xxxx
encryptoJJS .enc
Enigma .enigma
Enjey .1txt
EnkripsiPC .fucked
Erebus Encrypt the extension using ROT-
Evil .file0locked
Exotic .evillock
.exotic random.exotic
FabSysCrypto
Fadesoft
Fairware
Fakben .locked
FakeGlobe aka GlobeImposter .crypt
FakeCryptoLocker .cryptolocker
Fantom .fantom
FenixLocker .comrade
.FenixIloveyou!!
FILE FROZR
FileLocker .ENCR
FireCrypt .firecrypt
Flyper .locked
Fonco
FortuneCookie
Free-Freedom .madebyadam
FSociety .fs0ciety
Fury .dll
GhostCrypt .Z81928819
Gingerbread
Globe v1 .purge
Globe v2 .lovewindows .<email>.<random>
Globe v3 .openforyou@india.com e.g.: .7076.docx.okean-
.[random].blt
GNL Locker .[random].encrypted
.locked <ID>.locked, e.g.,
GOG .L0CKED bill.!ID!8MMnF!ID!.locked
Gomasom .crypt !___[EMAILADDRESS]_.crypt
Goopic
Gopher
Gremit .rnsmwr
Guster .locked
Hacked .versiegelt
HappyDayzz .encrypted
Harasom .html
HDDCryptor
Heimdall
Help_dcfile .XXX
Herbst .herbst
Hermes
Hi Buddy! .cry
Hitler removes extensions
HolyCrypt (encrypted)
HTCryptor
Hucky .locky [a-zA-Z0-9+_-]{1,}.[a-z0-9]{3,4}.lo
HydraCrypt hydracrypt_ID_[\w]{8}
IFN643
iLock .crime
iLockLight .crime
International Police Association <6 random characters>
iRansom .Locked
Jack.Pot
JagerDecryptor !ENC
JapanLocker
Jeiphoos
Jhon Woddy .killedXXX
Jigsaw .btc
Job Crypter .kkk
.locked
JohnyCryptor .css
Kaandsona .kencf
Kangaroo .crypted_file
Karma .karma
Karmen .grt
Kasiski [KASISKI]
KawaiiLocker
KeRanger .encrypted
KeyBTC keybtc@inbox_com
KEYHolder
KillDisk
KillerLocker .rip
KimcilWare .kimcilware
Kirk .locked
.Kirked
Koolova
Korean .암호화됨
Kostya .kostya
Kozy.Jozy .31392E30362E32303136.([0-9A-Z]{20})_([0-9]{2})_([A-Z0-9
Kraken .kraken [base64].kraken
KratosCrypt .kratos
KRider .kr3
KryptoLocker
LambdaLocker .lambda_l0cked
LanRan
LeChiffre .LeChiffre
Lick .Licked
Linux.Encoder
LK Encryption
LLTP Locker .ENCRYPTED_BY_LLTP
LockCrypt .ENCRYPTED_BY_LLTPp
.lock
Locked-In
Locker
LockLock .locklock
Locky .locky ([A-F0-9]{32}).locky
Lock93 .zepto
.lock93 ([A-F0-9]{32}).zepto
Lomix
Lortok .crime
LowLevel04 oor.
M4N1F3STO
Mabouia
MacAndChess
Magic .magic
MaktubLocker [a-z]{4,6}
Marlboro .oops
MarsJoke .a19
MasterBuster .ap19
Matrix
Meister
Merry X-Mas! .PEGS1
Meteoritan .MRCR1
MIRCOP Lock.
MireWare .fucked
Mischa .fuck .([a-zA-Z0-9]{4})
MM Locker .locked
Mobef .KEYZ
Mole .KEYH0LES
.mole
Monument .mole02
MOTD .enc
MSN CryptoLocker
n1n1n1
N-Splitter .кибер разветвитель
Nagini
NanoLocker
Nemucod .crypted
Netix
Nhtnwcuf
NMoreira .maktub
NoobCrypt .__AiraCropEncrypted!
Nuke .nuclear55
Nullbyte _nullbyte
Ocelot
ODCODC .odcodc C-email-abennaki@india.com-(
Offline ransomware .cbf email-[params].cbf
OMG! Ransomware .LOL!
Onyx .OMG!
Operation Global III .EXE
Owl dummy_file.encrypted dummy_file.encrypted.[extension
OzozaLocker .Locked
PadCrypt .padcrypt
Padlock Screenlocker
Patcher .crypt
PayDay .sexy
PayDOS
Paysafecard Generator 2016 .cry_ test.cry_jpg
PClock
PetrWrap
Petya
Philadelphia .locked <file_hash>.locked
Phoenix .R.i.P
Pickles .EnCrYpTeD %random%.EnCrYpTeD
PizzaCrypts .id-[victim_id]-maestro@pizzacrypts.info
PokemonGO .locked
Popcorn Time .filock
Polyglot
Potato .potato
PowerWare .locky
PowerWorm
Princess Locker [a-z]{4,6},[0-9]
PRISM
Project34
ProposalCrypt .crypted
Ps2exe
PyL33T .d4nk
R
R980 .crypt
RAA encryptor .locked
Rabion
Radamant .RDM
Rakhni .RRK
.locked .coderksu@gmail_com_id[0-9]{2,3}
Ramsomeer .kraken .crypt@india.com.[\w]{4,12}
Ranion
Rannoh locked-<original name>.[a-zA-Z]{4}
RanRan .zXz
Ransoc
Ransom32
RansomLock
RansomPlus .encrypted
RarVault
Razy .razy
Rector .fear
.vscrypt
Red Alert .infected
RektLocker .rekt
RemindMe .remind
Revenge .crashed
.REVENGE
Rokku .rokku
RoshaLock
RozaLocker .ENC
Runsomewere
RussianRoulette
SADStory
Sage 2.0 .sage
Sage 2.2 .sage
Samas-Samsam .encryptedAES
Sanction .encryptedRSA
.sanction
Sanctions .wallet
Sardoninir .enc
Satan .stn
Satana Sarah_G@ausi.com___
Saturn
Scarab .scarab
Scraper
SerbRansom .velikasrbija
Serpent .serpent
Serpico
Shark .locked
ShellLocker .L0cked
ShinoLocker .shino
Shujin
Simple_Encoder .~
SkidLocker / Pompous .locked
SkyName
Smash!
Smrss32 .encrypted
SNSLocker .RSNSlocked
Spora .RSplited
Sport .sport
Stampado .locked
Strictor .locked
Surprise .surprise
Survey .tzu
SynoLocker
SZFLocker .szf
TeamXrat .___xratteamLucked
TeleCrypt .xcri
TeslaCrypt 0.x - 2.2.0 .vvv
TeslaCrypt 3.0+ .ecc
.micro
TeslaCrypt 4.1A .xxx
TeslaCrypt 4.2
Thanksgiving
Threat Finder
TorrentLocker .Encrypted
TowerWeb .enc
Toxcrypt .toxcrypt
Trojan .braincrypt
Troldesh .breaking_bad
TrueCrypter .better_call_saul
.enc
Trump Locker .TheTrumpLockerf
Turkish .TheTrumpLockerfp
.sifreli
Turkish (Fake CTB-Locker) .encrypted
Turkish Ransom .locked
UltraLocker
UmbreCrypt umbrecrypt_ID_[VICTIMID]
UnblockUPC
Ungluk .H3LL
Unlock26 .0x0
.locked-[XXX]
Unlock92 .CRRRT
Vanguard .CCCRRRPPP
VapeLauncher
VaultCrypt .vault
VBRANSOM 7 .xort
.VBRANSOM
VenisRansomware
VenusLocker .Venusf
Vindows Locker .Venusp
.vindows
Virlock .exe
Virus-Encoder .CrySiS .id-
Vortex .xtbl
.aes ########.decryptformoney@i
vxLock .vxLock
WannaCry .wcry
WildFire Locker .wncry
.wflx
Winnix Cryptor .wnx
XCrypt
XData .~xdata~
Xorist .EnCiPhErEd
XRTN .73i87A
.xrtn
XYZWare
You Have Been Hacked!!! .Locked
YourRansom .yourransom
Zcrypt .zcrypt
Zeta .code
Zimbra .scl
.crypto
ZinoCrypt .ZINO
Zlader / Russian .vault
Zorro .zorro
zScreenLocker
Zyka .locked
Zyklon .zyklon
Ransom Note Filename(s) Comment Encryption Algorithm
YOUR_FILES_ARE_LOCKED.txt AES(256)
read_this_file.txt XOR
FILES_BACK.txt
README_.TXT AES
READ_IT.txt Based on HiddenTear AES(256)
How to decrypt your files.txt related to TeamXRat
Read_Me.Txt
ransomed.html
README HOW TO DECRYPT YOUR FILES.Made by creators of Cerber
Unlock_files_randomx5.html AES(128)
Read Me (How Decrypt) !!!!.txt AES(256)
Doesn't encrypt any files /
ПРОЧТИ_МЕНЯ.txt provides you
Websites onlythe key
READ_ME.txt amba@riseup.net
READ_ME.txt
Demands 10 BTC
READ IF YOU WANT YOUR FILES BACK.ht Mimics Torrentlocker. Encrypts AES(256), RSA (1024)
wallpaper.jpg only a50%
Has GUI.of each file up to 5 MB
Subvariants:
RAR's victim'sCoinVault
files AES(256) (RAR
has a GUI implementation)
README!!!.txt AES-256
GetYouFiles.txt no longer relevant RSA
[random_chars]-READ_ME.html AES(256)
Based on EDA2 / HiddenTear
help-file-decrypt.enc contact email
<startupfolder>/pronk.txt safefiles32@mail.ru also as
Unlock code is: adam or
fs0ciety.html adamdude9
Based on EDA2
DECRYPT_YOUR_FILES.HTML Based on RemindMe
Based on Hidden Tear AES(256)
Python Ransomware
Ransomware.txt
DECRYPTION INSTRUCTIONS.txt
rtext.txt
!!!README!!![id].rtf Possible affiliation with Pony
RaaS
YOUR_FILES.url Copy of Ranion RaaS AES(256)
<startup folder>\fud.bmp Files might be partially
<startup folder>\paycrypt.bmp encrypted
Based on the DUMB ransomware
RaaS service AES(256)
me>.[a-zA-Z]{4}
VictemKey_0_5
VictemKey_5_30 Doesn't encrypt user files
no extension change, Javascript
Ransomware
Locks the desktop Asymmetric 1024
RarVault.htm
AES(128)
HOW_TO_DECRYPT_YOUR_FILES_[random_3_chars].html
Batch file AES(256)
HOW_TO_DECRYPT_YOUR_FILES_[random_3_chars].txt
Passcode:
DetoxCryptoRSA1014DJW2048
Variant AES
Readme.txt AES(256)
文件解密帮助.txt
_RECOVER_INSTRUCTIONS.ini AES
READ_IT.txt Based on EDA2 AES(256)
Based on HiddenTear
_HOW_TO_Decrypt.bmp
READ_Me.txt Based on EDA2 AES(256)
[Infection-ID].HTML
@Please_Read_Me@.txt
HOW_TO_UNLOCK_FILES_README_(<ID>).
Zyklon variant
YOUR FILES ARE ENCRYPTED!.txt GPG
Xhelp.jpg
HOW_CAN_I_DECRYPT_MY_FILES.txt
HOW TO DECRYPT FILES.TXT encrypted files will still have the XOR or TEA
original non-encrypted
VaultCrypt family header of
Based on HiddenTear
Attempt to steal passwords
README.txt
# HELP_DECRYPT_YOUR_FILES #.TXT
how.txt mpritsken@priest.com
ZINO_NOTE.TXT
VaultCrypt family RSA
Take_Seriously (Your saving grace).txt
https://twitter.com/malwrhunterteam/status/84519967934001
http://researchcenter.paloaltonetworks.com/2016/05/unit42-b
http://www.bleepingcomputer.com/forums/t/625820/central-s
https://blog.malwarebytes.org/threat-analysis/2016/03/cerbe
https://community.rsa.com/community/p
https://twitter.com/struppigel/status/795630452128227333
http://www.bleepingcomputer.com/news/security/chimera-ransomware-decryption-
https://blog.malwarebytes.org/threat-analysis/2015/12/inside
http://malware-traffic-analysis.net/2016/11/17/index.html
https://www.bleepingcomputer.com/news
https://www.youtube.com/watch?v=Xe30kV4ip8w
https://twitter.com/JakubKroustek/status/7949568098660188
https://twitter.com/BleepinComputer/status/82265333568159
https://twitter.com/jiriatvirlab/status/801910919739674624
https://noransom.kaspersky.com/
http://www.bleepingcomputer.com/news/security/paying-the-c
https://twitter.com/malwrhunterteam/status/83946716876072
https://support.kaspersky.com/viruses/disinfection/8547
https://support.kaspersky.com/viruses/disinfection/8547
http://virusinfo.info/showthread.php?t=185396
Cry, CSTO, Central http://www.bleepingcomputer.com/news/security/the-crylocke
Security Treatment http://blog.trendmicro.com/trendlabs-security-intelligence/cry
https://github.com/pekeinfo/DecryptCrypren
http://www.nyxbone.com/malware/Crypren.html
https://download.bleepingcomputer.com/demonslay335/Crypt38Keygen.zip
https://blog.fortinet.com/2016/06/17/buggy-russian-ransomw
https://www.bleepingcomputer.com/forums/t/638344/cryptconsole-uncrypteoutloo
https://twitter.com/PolarToffee/status/824705553201057794
Hidden Tear http://www.utkusen.com/blog/dealing-with-script-kiddies-cryptear-b-incident.html
https://twitter.com/jiriatvirlab/status/802554159564062722
https://www.proofpoint.com/us/threat-insight/post/ransomwa
https://decrypter.emsisoft.com/
http://www.pandasecurity.com/mediacenter/panda-security/c
http://news.softpedia.com/news/new-cry
https://twitter.com/drProct0r/status/810500976415281154
https://blog.malwarebytes.com/threat-an
https://decrypter.emsisoft.com/
https://twitter.com/PolarToffee/status/843527738774507522
Ranscam http://blog.talosintel.com/2016/07/ranscam.html
https://nakedsecurity.sophos.com/2016/
Manamecrypt, http://www.bleepingcomputer.com/news/security/cryptohost-decrypted-locks-files-
Telograph, ROI https://twitter.com/jiriatvirlab/status/838779371750031360
https://www.fireeye.com/blog/executive-perspective/2014/08/your-locker-of-inform
https://reaqta.com/2016/04/uncovering-ransomware-distribut
https://twitter.com/malwrhunterteam/status/83974794012200
https://twitter.com/malwrhunterteam/status/78289010494786
http://www.bleepingcomputer.com/news/security/cryptoluck-r
https://twitter.com/malwareforme/status
Zeta http://www.nyxbone.com/malware/CryptoMix.html
https://www.cert.pl/en/news/single/techn
Nemesis https://decrypter.emsisoft.com/crypton
https://www.bleepingcomputer.com/news/security/crypton-ran
https://twitter.com/JakubKroustek/status
X3M
https://twitter.com/malwrhunterteam/status/81767261765834
http://www.bleepingcomputer.com/news/security/new-ransom
https://twitter.com/struppigel/status/821992610164277248
https://www.bleepingcomputer.com/news/security/cryptomix-
http://www.bleepingcomputer.com/forums/t/617601/cryptosh
http://www.bleepingcomputer.com/forums/t/565020/new-cryptotorlocker2015-rans
http://news.softpedia.com/news/new-open-source-linux-ranso
https://blogs.technet.microsoft.com/mmpc/2015/01/13/crow
https://www.virustotal.com/en/file/45317
https://twitter.com/struppigel/status/791554654664552448
https://www.bleepingcomputer.com/news
CryptProjectXXX https://support.kaspersky.com/viruses/disinfection/8547
http://www.bleepingcomputer.com/virus-removal/cryptxxx-ran
CryptProjectXXX https://support.kaspersky.com/viruses/disinfection/8547
https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-
http://blogs.cisco.com/security/cryptxxx-
UltraDeCrypter https://support.kaspersky.com/viruses/disinfection/8547
http://www.bleepingcomputer.com/news/security/cryptxxx-up
http://blogs.cisco.com/security/cryptxxx-
UltraCrypter https://support.kaspersky.com/viruses/disinfection/8547
https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ra
http://www.bleepingcomputer.com/news/security/ctb-faker-ra
Citroni
https://thisissecurity.net/2016/02/26/a-lockpicking-exercise/
https://github.com/eyecatchup/Critroni-p
my-Little- https://github.com/aaaddress1/my-Little-Ransomware/tree/master/decryptoTool
https://github.com/aaaddress1/my-Little-Ransomware
Ransomware
CyberSplitter https://twitter.com/struppigel/status/778871886616862720
https://twitter.com/struppigel/status/806
https://decrypter.emsisoft.com/damage
https://twitter.com/demonslay335/status/8356640678430146
https://www.bleepingcomputer.com/news/security/kaspersky-releases-decryptor-fo
https://twitter.com/malwrhunterteam/status/78553337300772
https://twitter.com/JaromirHorejsi/status/8155552584789811
http://www.malwareremovalguides.info/decrypt-files-with-decrypt_mblblock-exe-de
http://www.bleepingcomputer.com/forums/t/617395/dedcrypt
http://www.nyxbone.com/malware/DEDCr
https://twitter.com/struppigel/status/798573300779745281
MafiaWare https://twitter.com/BleepinComputer/status/81706932093734
https://www.bleepingcomputer.com/news/security/new-derialock-ransomware-acti
https://www.bleepingcomputer.com/news/security/new-derial
Based on Detox: http://www.bleepingcomputer.com/news/security/new-detoxc
Calipso https://twitter.com/PolarToffee/status/829727052316160000
https://twitter.com/demonslay335/status/7525863345277091
https://decrypter.emsisoft.com/
https://blog.malwarebytes.org/threat-analysis/2016/02/dma-l
https://github.com/hasherezade/dma_unlocker
https://drive.google.com/drive/folders/0Bzb5kQFOXkiSMm94QzdyM3hCdDg
https://blog.malwarebytes.org/threat-analysis/2016/02/dma-l
https://twitter.com/BleepinComputer/status/82250005651121
http://www.nyxbone.com/malware/Domino.html
http://www.bleepingcomputer.com/news/
https://www.bleepingcomputer.com/news/security/the-donald
https://www.bleepingcomputer.com/forums/t/643330/donotchange-ransomware-id
https://twitter.com/struppigel/status/794108322932785158
https://www.bleepingcomputer.com/forums/t/627831/dxxd-ransomware-dxxd-help
https://www.bleepingcomputer.com/news/security/the-dxxd-ra
https://www.bleepingcomputer.com/news/security/dyna-crypt
Cryptear
https://twitter.com/BleepinComputer/status/81539289133819
EduCrypter http://www.filedropper.com/decrypter_1
https://twitter.com/JakubKroustek/status/7470311713479106
https://twitter.com/BroadAnalysis/status/8456888195339304
https://twitter.com/malwrhunterteam/sta
Los Pollos Hermanos
Trojan.Encoder.6491 http://www.bleepingcomputer.com/news/security/the-week-in
http://vms.drweb.ru/virus/?_is=1&i=87473
http://www.bleepingcomputer.com/news/security/the-enigma-
https://twitter.com/malwrhunterteam/status/83902201823011
IDRANSOMv3 https://twitter.com/demonslay335/status/811343914712100872
https://twitter.com/BleepinComputer/status/81126425448149
https://twitter.com/struppigel/status/811
Manifestus https://www.bleepingcomputer.com/news/security/erebus-ran
https://twitter.com/jiriatvirlab/status/818443491713884161
https://twitter.com/PolarToffee/status/82
http://www.bleepingcomputer.com/news/security/eviltwins-ex
https://twitter.com/struppigel/status/837565766073475072
https://twitter.com/malwrhunterteam/status/82976881903180
https://twitter.com/malwrhunterteam/sta
http://www.bleepingcomputer.com/news/security/new-fairwar
https://blog.fortinet.com/post/fakben-team-ransomware-uses
https://decrypter.emsisoft.com/globeimposter
https://twitter.com/malwrhunterteam/status/80979540242164
https://twitter.com/PolarToffee/status/812312402779836416
Variants: http://www.bleepingcomputer.com/news/security/fantom-rans
Comrade Circle https://decrypter.emsisoft.com/fenixlocker
https://twitter.com/fwosar/status/777197255057084416
https://twitter.com/rommeljoven17/status/846973265650335
https://twitter.com/jiriatvirlab/status/836616468775251968
https://www.bleepingcomputer.com/news/security/firecrypt-ra
https://twitter.com/malwrhunterteam/status/77377148564314
https://twitter.com/struppigel/status/842302481774321664
Roga https://twitter.com/BleepinComputer/status/81213560837422
https://www.bleepingcomputer.com/forums/t/628199/fs0ciety-locker-ransomware-
http://www.bleepingcomputer.com/news/security/new-fsociet
https://twitter.com/siri_urz/status/79596
https://support.kaspersky.com/viruses/disinfection/8547
https://download.bleepingcomputer.com/demonslay335/GhostCryptDecrypter.zip
http://www.bleepingcomputer.com/forums/t/614197/ghostcry
https://twitter.com/ni_fi_70/status/796353782699425792
Purge https://success.trendmicro.com/portal_kb_articledetail?solutionid=1114221
http://www.bleepingcomputer.com/news/security/the-globe-ra
Purge https://success.trendmicro.com/portal_kb_articledetail?solutionid=1114221
Purge https://decrypter.emsisoft.com/globe3
Variants, from old to http://www.bleepingcomputer.com/forums/t/611342/gnl-locke
latest: https://twitter.com/BleepinComputer/status/81611221881526
https://decrypter.emsisoft.com/
http://blog.trendmicro.com/trendlabs-security-intelligence/ang
https://twitter.com/struppigel/status/794444032286060544
https://twitter.com/BleepinComputer/status/81213132497900
https://twitter.com/demonslay335/status/8068788035071016
https://twitter.com/malwrhunterteam/status/84711406422449
https://decrypter.emsisoft.com/
Mamba https://www.linkedin.com/pulse/mamba-new-full-disk-encrypti
blog.trendmicro.com/trendlabs-security-in
https://www.bleepingcomputer.com/news/security/heimdall-o
https://blog.fortinet.com/2016/06/03/cooking-up-autumn-herb
https://www.bleepingcomputer.com/forums/t/642019/hermes-ransomware-help-su
https://www.bleepingcomputer.com/news/security/hermes-ran
http://www.nyxbone.com/malware/hibuddy.html
http://www.bleepingcomputer.com/news/security/developmen
https://twitter.com/jiriatvirlab/status/825
http://www.bleepingcomputer.com/news/security/new-python
https://twitter.com/BleepinComputer/status/80328839681483
Hungarian Locky https://blog.avast.com/hucky-ransomware-a-hungarian-locky-w
(Hucky) https://decrypter.emsisoft.com/
http://www.malware-traffic-analysis.net/2016/02/03/index2.ht
https://twitter.com/struppigel/status/791576159960072192
https://twitter.com/BleepinComputer/status/81708536714487
http://download.bleepingcomputer.com/Nathan/StopPirates_Decrypter.exe
https://twitter.com/demonslay335/status/7961342647440834
https://twitter.com/struppigel/status/791639214152617985
https://twitter.com/JakubKroustek/status/7578739760476979
shc Ransomware https://github.com/fortiguard-lion/schRansomwareDecryptor/blob/master/schRans
https://blog.fortinet.com/2016/10/19/japanlocker-an-excavati
SyNcryption
Encryptor RaaS, http://www.nyxbone.com/malware/RaaS.html
http://blog.trendmicro.com/trendlabs-sec
Sarento https://download.bleepingcomputer.com/demonslay335/DoNotOpenDecrypter.zip
https://twitter.com/BleepinComputer/status/82250910548724
CryptoHitMan http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-w
https://www.helpnetsecurity.com/2016/04/20/jigsaw-crypto-ra
https://twitter.com/demonslay335/status
(subvariant) http://www.nyxbone.com/malware/jobcrypter.html
https://twitter.com/malwrhunterteam/sta
http://forum.malekal.com/jobcrypter-geniesanstravaille-
Käändsõna https://twitter.com/BleepinComputer/status/81992785843709
RansomTroll https://www.bleepingcomputer.com/news/security/the-kangar
https://www.bleepingcomputer.com/news/security/researcher
https://twitter.com/malwrhunterteam/status/84174700243836
https://twitter.com/MarceloRivero/status/8323029767441735
https://safezone.cc/resources/kawaii-decryptor.195/
http://news.drweb.com/show/?i=9877&lng=en&c=5
http://www.welivesecurity.com/2016/03/07/new-mac-ransomw
https://decrypter.emsisoft.com/
http://www.bleepingcomputer.com/forums/t/559463/keyholde
https://cyberx-labs.com/en/blog/new-killdisk-malware-brings-r
http://www.welivesecurity.com/2017/01/
https://twitter.com/malwrhunterteam/status/78223229984063
https://blog.fortinet.com/post/kimcilware-ransomware-how-to-decrypt-encrypted-fi
http://www.bleepingcomputer.com/news/security/the-kimcilw
https://www.virustotal.com/en/file/39a2201a88f10d81b220c973737f0becedab2e7
https://www.bleepingcomputer.com/news/security/star-trek-th
https://www.bleepingcomputer.com/news/security/koolova-ra
http://www.nyxbone.com/malware/koreanRansom.html
http://www.bleepingcomputer.com/news/security/the-week-in
QC http://www.nyxbone.com/malware/KozyJozy.html
http://www.bleepingcomputer.com/forum
https://twitter.com/demonslay335/status/7460904837226864
https://twitter.com/malwrhunterteam/status/83699557038445
https://twitter.com/struppigel/status/847689644854595584
https://decrypter.emsisoft.com/lechiffre
https://blog.malwarebytes.org/threat-analysis/2016/01/lechiff
https://twitter.com/JakubKroustek/status/8424048666140385
Linux.Encoder.{0,3} https://labs.bitdefender.com/2015/11/linux-ransomware-debut-fails-on-predictable
https://twitter.com/malwrhunterteam/status/84518329087304
https://www.bleepingcomputer.com/news/security/new-lltp-ra
09/29/2017 https://www.bleepingcomputer.com/forums/t/648384/lockcry
https://www.bleepingcomputer.com/forums/t/634754/locked-in-ransomware-help-s
https://twitter.com/struppigel/status/807169774098796544
http://www.bleepingcomputer.com/forums/t/577246/locker-ransomware-support-a
https://www.bleepingcomputer.com/forums/t/626750/lockloc
08/08/2017 - Diablo6 http://www.bleepingcomputer.com/news/security/new-locky-v
WSF variant:
Locky variant added http://blog.trendmicro.com/trendlabs-sec
https://twitter.com/malwrhunterteam/status/78988248836567
https://twitter.com/siri_urz/status/801815087082274816
https://twitter.com/jiriatvirlab/status/808015275367002113
https://blog.malwarebytes.org/threat-analysis/2016/03/maktu
https://decrypter.emsisoft.com/marlboro
https://www.bleepingcomputer.com/news/security/marlboro-r
https://securelist.ru/blog/issledovaniya/29376/polyglot-the-fake-ctb-locker/
https://www.proofpoint.com/us/threat-insight/post/MarsJoke
https://twitter.com/struppigel/status/791943837874651136
https://twitter.com/rommeljoven17/status/804251901529231
https://twitter.com/siri_urz/status/840913419024945152
MRCR https://decrypter.emsisoft.com/mrcr
https://www.bleepingcomputer.com/news/security/merry-chris
https://www.bleepingcomputer.com/news
https://twitter.com/malwrhunterteam/status/84461488962056
Crypt888 http://www.bleepingcomputer.com/forums/t/618457/microcop-ransomware-help-s
http://blog.trendmicro.com/trendlabs-security-intelligence/ins
http://www.nyxbone.com/malware/Mirco
https://www.avast.com/ransomware-decryption-tools#!
"Petya's little brother" http://www.bleepingcomputer.com/news/security/petya-is-bac
Booyah https://www.proofpoint.com/us/threat-insight/post/ransomwa
Yakes http://nyxbone.com/malware/Mobef.html
http://researchcenter.paloaltonetworks.co
CryptoBit
CryptoMix https://www.bleepingcomputer.com/news/security/decryptor-released-for-the-mole
https://twitter.com/malwrhunterteam/status/84482633918613
https://www.bleepingcomputer.com/forums/t/642409/motd-ra
https://twitter.com/struppigel/status/810766686005719040
https://twitter.com/demonslay335/status/7906084843037122
https://twitter.com/demonslay335/status
https://twitter.com/JakubKroustek/status/8159616636440084
https://www.youtube.com/watch?v=dAVM
http://www.bleepingcomputer.com/news/security/the-nagini-ra
http://github.com/Cyberclues/nanolocker-decryptor
https://decrypter.emsisoft.com/nemucod
https://blog.cisecurity.org/malware-analysis-report-nemucod-r
RANSOM_NETIX.A https://github.com/Antelox/NemucodFR
http://blog.trendmicro.com/trendlabs-security-intelligence/net
https://twitter.com/demonslay335/status/8392214573601955
XRatTeam https://decrypter.emsisoft.com/nmoreira
https://twitter.com/fwosar/status/803682662481174528
XPan https://twitter.com/JakubKroustek/status/7572675503466414
https://www.bleepingcomputer.com/news
https://download.bleepingcomputer.com/demonslay335/NullByteDecrypter.zip
https://www.bleepingcomputer.com/news/security/the-nullbyt
https://twitter.com/malwrhunterteam/status/81764854723137
http://download.bleepingcomputer.com/BloodDolly/ODCODCDecoder.zip
http://www.nyxbone.com/malware/odcodc.html
https://twitter.com/PolarToffee/status/81
Vipasana, Cryakl https://support.kaspersky.com/viruses/disinfection/8547
http://bartblaze.blogspot.com.co/2016/02/vipasana-ransomw
GPCode
https://twitter.com/struppigel/status/791557636164558848
http://news.thewindowsclub.com/operation-global-iii-ransomware-decryption-tool-r
CryptoWire https://twitter.com/JakubKroustek/status/8423429967754485
https://decrypter.emsisoft.com/ozozalocker
https://twitter.com/malwrhunterteam/status/80150340186767
http://www.bleepingcomputer.com/news/security/padcrypt-th
https://twitter.com/malwrhunterteam/sta
https://twitter.com/BleepinComputer/status/81163507515883
https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-rans
https://www.bleepingcomputer.com/news/security/new-maco
https://twitter.com/BleepinComputer/status/80831663509438
Serpent https://www.bleepingcomputer.com/news/security/ransomwa
https://twitter.com/JakubKroustek/status/7960837681550786
CryptoLocker clone https://decrypter.emsisoft.com/
https://www.bleepingcomputer.com/news/security/old-cryptol
WinPlock https://securelist.com/blog/research/77762/petrwrap-the-new
Goldeneye http://www.thewindowsclub.com/petya-ransomware-decrypt-tool-password-generat
https://blog.malwarebytes.org/threat-analysis/2016/04/petya-
https://www.bleepingcomputer.com/news
https://www.youtube.com/watch?v=mSqxFjZq_z4
https://decrypter.emsisoft.com/philadelphia
www.bleepingcomputer.com/news/security/the-philadelphia-ra
https://twitter.com/BleepinComputer/status/80481031545620
https://twitter.com/JakubKroustek/status/8348211661163274
http://download.bleepingcomputer.com/BloodDolly/JuicyLemonDecoder.zip
http://www.nyxbone.com/malware/pokemonGO.html
http://www.bleepingcomputer.com/news/
https://www.bleepingcomputer.com/news/security/new-schem
https://support.kaspersky.com/8547
https://securelist.com/blog/research/76182/polyglot-the-fake
PoshCoder https://github.com/pan-unit42/public_tools/blob/master/powerware/powerware_de
https://www.carbonblack.com/2016/03/25/threat-alert-powerw
http://researchcenter.paloaltonetworks.co
https://download.bleepingcomputer.com/demonslay335/PowerLockyDecrypter.zip
https://hshrzd.wordpress.com/2016/11/17/princess-locker-decryptor/
https://www.bleepingcomputer.com/news/security/introducing
https://blog.malwarebytes.com/threat-an
http://www.enigmasoftware.com/prismyourcomputerhasbeenl
https://twitter.com/demonslay335/status/812002960083394560
https://twitter.com/malwrhunterteam/status/81161388870585
https://twitter.com/jiriatvirlab/status/803297700175286273
https://twitter.com/Jan0fficial/status/834706668466405377
https://twitter.com/malwrhunterteam/status/84670548174173
https://otx.alienvault.com/pulse/57976b52b900fe01376feb01
RAA https://reaqta.com/2016/06/raa-ransomware-delivering-pony/
http://www.bleepingcomputer.com/news/
https://twitter.com/CryptoInsane/status/84618114002528256
https://decrypter.emsisoft.com/radamant
http://www.bleepingcomputer.com/news/security/new-radama
http://www.nyxbone.com/malware/radam
Agent.iih https://support.kaspersky.com/us/viruses/disinfection/10556
Aura
https://www.bleepingcomputer.com/news/security/ranion-rans
https://support.kaspersky.com/viruses/disinfection/8547
https://github.com/pan-unit42/public_tools/tree/master/ranran_decryption
http://researchcenter.paloaltonetworks.com/2017/03/unit42-t
https://www.bleepingcomputer.com/news
https://www.proofpoint.com/us/threat-insight/post/ransoc-de
https://www.bleepingcomputer.com/news
https://www.symantec.com/security_response/writeup.jsp?do
https://twitter.com/jiriatvirlab/status/825411602535088129
http://www.nyxbone.com/malware/Razy(German).html
http://nyxbone.com/malware/Razy.html
https://support.kaspersky.com/viruses/disinfection/4264
https://twitter.com/JaromirHorejsi/status/8155576013123297
https://support.kaspersky.com/viruses/disinfection/4264
http://www.nyxbone.com/malware/RemindMe.html
https://www.bleepingcomputer.com/news/security/revenge-ra
https://blog.malwarebytes.org/threat-analysis/2016/04/rokku-
https://twitter.com/siri_urz/status/842452104279134209
https://twitter.com/jiriatvirlab/status/840863070733885440
https://twitter.com/struppigel/status/801812325657440256
https://twitter.com/struppigel/status/823925410392080385
https://twitter.com/malwrhunterteam/status/84535685303919
https://www.bleepingcomputer.com/news/security/sage-2-0-ra
https://www.govcert.admin.ch/blog/27/sa
https://malwarebreakdown.com/2017/03/16/sage-2-2-ransom
https://malwarebreakdown.com/2017/03
samsam.exe https://download.bleepingcomputer.com/demonslay335/SamSamStringDecrypter.z
http://blog.talosintel.com/2016/03/samsam-ransomware.htm
http://www.intelsecurity.com/advanced-th
MIKOPONI.exe
https://www.bleepingcomputer.com/news/security/sanctions-
https://twitter.com/BleepinComputer/status/83595540995335
https://www.bleepingcomputer.com/news/security/new-satan
https://blog.malwarebytes.com/threat-analysis/2016/06/satan
https://blog.kaspersky.com/satana-ranso
02/19/2018
http://securelist.com/blog/research/69481/a-flawed-ransomware-encryptor/
https://twitter.com/malwrhunterteam/status/83011619087384
https://www.bleepingcomputer.com/news
PayDOS https://www.bleepingcomputer.com/news/security/ransomwa
https://www.proofpoint.com/us/threat-ins
http://www.nyxbone.com/malware/Serpico.html
Atom http://www.bleepingcomputer.com/news/security/the-shark-ra
http://www.bleepingcomputer.com/news/
https://twitter.com/JakubKroustek/status/7993882893376716
https://twitter.com/JakubKroustek/status/7605601471314083
http://www.bleepingcomputer.com/news/
KinCrypt http://www.nyxbone.com/malware/chineseRansom.html
http://blog.trendmicro.com/trendlabs-sec
http://www.bleepingcomputer.com/news/security/the-shark-ra
http://www.bleepingcomputer.com/news/security/pompous-ransomware-dev-gets-d
http://www.nyxbone.com/malware/SkidLocker.html
https://twitter.com/malwrhunterteam/status/81707902872519
https://www.bleepingcomputer.com/news/security/smash-ran
http://nyxbone.com/malware/SNSLocker.html
https://blog.gdatasoftware.com/2017/01/29442-spora-worm-a
http://blog.emsisoft.com/2017/01/10/fro
https://success.trendmicro.com/portal_kb_articledetail?solutionid=1114221
https://cdn.streamable.com/video/mp4/kfh3.mp4
http://blog.trendmicro.com/trendlabs-sec
http://www.bleepingcomputer.com/news/security/stampado-ransomware-campaig
http://www.nyxbone.com/malware/Strictor.html
http://www.bleepingcomputer.com/news/security/in-dev-ranso
http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-r
https://securelist.com/blog/research/76153/teamxrat-brazilia
Trojan- https://malwarebytes.app.box.com/s/kkxwgzbpwe7oh59xqfwcz97uk0q05kp3
https://blog.malwarebytes.com/threat-analysis/2016/11/telec
https://securelist.com/blog/research/765
Ransom.Win32.Telec
AlphaCrypt https://blog.malwarebytes.com/threat-analysis/2016/11/telecrypt-the-ransomware
http://www.bleepingcomputer.com/forums/t/576600/tesladecoder-released-to-dec
http://www.talosintel.com/teslacrypt_tool/
http://www.bleepingcomputer.com/forums/t/576600/tesladecoder-released-to-dec
http://www.welivesecurity.com/2016/05/18/eset-releases-decryptor-recent-variants
http://www.bleepingcomputer.com/forums/t/576600/tesladecoder-released-to-dec
https://www.endgame.com/blog/your-package-has-been-succe
https://blog.kaspersky.com/raknidecrypto
http://www.welivesecurity.com/2016/05/18/eset-releases-decryptor-recent-variants
http://www.bleepingcomputer.com/forums/t/576600/tesladecoder-released-to-dec
http://www.bleepingcomputer.com/news/security/teslacrypt-4
http://www.welivesecurity.com/2016/05/18/eset-releases-decryptor-recent-variants
https://twitter.com/BleepinComputer/status/80148642036809
Crypt0L0cker http://www.bleepingcomputer.com/forums/t/547708/torrentlocker-ransomware-cra
https://twitter.com/PolarToffee/status/804008236600934403
http://blog.talosintelligence.com/2017/03
CryptoFortress http://www.bleepingcomputer.com/forums/t/618055/towerwe
BrainCrypt https://download.bleepingcomputer.com/demonslay335/BrainCryptDecrypter.zip
https://twitter.com/PolarToffee/status/811249250285842432
Shade https://www.nomoreransom.org/uploads/ShadeDecryptor_how-to_guide.pdf
http://www.nyxbone.com/malware/Troldesh.html
https://www.bleepingcomputer.com/news
XTBL http://www.bleepingcomputer.com/news/security/truecrypter-
https://www.bleepingcomputer.com/news/security/new-trump
https://twitter.com/struppigel/status/821991600637313024
https://twitter.com/JakubKroustek/status/8420348873979084
http://www.nyxbone.com/malware/turkishRansom.html
https://twitter.com/struppigel/status/807161652663742465
https://www.bleepingcomputer.com/news
http://www.thewindowsclub.com/emsisoft-decrypter-hydracrypt-umbrecrypt-ransom
https://www.bleepingcomputer.com/forums/t/627582/unblock
https://www.bleepingcomputer.com/news/security/new-raas-p
https://twitter.com/malwrhunterteam/status/83903839994422
https://twitter.com/JAMESWT_MHT/status/834783231476166
https://twitter.com/struppigel/status/839771195830648833
CrypVault http://www.nyxbone.com/malware/russianRansom.html
Zlader https://twitter.com/BleepinComputer/status/81785133907833
https://twitter.com/Antelox/status/785849412635521024
http://pastebin.com/HuK99Xmj
https://blog.malwarebytes.com/threat-analysis/2016/08/venu
http://www.nyxbone.com/malware/venus
https://malwarebytes.app.box.com/s/gdu18hr17mwqszj3hjw5m3sw84k8hlph
https://twitter.com/JakubKroustek/status/8007299441124270
https://www.bleepingcomputer.com/news
https://rol.im/VindowsUnlocker.zip
http://www.nyxbone.com/malware/Virlock.html
http://www.welivesecurity.com/2014/12/
CrySiS http://www.welivesecurity.com/2016/11/24/new-decryption-tool-crysis-ransomware
http://www.nyxbone.com/malware/virus-encoder.html
http://blog.trendmicro.com/trendlabs-sec
Ŧl๏tєгค http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.zip
https://twitter.com/struppigel/status/839778905091424260
гคภร๏๓ฬคгє
WannaCrypt https://twitter.com/struppigel/status/846241982347427840
https://docs.google.com/spreadsheets/d
WCry
Hades Locker https://labs.opendns.com/2016/07/13/wildfire-ransomware-ga
https://twitter.com/PolarToffee/status/811940037638111232
https://twitter.com/JakubKroustek/status/8257905849714729
https://www.bleepingcomputer.com/news/security/xdata-rans
https://support.kaspersky.com/viruses/disinfection/2911
https://decrypter.emsisoft.com/xorist
https://twitter.com/malwrhunterteam/status/83363600672112
https://twitter.com/malwrhunterteam/status/80828054980241
https://twitter.com/_ddoxer/status/827555507741274113
https://www.bleepingcomputer.com/news
Zcryptor https://blogs.technet.microsoft.com/mmpc/2016/05/26/link-l
CryptoMix https://twitter.com/JakubKroustek/status/8040098315185725
http://www.bleepingcomputer.com/forums/t/617874/zimbra-ra
https://twitter.com/malwrhunterteam/status/84278157541059
VaultCrypt http://www.nyxbone.com/malware/russianRansom.html
CrypVault https://twitter.com/BleepinComputer/status/84453837032381
https://twitter.com/struppigel/status/794077145349967872
https://download.bleepingcomputer.com/demonslay335/StupidDecrypter.zip
https://twitter.com/GrujaRS/status/826153382557712385
GNL Locker
Screenshots
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
omputer/status/844531418474708993
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
om/2017/03/02/rig-ek-at-92-53-105-43-drops-asn1-ransomware/
https://www.google.de/search?tbm=isch&q=Ransomware+AutoLocky
el/status/828902907668000770
http://www.nyxbone.com/images/articulos/malware/badblock/5.png
#NAME?
#NAME?
#NAME?
ay335/status/835668540367777792
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
http://www.nyxbone.com/images/articulos/malware/brazilianRansom/0.png
oustek/status/821831437884211201
#NAME?
#NAME?
nterteam/status/845199679340011520
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
nterteam/status/839467168760725508
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
http://www.nyxbone.com/images/articulos/malware/crypren/0.png
https://www.google.de/search?tbm=isch&q=Ransomware+Crypt38
ee/status/824705553201057794
https://www.google.de/search?tbm=isch&q=Ransomware+Cryptear
b/status/802554159564062722
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
ee/status/843527738774507522
#NAME?
#NAME?
#NAME?
#NAME?
b/status/838779371750031360
#NAME?
#NAME?
#NAME?
#NAME?
https://twitter.com/malwareforme/status/798258032115322880
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
el/status/821992610164277248
er.com/news/security/cryptomix-variant-named-cryptoshield-1-0-ransomware-distributed-by-exploit-kits/
#NAME?
#NAME?
ews/new-open-source-linux-ransomware-shows-infosec-community-divide-508669.shtml
#NAME?
#NAME?
#NAME?
#NAME?
www.bleepingcomputer.com/news/security/-proof-of-concept-cryptowire-ransomware-spawns-lomix-and-ultralocker-families/
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
orejsi/status/815555258478981121
#NAME?
#NAME?
el/status/798573300779745281
omputer/status/817069320937345024
er.com/news/security/new-derialock-ransomware-active-on-christmas-includes-an-unlock-all-command/
https://www.google.de/search?tbm=isch&q=Ransomware+DetoxCrypto
ee/status/829727052316160000
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
3330/donotchange-ransomware-id-7es642406cry-do-not-change-the-file-namecryp/
#NAME?
#NAME?
#NAME?
#NAME?
omputer/status/815392891338194945
https://www.google.de/search?tbm=isch&q=Ransomware+EduCrypt
witter.com/malwrhunterteam/status/845652520202616832
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
el/status/837565766073475072
witter.com/malwrhunterteam/status/838700700586684416
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
oven17/status/846973265650335744
#NAME?
#NAME?
#NAME?
#NAME?
el/status/842302481774321664
omputer/status/812135608374226944
#NAME?
#NAME?
#NAME?
status/796353782699425792
#NAME?
#NAME?
#NAME?
#NAME?
omputer/status/816112218815266816
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
ay335/status/806878803507101696
nterteam/status/847114064224497666
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
er.com/news/security/hermes-ransomware-decrypted-in-live-video-by-emsisofts-fabian-wosar/
#NAME?
#NAME?
#NAME?
omputer/status/803288396814839808
#NAME?
#NAME?
el/status/791576159960072192
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
ww.welivesecurity.com/2017/01/05/killdisk-now-targeting-linux-demands-250k-ransom-cant-decrypt/
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
https://www.google.de/search?tbm=isch&q=Ransomware+KratosCrypt
nterteam/status/836995570384453632
https://www.google.de/search?tbm=isch&q=Ransomware+KryptoLocker
el/status/847689644854595584
https://www.google.de/search?tbm=isch&q=Ransomware+LeChiffre
oustek/status/842404866614038529
https://www.google.de/search?tbm=isch&q=Ransomware+Linux.Encoder
nterteam/status/845183290873044994
er.com/news/security/new-lltp-ransomware-appears-to-be-a-rewritten-venus-locker/
er.com/forums/t/648384/lockcrypt-lock-support-topic-readmetxt/
el/status/807169774098796544
https://www.google.de/search?tbm=isch&q=Ransomware+Locker
er.com/forums/t/626750/locklock-ransomware-locklock-help-support/
#NAME?
#NAME?
tatus/801815087082274816
#NAME?
#NAME?
b/status/808015275367002113
https://www.google.de/search?tbm=isch&q=Ransomware+Mabouia
#NAME?
#NAME?
er.com/news/security/marlboro-ransomware-defeated-in-one-day/
/us/threat-insight/post/MarsJoke-Ransomware-Mimics-CTB-Locker
el/status/791943837874651136
oven17/status/804251901529231360
tatus/840913419024945152
www.bleepingcomputer.com/news/security/-merry-christmas-ransomware-now-steals-user-private-data-via-diamondfox-malware/
nterteam/status/844614889620561924
#NAME?
#NAME?
#NAME?
#NAME?
http://nyxbone.com/images/articulos/malware/mobef/0.png
y/decryptor-released-for-the-mole02-cryptomix-ransomware-variant/
nterteam/status/844826339186135040
er.com/forums/t/642409/motd-ransomware-help-support-topics-motdtxt-and-enc-extension/
el/status/810766686005719040
https://www.google.de/search?tbm=isch&q=Ransomware+n1n1n1
www.youtube.com/watch?v=dAVMgX8Zti4&feature=youtu.be&list=UU_TMZYaLIgjsdJMwurHAi4Q
#NAME?
#NAME?
#NAME?
rendlabs-security-intelligence/netflix-scam-delivers-ransomware/
ay335/status/839221457360195589
tatus/803682662481174528
https://www.google.de/search?tbm=isch&q=Ransomware+NoobCrypt
er.com/news/security/the-nullbyte-ransomware-pretends-to-be-the-necrobot-pokemon-go-application/
nterteam/status/817648547231371264
http://www.nyxbone.com/images/articulos/malware/odcodc/1c.png
#NAME?
#NAME?
#NAME?
#NAME?
oustek/status/842342996775448576
nterteam/status/801503401867673603
https://www.google.de/search?tbm=isch&q=Ransomware+PadCrypt
omputer/status/811635075158839296
er.com/news/security/new-macos-patcher-ransomware-locks-data-for-good-no-way-to-recover-your-files/
omputer/status/808316635094380544
er.com/news/security/ransomware-goes-retro-with-paydos-and-serpent-written-as-batch-files/
oustek/status/796083768155078656
https://www.google.de/search?tbm=isch&q=Ransomware+PClock
research/77762/petrwrap-the-new-petya-based-ransomware-used-in-targeted-attacks/
#NAME?
#NAME?
omputer/status/804810315456200704
oustek/status/834821166116327425
#NAME?
#NAME?
er.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/
https://www.google.de/search?tbm=isch&q=Ransomware+Polyglot
#NAME?
#NAME?
blog.malwarebytes.com/threat-analysis/2016/11/princess-ransomware/
https://www.google.de/search?tbm=isch&q=Ransomware+PRISM
nterteam/status/811613888705859586
b/status/803297700175286273
al/status/834706668466405377
nterteam/status/846705481741733892
#NAME?
#NAME?
sane/status/846181140025282561
#NAME?
#NAME?
er.com/news/security/ranion-ransomware-as-a-service-available-on-the-dark-web-for-educational-purposes/
https://www.google.de/search?tbm=isch&q=Ransomware+Rannoh
www.bleepingcomputer.com/news/security/new-ranran-ransomware-uses-encryption-tiers-political-messages/
www.bleepingcomputer.com/news/security/ransoc-ransomware-extorts-users-who-accessed-questionable-content/
https://www.google.de/search?tbm=isch&q=Ransomware+Ransom32
https://www.google.com/search?tbm=isch&q=Ransomware+RansomLock
b/status/825411602535088129
yxbone.com/malware/Razy.html
https://www.google.de/search?tbm=isch&q=Ransomware+Rector
orejsi/status/815557601312329728
https://www.google.de/search?tbm=isch&q=Ransomware+RektLocker
http://i.imgur.com/gV6i5SN.jpg
er.com/news/security/revenge-ransomware-a-cryptomix-variant-being-distributed-by-rig-exploit-kit/
https://www.google.de/search?tbm=isch&q=Ransomware+Rokku
tatus/842452104279134209
b/status/840863070733885440
#NAME?
#NAME?
nterteam/status/845356853039190016
#NAME?
#NAME?
#NAME?
#NAME?
er.com/news/security/sanctions-ransomware-makes-fun-of-usa-sanctions-against-russia/
omputer/status/835955409953357825
er.com/news/security/new-satan-ransomware-available-through-a-ransomware-as-a-service-/
https://www.google.de/search?tbm=isch&q=Ransomware+Satana
https://www.google.de/search?tbm=isch&q=Ransomware+Scraper
www.bleepingcomputer.com/news/security/ultranationalist-developer-behind-serbransom-ransomware/
www.proofpoint.com/us/threat-insight/post/new-serpent-ransomware-targets-danish-speakers
#NAME?
#NAME?
oustek/status/799388289337671680
#NAME?
#NAME?
r.com/news/security/the-shark-ransomware-project-allows-to-create-your-own-customized-ransomware/
https://www.google.de/search?tbm=isch&q=Ransomware+SkidLocker+/+Pompous
nterteam/status/817079028725190656
er.com/news/security/smash-ransomware-is-cute-rather-than-dangerous/
http://nyxbone.com/images/articulos/malware/snslocker/16.png
og.emsisoft.com/2017/01/10/from-darknet-with-love-meet-spora-ransomware/
https://www.google.de/search?tbm=isch&q=Ransomware+Sport
og.trendmicro.com/trendlabs-security-intelligence/the-economics-behind-ransomware-prices/
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
docs.google.com/spreadsheets/d/1XNCCiiwpIfW8y0mzTUdLLVzoW6x64hkHJ29hcQW5deQ/pubhtml#
#NAME?
#NAME?
#NAME?
er.com/news/security/xdata-ransomware-on-a-rampage-in-ukraine/#.WR-iz69z-MA.twitter
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
nterteam/status/842781575410597894
https://www.google.de/search?tbm=isch&q=Ransomware+Zlader+/+Russian
omputer/status/844538370323812353
#NAME?
#NAME?
#NAME?
x-and-ultralocker-families/
data-via-diamondfox-malware/
ionable-content/
Proposed Name Extensions Extension Pattern PoC
WonderCrypter .h3ll SECRETISHIDINGHEREINSIDE.KEY,
? .crypttt YOUGOTHACKED.TXT
? .neitrino MESSAGE.TXT
? .xcrypt
? FILES_BACK.TXT
PLAUGE17? .PLAUGE17 PLAGUE17.txt
? 4252016XYLITOL.KEY666
WHAT IS SQ sq_ (prepends file) WHAT IS SQ_.txt
? PLEASE READ.txt
? .locked UNLOCK_FILES_INSTRUCTIONS.txt
Protected? .protected HOW_TO_RESTORE_YOUR_DATA.html
AxCrypter .axx
? PLEASEREAD.ME
? .iloveworld
Comment
Submitted to IDR
Submitted to IDR
Submitted to IDR, ransom email: danny.walswen@protonmail.com
Submitted to IDR
Submitted to IDR, note: http://pastebin.com/Wvw7mGqB
Submitted to IDR, note: http://pastebin.com/zc4zMNpw
Submitted to BC, Mobef?
http://www.bleepingcomputer.com/forums/t/583610/how-to-decrypt-ransomware-name-what-is-sq/
Submitted to IDR, note: http://pastebin.com/6J4g33FQ
Submitted to IDR and BC, note: http://pastebin.com/xj947Lh2,
http://www.bleepingcomputer.com/forums/t/611342/locked-
Submitted to IDR and BC, note: http://pastebin.com/2dAVDB4m,
http://www.bleepingcomputer.com/forums/t/613801/protected-
Abuses legit AxCrypt software
Submitted to IDR:
http://pastebin.com/E6Rds9m7
Sonar.cryptolocker!g80
Status
Need analysed
(7f76dd15545a6bf1804bed893e5e8214feb2f0368d3c6a6bccfddba
Needs identified
Needs identified
Needs identified
Needs identified
Needs identified
Needs identified
Hunting for sample
Hunting for sample
Hunting for sample
Hunting for sample
Hunting for sample
Hunting for sample
Hunting for sample
Name Microsoft Detection Name Microsoft Info
.CryptoHasYou. Trojan:Win32/Dynamer!ac https://www.microsoft.com/security/portal/threat/encyclope
777 Ransom:Win32/Empercrypt.A https://www.microsoft.com/security/portal/threat/Encyclop
7ev3n
8lock8
Alma Ransomware
ApocalypseVM Win32/Cribit https://www.microsoft.com/security/portal/threat/encyclope
AutoLocky
BadBlock
Bart
BitStak
BlackShades Crypter Ransom:JS/Brolo www.microsoft.com/security/portal/threat/encyclopedia/En
Blocatto
Booyah Ransom: Win32/Cendode.A https://www.microsoft.com/security/portal/threat/encyclope
Brazilian Win32/Cerber https://www.microsoft.com/security/portal/threat/Encyclop
BrLock Win32/Chicrypt https://www.microsoft.com/security/portal/threat/encyclope
Browlock Ransom: MSIL/Vaultlock.A https://www.microsoft.com/security/portal/threat/encyclope
Bucbi
BuyUnlockCode
Cerber
Chimera Ransom: Win32/Crowti https://www.microsoft.com/security/portal/threat/encyclope
CoinVault
Coverton
Cryaki Ransom: Win32/Crowti https://www.microsoft.com/security/portal/threat/encyclope
Crybola Win32/Fortrypt https://www.microsoft.com/security/portal/threat/encyclope
CryLocker
Crypt38 Ransom: Win32/Crilock.A https://www.microsoft.com/security/portal/threat/encyclope
CryptoBit
CryptoDefense
CryptoGraphic Locker Ransom: MSIL/Nojocrypt.A https://www.microsoft.com/security/portal/threat/encyclope
CryptoHost
CryptoJoker
CryptoWall 1 Ransom: Win32/DMALocker https://www.microsoft.com/security/portal/threat/encyclope
CryptoWall 2 Ransom: Win32/DMALocker.A https://www.microsoft.com/security/portal/threat/encyclope
CryptoWall 4 Ransom: MSIL/Ryzerlo https://www.microsoft.com/security/portal/threat/encyclope
CryptXXX Ransom: PowerShell/Polock.A https://www.microsoft.com/security/portal/threat/encyclope
CryptXXX 2.0
CTB-Locker
CTB-Locker WEB
CuteRansomware
DeCrypt Protect
DEDCryptor Trojan: Win32/Harasom.A https://www.microsoft.com/security/portal/threat/encyclope
EduCrypt
El-Polocker Ransom: Win32/Tobfy.X https://www.microsoft.com/security/portal/threat/encyclope
Enigma
Fakben
Fonco Ransom:MSIL/JigsawLocker.A https://www.microsoft.com/security/portal/threat/Encyclop
Fury
GhostCrypt
Goopic Ransom: MacOS_X/KeRanger.A https://www.microsoft.com/security/portal/threat/encyclope
Gopher Ransom: Win32/Isda https://www.microsoft.com/security/portal/threat/encyclope
Harasom Ransom: BAT/Xibow https://www.microsoft.com/security/portal/threat/encyclope
Hi Buddy!
HydraCrypt
iLock
iLockLight Ransom: Win32/Locky https://www.microsoft.com/security/portal/threat/encyclope
TrojanDownloader: JS/Locky
International Police Association https://www.microsoft.com/security/portal/threat/encyclope
Jeiphoos
Jigsaw
Job Crypter
KeRanger Win32/Takabum https://www.microsoft.com/security/portal/threat/encyclope
KeyBTC
KEYHolder
KryptoLocker JS/Nemucod https://www.microsoft.com/security/portal/threat/encyclope
LeChiffre
Linux.Encoder
Locker
Locky
Lortok
LowLevel04
MIRCOP
Mischa
MM Locker
Mobef
Nemucod
ODCODC
Offline ransomware
Operation Global III
PadCrypt
RemindMe
PClock
PowerWare
PowerWorm
PRISM
Radamant
Rannoh
Ransom32 Win32/Tescrypt https://www.microsoft.com/security/portal/threat/encyclope
RansomLock Ransom: Win32/Teerac https://www.microsoft.com/security/portal/threat/encyclope
RektLocker Win32/Fortrypt https://www.microsoft.com/security/portal/threat/encyclope
Rokku
Samas-Samsam
Sanction Win32/Troldesh https://www.microsoft.com/security/portal/threat/Encyclop
Satana
Serpico
Simple_Encoder Ransom: BAT/Xibow https://www.microsoft.com/security/portal/threat/encyclope
Smrss32
Sport
Stampado
Surprise
SynoLocker
SZFLocker
TeslaCrypt 0.x - 2.2.0
TeslaCrypt 3.0+
TeslaCrypt 4.1A
TeslaCrypt 4.2
TorrentLocker
TowerWeb
Toxcrypt
Troldesh
TrueCrypter Win32/ZCryptor.A https://blogs.technet.microsoft.com/mmpc/2016/05/26/link
Turkish Ransom
Ungluk
Unlock92
WildFire Locker
Xorist
Zcrypt
Zimbra
Zlader / Russian
Zyklon
0
0
0
0
0
0
Sandbox IOCs Snort
https://www.hybrid-analysis.com/sample/afd3394fb538b36d20085504b86000ea3969e0ae5da8e0c058801020ec8da67c?environ
https://otx.alienvault.com/pulse/57180b18c1492d015c14bed8/
https://www.hybrid-analysis.com/sample/2955d081ed9bca764f5037728125a7487f29925956f3095c58035919d50290b5?environm
https://otx.alienvault.com/pulse/573b02701116a040ceccdd85/
https://otx.alienvault.com/pulse/57180dbf0ebaa4015af21166/
https://www.hybrid-analysis.com/sample/90256220a513536b2a09520a1abb9b0f62efc89b873c645d3fd4a1f3ebed332d?environm
https://www.hybrid-analysis.com/sample/d572a7d7254846adb73aebc3f7891398e513bdac9aac0623199
https://otx.alienvault.com/browse?q=Alma+Ransomware
https://www.hybrid-analysis.com/sample/7d66e29649a09bf3edb61618a61fd7f9fb74013b739dfc4921eefece6c8439bb?environm
https://otx.alienvault.com/pulse/57166d65c1492d015c14bcc4/
https://otx.alienvault.com/pulse/56eac97aaef9214b1550b37e/
soft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:JS/Brolo
#NAME?
#NAME?
w.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/Cendode.A
https://otx.alienvault.com/pulse/5721628cce2199015fb2b101/
https://www.hybrid-analysis.com/sample/a375201f22b6e71d8ea0f81266242e4638e1754aeee14059e9c5e39026d6c710?environm
https://otx.alienvault.com/browse?q=Brazilian
https://www.hybrid-analysis.com/sample/a375201f22b6e71d8ea0f81266242e4638e1754aeee14059e9c5e39026d6c710?environm
https://otx.alienvault.com/pulse/572df3997740f10160c78d5c/
https://www.hybrid-analysis.com/sample/3ab7a35b31578b439be5d9498489b5e9d2a016db0a348a145979ed75f575dbef?environ
https://otx.alienvault.com/pulse/55fabc314637f26df7745efc/
https://otx.alienvault.com/browse?q=Bucbi
w.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/Crowti
#NAME?
#NAME?
#NAME?
https://www.hybrid-analysis.com/sample/e12405096f83b30b712d200b2fc42ce595e1d1254a631d989714b4fa423ef4c4?environm
#NAME?
#NAME?
#NAME?
https://www.hybrid-analysis.com/sample/0348cdd333879d139306c3ff510b902013739c6bb244e20bcc5a4f762004d354?environm
#NAME?
#NAME? https://www.snort.org/search?query=cryptolocker&submit_search=
#NAME?
https://www.hybrid-analysis.com/sample/cddf81997b81869ad471df6b83c2dfe63a2551f4da9bdd57bce30b8d11e61e5b?environm
#NAME?
#NAME?
#NAME? https://www.snort.org/search?query=ctb-locker
https://www.hybrid-analysis.com/sample/053369b3b63fe08c74d0269e9c29efde3500860f0394cbf6840d57032dea5b12?environm
#NAME?
w.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/DMALocker.A
#NAME?
https://www.hybrid-analysis.com/sample/d44a5f262ccb43f72ee2afde3e3ff2a55bbb3db5837bfa8aac2e8d7195014d8b?environm
#NAME?
w.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Ransom:PowerShell/Polock.A&ThreatID=-2147272113#tab=2
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
w.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/Harasom.A
#NAME?
#NAME?
https://www.hybrid-analysis.com/sample/1a6bed2afff1b9880e42a29cea9b8139bcb12e34085fb008de13aa983b82a4f2?environm
#NAME?
#NAME?
#NAME?
https://www.hybrid-analysis.com/sample/3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7?environ
#NAME?
#NAME?
#NAME?
w.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:MacOS_X/KeRanger.A
#NAME?
w.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/Isda
#NAME?
w.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:BAT/Xibow
#NAME?
#NAME?
#NAME?
#NAME?
w.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/Locky
#NAME? https://www.snort.org/rule_docs/1-37844
w.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=TrojanDownloader:JS/Locky
https://www.hybrid-analysis.com/sample/b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0?environm
#NAME?
#NAME?
#NAME? http://pastebin.com/0604rgUn
#NAME? http://pastebin.com/F6Pyqiqg
w.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32/Takabum
#NAME?
#NAME?
#NAME?
w.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=JS/Nemucod
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME? https://www.snort.org/search?query=Petya&submit_search=
#NAME?
http://www.enigmasoftware.com/prismyourcomputerhasbeenlockedransomware-removal/
http://seclists.org/snort/2013/q3/900
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME? https://www.snort.org/search?query=samsam&submit_search=
https://www.hybrid-analysis.com/sample/20f8ea706350e016a5a2e926293bbc59360608bdc9d279c4635ccddeb773d392?environ
#NAME?
w.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom%3aWin32%2fTeerac
w.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32/Fortrypt
w.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Win32/Troldesh
https://otx.alienvault.com/browse?q=Rokku
#NAME?
w.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:BAT/Xibow
#NAME? https://www.snort.org/search?query=teslacrypt&submit_search=
#NAME? https://www.snort.org/search?query=teslacrypt&submit_search=
#NAME? https://www.snort.org/search?query=teslacrypt&submit_search=
#NAME? https://www.snort.org/search?query=teslacrypt&submit_search=
#NAME? https://www.snort.org/search?query=torrentlocker&submit_search=
s.technet.microsoft.com/mmpc/2016/05/26/link-lnk-to-ransom/
7891398e513bdac9aac06231991e07e7b55fac8?environmentId=4
er&submit_search=
submit_search=
&submit_search=
&submit_search=
&submit_search=
&submit_search=
er&submit_search=
No Measure Type
1 Backup and Restore Recovery
2 Process
Block Macros GPO
3 Disable WSH GPO
4 Filter Attachments Mail Gateway
5 Level Attachments
Filter 1 Mail Gateway
6 Level 2Marking
Email Mail Gateway
7 Restrict program GPO
8 execution
Show File Extensions User Assistence
9 Enforce UAC Prompt GPO
10 Remove Admin Best Practice
11 Privileges
Restrict Workstation Best Practice
12 Communication
Sandboxing Email Advanced
13 Input
Execution Prevention Malware
3rd Party Tools
14 Change Default "Open GPO
15 With" to Notepad
File Screening Monitoring
16 Restrict program GPO
17 execution
EMET #2 GPO
18 Sysmon 3rd Party Tools
Footnotes
Complexity The complexity of implementation also includes the costs of implementation (e.g. simple to implem
Effectiveness Do not overrate a 'high' in this column as it is a relative effectiveness in comparison to other measur
Impact The effects on business processes, administration or user experience
Description Complexity* Effectiveness*
Make sure to have adequate backup processes on place and Medium High
frequently
Disable test ainrestore
macros Office of these
files backups from the Internet. This can
downloaded Low High
be configured
Disable Windowsto work in Host
Script two different modes: Low Medium
Filter the following attachments on your mail gateway: Low Medium
.386, .ace,
Filter .acm, .acv,
the following .ade, .adp,on
attachments .adt,
your.ani,
mail.app, .arc, .arj, .asd,
gateway: Low High
(Filter expression
Marking emails with of Level
warning1 plus) .doc,to.xls,
banners .rtf, .docm,
differentiate .xlsm,(sender) Medium
source High
domains
Block with low executions
all program trust, that are on the
from black lists, or that areand
%LocalAppData% non-trusted Medium Medium
%AppData%
Set folder
the registry key "HideFileExt" to 0 in order to show all file Low Low
extensions, even of known file types. This helps
Enforce administrative users to confirm an action that requires avoiding cloaking Low Medium
elevated rights
Remove and restrict administrative rights whenever possible. Medium Medium
Malware can only modify files that users have write access
Activate the Windows Firewall to restrict workstation to workstation Medium to. Low
communication
Using sandbox that opens email attachments and removes Medium High
attachments
Software thatbased
allowsontobehavior
control theanalysis
execution of processes - Medium Medium
sometimes
Force integrated
extensions in Antivirus
primarily used forsoftware
infections to open up in Notepad Low Medium
rather than Windows
Server-side Scriptwith
file screening Hosttheorhelp
Internet Explorer
of File Server Resource Low Medium
Manager
Block program executions (AppLocker) Medium Medium
Detect and block exploitation techniques Medium Medium
Detect Ransomware in an early stage with new Sysmon 5 Medium Low
File/Registry monitoring
complexity of implementation also includes the costs of implementation (e.g. simple to implement but costly)
ot overrate a 'high' in this column as it is a relative effectiveness in comparison to other measures
effects on business processes, administration or user experience
Impact* Possible Issues Link 1 Link 2
Low http://windows.microsoft.com/en-us/windows/back-up-restore-faq#1TC=
Low https://www.404techsupport.com/2016/04/office2016-macro-group-polic
https://support.office.com/en-us/article/Enab
Medium Administrative VBS scripts on http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/Ad
Low Workstations
High Office Communication with old versions
High of Microsoft Office files (.doc, .xls)
Medium Web embedded software installers http://www.fatdex.net/php/2014/06/01/disable-exes-from-running-inside-
http://www.thirdtier.net/ransomware-preventi
Low http://www.sevenforums.com/tutorials/10570-file-extensions-hide-show.h
Low administrator resentment https://technet.microsoft.com/en-us/library/dd835564(WS.10).aspx
Medium Higher administrative costs
Low
-
-
Medium Some extensions will have legitimate https://bluesoul.me/2016/05/12/use-gpo-to-change-the-default-behavior-o
Low uses, e.g., .vbs for logon scripts. http://jpelectron.com/sample/Info%20and%20Documents/Stop%20crypto
Medium Configure & test extensively https://technet.microsoft.com/en-us/library/dd759117%28v=ws.11%29.as
http://social.technet.microsoft.com/wiki/con
Low www.microsoft.com/emet http://windowsitpro.com/security/control-em
Low https://twitter.com/JohnLaTwC/status/799792296883388416
s/back-up-restore-faq#1TC=windows-7
office.com/en-us/article/Enable-or-disable-macros-in-Office-files-12b036fd-d140-4e74-b45e-16fed1a7e5c6?ui=en-US&rs=en-US&ad=US
WindowsTips/WindowsXP/AdminTips/Customization/DisableWindowsScriptingHostWSH.html
ier.net/ransomware-prevention-kit/
0-file-extensions-hide-show.html
dd835564(WS.10).aspx
change-the-default-behavior-of-potentially-malicious-file-extensions/
0Documents/Stop%20crypto%20badware%20before%20it%20ruins%20your%20day/1-PreventCrypto-Readme.htm
hnet.microsoft.com/wiki/contents/articles/5211.how-to-configure-applocker-group-policy-to-prevent-software-from-running.aspx
pro.com/security/control-emet-group-policy
92296883388416
=en-US&rs=en-US&ad=US
-from-running.aspx
Infographics
Hint: if you can't see the graphics in the HTML version try to download this document as XLSX in the "Download" section
Source: https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslacrypt-41a-and-malware-a
Source: Symantec, via @certbund
https://www.f-secure.com/documents/996508/1030743/cyber-security-report-2017
Download Links
XLSX Download
ODS Download
https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pub?output=xlsx
https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pub?output=ods
Composition This initial list has been composed by Mosh @nyxbone and transformed into this Google Docs fo
https://twitter.com/nyxbone/status/715675420159508480/photo/1
Support If you are a security researcher and want to support us, please contact me on Twitter @cyb3rops,
Sources https://id-ransomware.malwarehunterteam.com/
https://bartblaze.blogspot.com
http://www.malekal.com/
http://www.bleepingcomputer.com/
https://blog.malwarebytes.org/
http://www.nyxbone.com/
http://www.nyxbone.com/malware/RansomwareOverview.html
http://www.tripwire.com/state-of-security/security-data-protection/ransomware-happy-ending-10
http://www.thewindowsclub.com/list-ransomware-decryptor-tools
https://blogs.technet.microsoft.com/mmpc/2016/05/18/the-5ws-and-1h-of-ransomware/
https://decrypter.emsisoft.com/
https://www.nomoreransom.org/
@cyb3rops
@bartblaze
@demonslay335
@MarceloRivero
@DanielGallagher
@nyxbone
@struppigel
@anthonykasza
@bambenek
@AboutDFIR
@MercesFernando
@jasc22
rcher and want to support us, please contact me on Twitter @cyb3rops, tell me a bit about your background and I'll grant you write a
Backup of spreadsheet
state-of-security/security-data-protection/ransomware-happy-ending-10-known-decryption-cases/
ub.com/list-ransomware-decryptor-tools
osoft.com/mmpc/2016/05/18/the-5ws-and-1h-of-ransomware/
Decrypters
Decrypters + info
ckground and I'll grant you write access to this list.