Ransomware: Difference between revisions

From WikiWiki
Jump to navigation Jump to search
No edit summary   (change visibility)
No edit summary   (change visibility)
 
(4 intermediate revisions by the same user not shown)
Line 35: Line 35:
|-
|-
| Alpha Crypt || Example || HELP_TO_SAVE_FILES.txt HELP_TO_SAVE_FILES.bmp || http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information#decrypt
| Alpha Crypt || Example || HELP_TO_SAVE_FILES.txt HELP_TO_SAVE_FILES.bmp || http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information#decrypt
|-
| CryptoWall || Example || HELP_YOUR_FILES.PNG random string with same length || Example
|-
| CointVault || More info via http://www.bleepingcomputer.com/virus-removal/coinvault-ransomware-information || wallpaper changed, executable named "coinvault" || https://noransom.kaspersky.com/
|-
| TorrentLocker (fake cryptolocker) || More info via http://www.bleepingcomputer.com/virus-removal/torrentlocker-cryptolocker-ransomware-information || DECRYPT_INSTRUCTIONS.html encrypted .encrypted executable named "cryptolocker "||
|-
| Locker || More info via http://www.bleepingcomputer.com/virus-removal/locker-ransomware-information || Executable named "locker" || http://pastebin.com/1WZGqrUH https://mega.co.nz/#!W85whbSb!kAb-5VS1Gf20zYziUOgMOaYWDsI87o4QHJBqJiOW6Z4 http://www.bleepingcomputer.com/virus-removal/locker-ransomware-information#decrypt
|-
| TorLocker || Example || wallpaper changed gui window || 70% chance http://support.kaspersky.com/viruses/disinfection/11718
|-
|-
| Example || Example || Example || Example  
| Example || Example || Example || Example  
|}
{| class="wikitable"
|-
|-
| Example || Example || Example || Example  
! Header text !! Header text !! Header text
|-
| SRP || Example || https://www.nsa.gov/ia/_files/os/win2k/application_whitelisting_using_srp.pdf
|-
| Example || Example || Example
|-
| Example || Example || Example
|}
|}

Latest revision as of 11:46, 20 January 2016

Ranswomare, nasty shit...

Some tools!


Name Comment Keywords Known tool
TeslaCrypt v1 Python and Windows Executable RECOVERY_KEY.TXT ecc .ecc http://www.talosintel.com/teslacrypt_tool/ http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information
TeslaCrypt v2 Python and Windows Executable RECOVERY_KEY.TXT ecc .ecc http://www.talosintel.com/teslacrypt_tool/ http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information
TeslaCrypt v3 Python and Windows Executable RECOVERY_KEY.TXT ecc .ecc ezz .ezz http://www.talosintel.com/teslacrypt_tool/ http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information
TeslaCrypt v4 Python and Windows Executable RECOVERY_KEY.TXT ezz .ezz .exx exx http://www.talosintel.com/teslacrypt_tool/ http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information
TeslaCrypt v5 Example RECOVERY_KEY.TXT .xyz .zzz .aaa .abc .ccc xyz, .zzz aaa abc ccc
TeslaCrypt v6 Example RECOVERY_KEY.TXT extension unchanged
TeslaCrypt v7 Example RECOVERY_KEY.TXT .ccc
TeslaCrypt v8 Python tool .vvv vvv Howto_RESTORE_FILES.txt https://github.com/Googulator/TeslaCrack
Rakhni Example mail http://support.kaspersky.com/us/viruses/disinfection/10556
Rannoh Example locked-<original name>.<four random letters>. email india http://support.kaspersky.com/viruses/disinfection/8547
Gomasom Example mail http://www.bleepingcomputer.com/news/security/gomasom-crypt-ransomware-decrypted/
TeslaCrypt v3 Example .XXX xxx .TTT ttt .MICRO Example
TeslaCrypt and Alpha Crypt Example HELP_TO_DECRYPT_YOUR_FILES.txt HELP_RESTORE_FILES.txt HELP_TO_DECRYPT_YOUR_FILES.bmp HELP_RESTORE_FILES.bmp HELP_TO_SAVE_FILES.txt HELP_TO_SAVE_FILES.bmp http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information#decrypt
Alpha Crypt Example HELP_TO_SAVE_FILES.txt HELP_TO_SAVE_FILES.bmp http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information#decrypt
CryptoWall Example HELP_YOUR_FILES.PNG random string with same length Example
CointVault More info via http://www.bleepingcomputer.com/virus-removal/coinvault-ransomware-information wallpaper changed, executable named "coinvault" https://noransom.kaspersky.com/
TorrentLocker (fake cryptolocker) More info via http://www.bleepingcomputer.com/virus-removal/torrentlocker-cryptolocker-ransomware-information DECRYPT_INSTRUCTIONS.html encrypted .encrypted executable named "cryptolocker "
Locker More info via http://www.bleepingcomputer.com/virus-removal/locker-ransomware-information Executable named "locker" http://pastebin.com/1WZGqrUH https://mega.co.nz/#!W85whbSb!kAb-5VS1Gf20zYziUOgMOaYWDsI87o4QHJBqJiOW6Z4 http://www.bleepingcomputer.com/virus-removal/locker-ransomware-information#decrypt
TorLocker Example wallpaper changed gui window 70% chance http://support.kaspersky.com/viruses/disinfection/11718
Example Example Example Example


Header text Header text Header text
SRP Example https://www.nsa.gov/ia/_files/os/win2k/application_whitelisting_using_srp.pdf
Example Example Example
Example Example Example