Ransomware: Difference between revisions
Jump to navigation
Jump to search
(Created page with "Ranswomare, nasty shit... Some tools! {| class="wikitable" |- ! Name !! Comment !! Keywords !! Known tool |- | TeslaCrypt v8 || Python tool || .vvv vvv Howto_RESTORE_FILES...") (change visibility) |
No edit summary (change visibility) |
||
(8 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
Some tools! | Some tools! | ||
{| class="wikitable sortable" | |||
|- | |||
! Name !! Comment !! Keywords !! Known tool | |||
|- | |||
| TeslaCrypt v1 || Python and Windows Executable || RECOVERY_KEY.TXT ecc .ecc || http://www.talosintel.com/teslacrypt_tool/ http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information | |||
|- | |||
| TeslaCrypt v2 || Python and Windows Executable || RECOVERY_KEY.TXT ecc .ecc || http://www.talosintel.com/teslacrypt_tool/ http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information | |||
|- | |||
| TeslaCrypt v3 || Python and Windows Executable || RECOVERY_KEY.TXT ecc .ecc ezz .ezz || http://www.talosintel.com/teslacrypt_tool/ http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information | |||
|- | |||
| TeslaCrypt v4 || Python and Windows Executable || RECOVERY_KEY.TXT ezz .ezz .exx exx || http://www.talosintel.com/teslacrypt_tool/ http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information | |||
|- | |||
| TeslaCrypt v5 || Example || RECOVERY_KEY.TXT .xyz .zzz .aaa .abc .ccc xyz, .zzz aaa abc ccc || | |||
|- | |||
| TeslaCrypt v6 || Example || RECOVERY_KEY.TXT extension unchanged || | |||
|- | |||
| TeslaCrypt v7 || Example || RECOVERY_KEY.TXT .ccc || | |||
|- | |||
| TeslaCrypt v8 || Python tool || .vvv vvv Howto_RESTORE_FILES.txt || https://github.com/Googulator/TeslaCrack | |||
|- | |||
| Rakhni || Example || mail || http://support.kaspersky.com/us/viruses/disinfection/10556 | |||
|- | |||
| Rannoh || Example || locked-<original name>.<four random letters>. email india || http://support.kaspersky.com/viruses/disinfection/8547 | |||
|- | |||
| Gomasom || Example || mail || http://www.bleepingcomputer.com/news/security/gomasom-crypt-ransomware-decrypted/ | |||
|- | |||
| TeslaCrypt v3 || Example || .XXX xxx .TTT ttt .MICRO|| Example | |||
|- | |||
| TeslaCrypt and Alpha Crypt || Example || HELP_TO_DECRYPT_YOUR_FILES.txt HELP_RESTORE_FILES.txt HELP_TO_DECRYPT_YOUR_FILES.bmp HELP_RESTORE_FILES.bmp HELP_TO_SAVE_FILES.txt HELP_TO_SAVE_FILES.bmp || http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information#decrypt | |||
|- | |||
| Alpha Crypt || Example || HELP_TO_SAVE_FILES.txt HELP_TO_SAVE_FILES.bmp || http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information#decrypt | |||
|- | |||
| CryptoWall || Example || HELP_YOUR_FILES.PNG random string with same length || Example | |||
|- | |||
| CointVault || More info via http://www.bleepingcomputer.com/virus-removal/coinvault-ransomware-information || wallpaper changed, executable named "coinvault" || https://noransom.kaspersky.com/ | |||
|- | |||
| TorrentLocker (fake cryptolocker) || More info via http://www.bleepingcomputer.com/virus-removal/torrentlocker-cryptolocker-ransomware-information || DECRYPT_INSTRUCTIONS.html encrypted .encrypted executable named "cryptolocker "|| | |||
|- | |||
| Locker || More info via http://www.bleepingcomputer.com/virus-removal/locker-ransomware-information || Executable named "locker" || http://pastebin.com/1WZGqrUH https://mega.co.nz/#!W85whbSb!kAb-5VS1Gf20zYziUOgMOaYWDsI87o4QHJBqJiOW6Z4 http://www.bleepingcomputer.com/virus-removal/locker-ransomware-information#decrypt | |||
|- | |||
| TorLocker || Example || wallpaper changed gui window || 70% chance http://support.kaspersky.com/viruses/disinfection/11718 | |||
|- | |||
| Example || Example || Example || Example | |||
|} | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! | ! Header text !! Header text !! Header text | ||
|- | |- | ||
| | | SRP || Example || https://www.nsa.gov/ia/_files/os/win2k/application_whitelisting_using_srp.pdf | ||
|- | |- | ||
| Example || Example || Example | |||
|- | |- | ||
| Example || Example || Example | |||
|} | |} |
Latest revision as of 11:46, 20 January 2016
Ranswomare, nasty shit...
Some tools!
Header text | Header text | Header text |
---|---|---|
SRP | Example | https://www.nsa.gov/ia/_files/os/win2k/application_whitelisting_using_srp.pdf |
Example | Example | Example |
Example | Example | Example |