Malware Analysis && UnEthical Hacking
inicio hacking WiFu WiBOG MDB
  Ransomware Overview   
A partir del año 2016 hubo un gran auge con respecto a este tipo de amenazas informáticas: RANSOMWARE situación que no parece disminuir para este nuevo año 2017, por esta razón ha sido necesario llevar a cabo un seguimiento detallado de sus características, funcionamiento y diferentes tipos de algoritmos de cifrado utilizados para impedir el acceso a la información personal de los usuarios. El propósito de los autores que desarrollan este tipo de programas es básicamente el de “extorsionar” (requerir de un pago o rescate) a las personas con el fin de obtener un beneficio económico.

La siguiente tabla le permitirá consultar una gran cantidad de información relacionada con cada una de las diferentes versiones identificas a lo largo de este año a través de una gran labor de investigación que se está llevando a cabo por un grupo de analistas de malware; esto con el fin de que las personas estén familiarizadas con el tema y puedan (de ser posible) recuperar su información sin necesidad de realizar ningún tipo de pago.

Esta información ha sido compilada gracias al esfuerzo de los siguientes colaboradores:

» Florian Roth - @cyb3rops
» Bart - @bartblaze
» Michael Gillespie - @demonslay335
» Marcelo Rivero - @MarceloRivero
» Daniel Gallagher - @DanielGallagher
» Karsten Hahn - @struppigel
» Mosh - @nyxbone

Y demás contribuyentes (que apoyan la labor de detección y análisis):

» ☩MalwareMustDie - @MalwareMustDie
» MalwareHunterTeam - @malwrhunterteam
» hasherezade - @hasherezade
» Brad - @malware_traffic
» Lawrence Abrams - @BleepinComputer
» Fabian Wosar - @fwosar
» xXToffeeXx - @PolarToffee
» S!Ri - @siri_urz
» Jakub Kroustek - @JakubKroustek
» R0bert R0senb0rg - @drProct0r
» Jiri Kropac - @jiriatvirlab
» JaromirHorejsi - @JaromirHorejsi


Si necesita aún más información (como la mencionada a continuación) por favor visite nuestro documento en línea: RANSOMWARE OVERVIEW

» Versiones no identificadas.
» Detección e indicadores de compromiso (IOC).
» Métodos de prevención.
» Distribución en el tiempo.


Si requiere la descarga de algunos de estos ejemplares de malware (únicamente con motivos de investigación) diríjase a este enlace: [MDB]
Name Extensions Extension Pattern / Comment Encryption Algorithm Also known as Decrypt Info S.S.
.CryptoHasYou. .enc   AES(256)     INFO S.S.
777 .777 -._[timestamp]_$[email]$.777 XOR Sevleg INFO    
7ev3n .R4A
.R5A
    7ev3n-HONE$T INFO
INFO
INFO S.S.
7h9r .7h9r   AES     INFO S.S.
8lock8 .8lock8   AES (256) Based on H.T. INFO    
AiraCrop ._AiraCropEncrypted     related to TeamXRat   INFO S.S.
Al-Namrood .unavailable
.disappeared
      INFO S.S.
Alcatraz Locker .Alcatraz       INFO S.S.
ALFA Ransomware .bin Made by creators of Cerber       INFO S.S.
Alma Ransomware random random(x5) AES (128)   INFO INFO
INFO
S.S.
Alpha Ransomware .encrypt   AES(256) AlphaLocker INFO INFO
INFO
S.S.
Alphabet   Doesn't encrypt any files
provides you the key
    INFO S.S.
AMBA .amba Websites only amba@riseup.net     INFO S.S.
Angela Merkel .angelamerkel       INFO S.S.
AngleWare .AngleWare       INFO S.S.
Angry Duck .adk       INFO S.S.
Anony       ngocanh INFO S.S.
Anubis .coded   AES(256) Based on EDA2 INFO S.S.
Apocalypse .encrypted
.SecureCrypted
.FuckYourData
.unavailable
.bleepYourFiles
.Where_my_files.txt
    Fabiansomeware INFO INFO  
ApocalypseVM .encrypted
.locked
Apocalypse ransomware version which uses VMprotect     INFO    
ASN1         INFO S.S.
AutoLocky .locky       INFO   S.S.
Aw3s0m3Sc0t7 .enc       INFO S.S.
BadBlock         INFO INFO S.S.
S.S.
BadEncript .bript       INFO S.S.
BaksoCrypt .adr     Based on my-Little-Ransomware   INFO
INFO
 
Bandarchor   .id-[ID]_[EMAIL_ADDRESS] AES(256) Rakhni   INFO
INFO
S.S.
BarRax .BarRax     Based on HiddenTear INFO S.S.
Bart .bart.zip
.bart
.perl
Possible affiliations with RockLoader, Locky and Dridex   BaCrypt INFO INFO
INFO
S.S.
BitCryptor .clf       INFO   S.S.
BitStak .bitstak   Base64 + String Replacement   INFO   S.S.
BlackShades Cryptor .Silent   AES(256) SilentShade   INFO  
Blocatto .blocatto   AES (256) Based on H.T. INFO   S.S.
Booyah       Salam!     S.S.
Brazilian .lock   AES(256) Based on EDA2   INFO S.S.
Brazilian Globe   .id-%ID%_garryweber@protonmail.ch     INFO S.S.
BrLock     AES     INFO S.S.
Browlock   No local encryption, browser only          
BTCWare .btcware Related to / new version of CryptXXX     INFO S.S.
S.S.
Bucbi   No file name change, no extension GOST     INFO S.S.
BuyUnlockCode   (.*).encoded.([A-Z0-9]{9})
Does not delete Shadow Copies
        S.S.
Central Security Treatment Organization .cry       INFO S.S.
Cerber .cerber
.cerber2
.cerber3
  AES     INFO
INFO
S.S.
S.S.
CerberTear         INFO S.S.
Chimera .crypt
4 random characters, e.g.: .PzZs
      INFO INFO S.S.
CHIP .CHIP
.DALE
      INFO
INFO
S.S.
Click Me Game         INFO S.S.
Clock   Does not encrypt anything     INFO S.S.
CloudSword         INFO S.S.
Cockblocker .hannah       INFO S.S.
CoinVault .clf       INFO   S.S.
Coverton .coverton
.enigma
.czvxce
  AES(256)     INFO S.S.
Crptxxx .crptxxx Uses @enigma0x3's UAC bypass     INFO S.S.
Cryaki .{CRYPTENDBLACKDC}       INFO   S.S.
Crybola         INFO   S.S.
CryFile .criptiko
.criptoko
.criptokod
.cripttt
.aga
  Moves bytes   INFO   S.S.
CryLocker .cry Identifies victim locations w/Google Maps API   Cry
CSTO
Central Security Treatment Organization
INFO S.S.
CrypMIC   CryptXXX clone/spinoff AES(256)   INFO   S.S.
Crypren .ENCRYPTED       INFO INFO S.S.
Crypt38 .crypt38   AES   INFO INFO S.S.
CryptConsole random Impersonates the Globe Ransomware
Will not actually encrypt files
    INFO INFO S.S.
Cryptear     AES(256) Based on H.T. INFO   S.S.
Crypter   Does not actually encrypt the files, but simply renames them     INFO S.S.
CryptFIle2 .scl id[_ID]email_xerx@usa.com.scl RSA     INFO S.S.
CryptInfinite .crinf       INFO   S.S.
CryptoBit   sekretzbel0ngt0us.KEY
Do not confuse with CryptorBit
AES and RSA   INFO
INFO
S.S.
CryptoBlock   RaaS     INFO
INFO
S.S.
CryptoDefense   No extension change     INFO   S.S.
CryptoDevil .devil       INFO S.S.
CryptoFinancial       Ranscam   INFO
INFO
S.S.
CryptoFortress .frtrss Mimics Torrentlocker
Encrypts only 50% of each file up to 5 MB
AES(256)       S.S.
CryptoGraphic Locker .clf Subvariants: CoinVault & BitCryptor         S.S.
CryptoHost   RAR's victim's files AES(256) Manamecrypt
Telograph
ROI Locker
INFO   S.S.
CryptoJacky         INFO S.S.
CryptoJoker .crjoker   AES(256)       S.S.
CryptoLocker .encrypted
.ENC
      INFO INFO S.S.
CryptoLocker 1.0.0         INFO S.S.
CryptoLocker 5.1         INFO S.S.
CryptoLuck / YafunnLocker .[victim_id]_luck [A-F0-9]{8}_luck AES(256)   INFO
INFO
S.S.
CryptoMix .code
.scl
.rmd
.lesli
.rdmk
.CRYPTOSHIELD
.CRYPTOSHIEL
.id_ID_email_EMAIL_.code
.id_ID_email_EMAIL_.scl
  Zeta   INFO
INFO
S.S.
CryptON _crypt
.id-_locked
.id-_locked_by_krec
.id-_locked_by_perfect
.id-_x3m
.id-_r9oj
.id-_garryweber@protonmail.ch
.id-_steaveiwalker@india.com_
.id-_julia.crown@india.com_
.id-_tom.cruz@india.com_
.id-_CarlosBoltehero@india.com_
.id-_maria.lopez1@india.com_
  RSA, AES-256 and SHA-256 Nemesis
X3M
INFO INFO
INFO
S.S.
CryptoRansomeware         INFO S.S.
Cryptorium .ENC Only renames files and does not encrypt them       S.S.
CryptoRoger .crptrgr   AES     INFO S.S.
CryptoShadow .doomed       INFO S.S.
CryptoShield .CRYPTOSHIELD   AES(256) / ROT-13 CryptoMix Variant INFO S.S.
CryptoShocker .locked   AES     INFO S.S.
CryptoTorLocker2015 .CryptoTorLocker2015!       INFO   S.S.
CryptoTrooper     AES   INFO S.S.
CryptoWall 1   No filename change         S.S.
CryptoWall 2   No filename change         S.S.
CryptoWall 3   No filename change         S.S.
CryptoWall 4 (random).(random)           S.S.
CryptoWire     AES(256)   INFO
INFO
S.S.
CryptXXX .crypt Comes with Bedep   CryptProjectXXX INFO INFO S.S.
CryptXXX 2.0 .crypt Locks screen
Ransom note names are an ID
Comes with Bedep
  CryptProjectXXX INFO INFO
INFO
S.S.
CryptXXX 3.0 .crypt
.cryp1
.crypz
.cryptz
random
Comes with Bedep   UltraDeCrypter
UltraCrypter
INFO INFO
INFO
S.S.
CryptXXX 3.1 .cryp1 StilerX credential stealing     INFO INFO S.S.
CryPy .cry   AES     S.S.
CTB-Faker           INFO S.S.
CTB-Locker .ctbl .([a-z]{6,7}) RSA(2048) Citroni     S.S.
CTB-Locker WEB   Websites only AES(256)   INFO
INFO
S.S.
CuteRansomware .已加密
.encrypted
  AES(128) Based on my-Little-Ransomware INFO INFO S.S.
Cyber SpLiTTer Vbs       Based on HiddenTear
CyberSplitter
INFO
INFO
S.S.
S.S.
S.S.
S.S.
Damage .damage Written in Delphi Combination of SHA-1 and Blowfish   INFO INFO S.S.
Dharma .dharma
.wallet
.zzzzz
..(dharma|wallet|zzzzz)   CrySiS variant INFO   S.S.
Deadly for a Good Purpose         INFO S.S.
Death Bitches .locked       INFO S.S.
DeCrypt Protect .html       INFO   S.S.
DEDCryptor .ded   AES(256) Based on EDA2   INFO
INFO
S.S.
Demo .encrypted only encrypts .jpg files     INFO S.S.
Depsex .Locked-by-Mafia     Based on HiddenTear
MafiaWare
INFO S.S.
DeriaLock .deria       INFO INFO S.S.
DetoxCrypto     AES     INFO  
Digisom         INFO S.S.
DirtyDecrypt           INFO S.S.
DMALocker ABCXYZ11   AES(256) in ECB   INFO
INFO
INFO
INFO S.S.
DMALocker 2.0 !DMALOCK   AES(256) + RSA   INFO
INFO
INFO
INFO S.S.
DMALocker 3.0 !DMALOCK3.0   AES(256) + RSA   INFO
INFO
INFO
  S.S.
DMALocker 4.0 !DMALOCK4.0   AES(256) + RSA   INFO
INFO
INFO
INFO S.S.
DNRansomware .fucked Code to decrypt: 83KYG9NW-3K39V-2T3HJ-93F3Q-GT     INFO S.S.
Domino .domino   AES(256) Based on Hidden Tear   INFO
INFO
S.S.
Donald Trump .ENCRYPTED   AES   INFO S.S.
DummyLocker .dCrypt       INFO S.S.
DXXD .dxxd       INFO INFO S.S.
DynA-Crypt .crypt       INFO S.S.
EDA2 / HiddenTear .locked Open sourced C# AES(256) Cryptear      
EdgeLocker .edgel       INFO S.S.
EduCrypt .isis
.locked
    Based on Hidden Tear
EduCrypter
INFO INFO S.S.
El-Polocker .ha3     Los Pollos Hermanos     S.S.
Encoder.xxxx   Coded in GO   Trojan.Encoder.6491 INFO
INFO
S.S.
encryptoJJS .enc       S.S.
Enigma .enigma   AES (128)     INFO  
Enjey       Based on RemindMe INFO S.S.
EnkripsiPC .fucked The encryption password is based on the computer name   IDRANSOMv3
Manifestus
INFO INFO
INFO
S.S.
Erebus Encrypt the extension using ROT-23   AES   INFO S.S.
Evil .file0locked
.evillock
Coded in Javascript     INFO
INFO
S.S.
Exotic .exotic Also encrypts executables AES(128)   INFO S.S.
FabSysCrypto       Based on HiddenTear INFO S.S.
Fadesoft         INFO
INFO
S.S.
Fairware   Target Linux O.S.       INFO S.S.
Fakben .locked     Based on H.T.   INFO S.S.
FakeGlobe .crypt       INFO INFO S.S.
FakeCryptoLocker .cryptolocker       INFO S.S.
Fantom .fantom
.comrade
Variants: Comrade Circle AES(128) Based on EDA2   INFO S.S.
FenixLocker .FenixIloveyou!!       INFO INFO S.S.
FileLocker .ENCR       INFO S.S.
FireCrypt .firecrypt   AES(256)   INFO S.S.
Flyper .locked     Based on EDA2 / HiddenTear INFO S.S.
Fonco   Contact email safefiles32@mail.ru also as prefix in encrypted file contents         S.S.
Free-Freedom .madebyadam Unlock code is: adam or adamdude9   Roga INFO S.S.
FSociety .fs0ciety
.dll
    Based on EDA2
Based on RemindMe
INFO INFO
INFO
S.S.
Fury         INFO   S.S.
GhostCrypt .Z81928819   AES (256) Based on H.T. INFO INFO S.S.
Gingerbread         INFO S.S.
Globe v1 .purge   Blowfish Purge INFO INFO S.S.
Globe v2 .lovewindows
.openforyou@india.com
.. Blowfish Purge INFO S.S.
Globe v3 .[random].blt
.[random].encrypted
.[random].raid10
.[mia.kokers@aol.com]
.[random].globe
.unlockvt@india.com
.rescuers@india.com.[a-zA-Z0-9].lock
.locked
.decrypt2017
.hnumkhotep
Extesion depends on the config file. It seems Globe is a ransomware kit. RC4
AES(256)
Purge INFO S.S.
GNL Locker .locked Only encrypts DE or NL
Variants, from old to latest: Zyklon Locker, WildFire locker, Hades Locker
AES (256)     INFO S.S.
GOG .L0CKED       INFO S.S.
Gomasom .crypt !___[EMAILADDRESS]_.crypt     INFO   S.S.
Goopic           INFO S.S.
Gopher   OS X ransomware (PoC)         S.S.
Gremit .rnsmwr       INFO S.S.
Guster .locked       INFO S.S.
Hacked .versiegelt
.encrypted
.payrmts
.locked
.Locked
    Jigsaw Ransomware variant INFO S.S.
Harasom .html       INFO   S.S.
HDDCryptor   Uses https://diskcryptor.net for full disk encryption Custom (net shares), XTS-AES (disk) Mamba INFO
INFO
S.S.
Heimdall   File marker: "Heimdall---" AES-128-CBC   INFO S.S.
Help_dcfile .XXX       INFO S.S.
Herbst .herbst   AES(256)   INFO S.S.
Hermes   Filemarker: "HERMES" AES   INFO INFO S.S.
Hi Buddy! .cry   AES(256) Based on H.T.   INFO S.S.
Hitler   Deletes files       INFO
INFO
S.S.
HolyCrypt (encrypted)   AES     INFO S.S.
HTCryptor   Includes a feature to disable the victim's windows firewall   Modified in-dev HiddenTear INFO S.S.
Hucky .locky [a-zA-Z0-9+_-]{1,}.[a-z0-9]{3,4}.locky AES, RSA (hardcoded) Based on Locky
Hungarian Locky (Hucky)
INFO S.S.
HydraCrypt   hydracrypt_ID_[\w]{8}
CrypBoss Family
    INFO INFO S.S.
IFN643         INFO S.S.
iLock .crime         INFO S.S.
iLockLight .crime           S.S.
International Police Association <6 random characters> CryptoTorLocker2015 variant     INFO S.S.
iRansom .Locked       INFO S.S.
Jack.Pot         INFO S.S.
JagerDecryptor !ENC Prepends filenames       INFO S.S.
JapanLocker     Base64 encoding, ROT13, and top-bottom swapping shc Ransomware
SyNcryption
INFO INFO S.S.
Jeiphoos   Windows, Linux
Campaign stopped
Actor claimed he deleted the master key
RC6 (files), RSA 2048 (RC6 key) Encryptor RaaS
Sarento
  INFO
INFO
S.S.
Jhon Woddy .killedXXX Same codebase as DNRansomware
Lock screen password is M3VZ>5BwGGVH
    INFO INFO S.S.
Jigsaw .btc
.kkk
.fun
.gws
.porno
.payransom
.payms
.paymst
.AFD
.paybtcs
.epic
.xyz
.encrypted
.hush
.paytounlock
.uk-dealer@sigaint.org
.gefickt
.nemo-hacks.at.sigaint.org
CryptoHitMan (subvariant) AES(256)   INFO INFO
INFO
S.S.
S.S.
S.S.
S.S.
S.S.
S.S.
S.S.
Job Crypter .locked
.css
  TripleDES Based on H.T.   INFO
INFO
INFO
S.S.
JohnyCryptor             S.S.
Kaandsona .kencf Crashes before it encrypts   Käändsõna
RansomTroll
INFO S.S.
Kangaroo .crypted_file From the developer behind the Apocalypse Ransomware, Fabiansomware, and Esmeralda     INFO S.S.
Karma .karma pretends to be a Windows optimization program called Windows-TuneUp AES   INFO S.S.
Karmen .grt RaaS   Based on HiddenTear INFO S.S.
Kasiski [KASISKI]       INFO S.S.
KawaiiLocker         INFO S.S.
KeRanger .encrypted OS X Ransomware AES   INFO INFO S.S.
KeyBTC .keybtc@inbox_com       INFO   S.S.
KEYHolder           INFO S.S.
KillDisk     AES(256)   INFO
INFO
S.S.
KillerLocker .rip Possibly Portuguese dev     INFO S.S.
KimcilWare .kimcilware
.locked
Websites only AES   INFO INFO S.S.
Kirk .Kirked Payments in Monero     INFO INFO S.S.
Koolova         INFO S.S.
Korean .암호화됨   AES(256) Based on HiddenTear INFO S.S.
Kostya .kostya       INFO S.S.
Kozy.Jozy .31392E30362E32303136_[ID-KEY]_LSBJ1 .([0-9A-Z]{20})_([0-9]{2})_([A-Z0-9]{4,5}) RSA(2048) QC   INFO
INFO
S.S.
Kraken .kraken [base64].kraken     INFO S.S.
KratosCrypt .kratos         INFO S.S.
KRider .kr3       INFO S.S.
KryptoLocker     AES(256) Based on H.T.      
LambdaLocker .lambda_l0cked Python Ransomware AES(256)   INFO S.S.
LeChiffre .LeChiffre Encrypts first 0x2000 and last 0x2000 bytes     INFO INFO S.S.
Lick .Licked Variant of Kirk     INFO S.S.
Linux.Encoder   Linux Ransomware     INFO   S.S.
LK Encryption       Based on HiddenTear INFO S.S.
LLTP Locker .ENCRYPTED_BY_LLTP
.ENCRYPTED_BY_LLTPp
Targeting Spanish speaking victims AES-256   INFO S.S.
Locked-In       Based on RemindMe INFO INFO S.S.
Locker NONE       INFO   S.S.
LockLock .locklock   AES(256)   INFO S.S.
Locky .locky
.zepto
.odin
.shit
.thor
.aesir
.zzzzz
.osiris
([A-F0-9]{32}).locky
([A-F0-9]{32}).zepto
([A-F0-9]{32}).odin
([A-F0-9]{32}).shit
([A-F0-9]{32}).thor
([A-F0-9]{32}).aesir
([A-F0-9]{32}).zzzzz
([A-F0-9]{32}).osiris
Affiliations with Dridex and Necurs botnets
AES(128)   INFO
INFO
INFO
INFO
S.S.
Lock93 .lock93       INFO S.S.
Lomix   Based on the idiotic open-source ransomware called CryptoWire     INFO S.S.
Lortok .crime           S.S.
LowLevel04 oor. Prepends filenames         S.S.
M4N1F3STO   Does not encrypt
Unlock code=suckmydicknigga
    INFO S.S.
Mabouia   OS X ransomware (PoC)         S.S.
MacAndChess       Based on HiddenTear S.S.
Magic .magic   AES(256) Based on EDA2     S.S.
MaktubLocker   [a-z]{4,6} AES(256), RSA (2048)     INFO S.S.
Marlboro .oops   XOR   INFO INFO S.S.
MarsJoke .a19
.ap19
      INFO INFO S.S.
MasterBuster         INFO S.S.
Matrix     GnuPG   INFO S.S.
Meister   Targeting French victims     INFO S.S.
Merry X-Mas! .PEGS1
.MRCR1
.RARE1
.MERRY
.RMCM1
Written in Delphi   MRCR INFO INFO
INFO
S.S.
S.S.
Meteoritan         INFO S.S.
MIRCOP Lock.   AES Crypt888 INFO
INFO
INFO
INFO
INFO
S.S.
MireWare .fucked
.fuck
  AES(256) Based on H.T.     S.S.
Mischa   .([a-zA-Z0-9]{4})   "Petya's little brother"   INFO S.S.
MM Locker .locked   AES(256) Based on EDA2
Booyah
  INFO S.S.
Mobef .KEYZ
.KEYH0LES
    Yakes
CriptoBit
  INFO
INFO
S.S.
Monument   Use the DarkLocker 5 porn screenlocker
Jigsaw variant
    INFO S.S.
MOTD .enc       INFO S.S.
MSN CryptoLocker         INFO S.S.
n1n1n1   Filemaker: "333333333333"     INFO
INFO
S.S.
N-Splitter .кибер разветвитель Russian Koolova Variant     INFO
INFO
S.S.
Nagini   Looks for C:\Temp\voldemort.horcrux     INFO S.S.
NanoLocker NONE   AES(256)   INFO   S.S.
Nemucod .crypted 7zip (a0.exe) variant cannot be decrypted
Encrypts the first 2048 Bytes
XOR(255)   INFO
INFO
INFO
INFO S.S.
Netix     AES(256) RANSOM_NETIX.A INFO S.S.
Nhtnwcuf   Does not encrypt the files
Files are destroyed
    INFO S.S.
NMoreira .maktub
.__AiraCropEncrypted!
  mix of RSA and AES-256 XRatTeam
XPan
INFO INFO S.S.
NoobCrypt           INFO
INFO
S.S.
Nuke .nuclear55   AES   INFO S.S.
Nullbyte _nullbyte       INFO INFO S.S.
Ocelot   Does not encrypt anything     INFO S.S.
ODCODC .odcodc C-email-abennaki@india.com-(file).odcodc XOR   INFO INFO
INFO
S.S.
Offline Ransomware .cbf email-[params].cbf
Email addresses overlap with .777 addresses
  Vipasana
Cryakl
INFO INFO S.S.
OMG! Ransomware .LOL!
.OMG!
    GPCode     S.S.
Onyx   Georgian ransomware     INFO S.S.
Operation Global III .EXE Is a file infector (virus)     INFO   S.S.
OzozaLocker .Locked       INFO INFO S.S.
PadCrypt .padcrypt Has a live support chat       INFO
INFO
S.S.
Padlock Screenlocker   Unlock code is: ajVr/G\RJz0R     INFO S.S.
Patcher .crypt Targeting macOS users     INFO INFO S.S.
PayDay .sexy     Based off of HiddenTear INFO S.S.
PayDOS   Batch file
Passcode: AES1014DW256
  Serpent INFO S.S.
Paysafecard Generator 2016 .cry_ test.cry_jpg     INFO S.S.
PClock   CryptoLocker Copycat XOR CryptoLocker clone
WinPlock
INFO INFO S.S.
PetrWrap         INFO S.S.
Petya   Encrypts disk partitions Modified Salsa20 Goldeneye INFO
INFO
INFO
INFO
S.S.
Philadelphia .locked .locked
Coded by "The_Rainmaker"
AES(256)   INFO INFO S.S.
Phoenix .R.i.P     Based on HiddenTear INFO S.S.
Pickles .EnCrYpTeD %random%.EnCrYpTeD
Python Ransomware
    INFO S.S.
PizzaCrypts .id-[victim_id]-maestro@pizzacrypts.info       INFO   S.S.
PokemonGO .locked   AES(256) Based on H.T.   INFO
INFO
S.S.
Popcorn Time .filock   AES(256)   INFO S.S.
Polyglot   Immitates CTB-Locker AES(256)   INFO INFO S.S.
Potato .potato   AES(256)   INFO S.S.
PowerWare .locky Open-sourced PowerShell AES(128) PoshCoder INFO
INFO
INFO
INFO
S.S.
PowerWorm   no decryption possible
AES, but throws key away, destroys the files
    S.S.
Princess Locker   [a-z]{4,6},[0-9]     INFO INFO
INFO
S.S.
PRISM           INFO S.S.
Project34         S.S.
ProposalCrypt .crypted       INFO INFO S.S.
Ps2exe         INFO S.S.
PyL33T .d4nk Python Ransomware     INFO S.S.
R980 .crypt         INFO S.S.
RAA Encryptor .locked Possible affiliation with Pony   RAA   INFO
INFO
S.S.
Radamant .RDM
.RRK
.RAD
.RADAMANT
  AES(256)   INFO INFO
INFO
INFO
S.S.
Rakhni .locked
.kraken
.darkness
.nochance
.oshit
.oplata@qq.com
.relock@qq_com
.crypto
.helpdecrypt@ukr.net
.pizda@qq_com
.dyatel@qq_com
.nalog@qq_com
.chifrator@qq_com
.gruzin@qq_com
.troyancoder@qq_com
.encrypted
.cry
.AES256
.enc
.hb15
.coderksu@gmail_com_id
[0-9]{2,3}
.crypt@india.com.
[\w]{4,12}"
Files might be partially encrypted
  Agent.iih
Aura
Autoit
Pletor
Rotor
Lamer
Isda
Cryptokluchen
Bandarchor
INFO   S.S.
Ramsomeer       Based on the DUMB ransomware S.S.
Ranion   RaaS service AES(256)   INFO S.S.
Rannoh   locked-.[a-zA-Z]{4}     INFO    
RanRan .zXz       INFO INFO
INFO
S.S.
Ransoc   Doesn't encrypt user files     INFO
INFO
S.S.
Ransom32 NONE No extension change
Javascript Ransomware
        S.S.
RansomLock   Locks the desktop Asymmetric 1024   INFO S.S.
RansomPlus .encrypted       INFO S.S.
RarVault         S.S.
Razy .razy
.fear
  AES(128)   INFO
INFO
S.S.
Rector .vscrypt
.infected
.bloc
.korrektor
      INFO   S.S.
Red Alert       Based on Hidden Tear INFO S.S.
RektLocker .rekt   AES(256)   INFO   S.S.
RemindMe .remind
.crashed
        INFO S.S.
Revenge .REVENGE CryptoMix / CryptFile2 Variant AES(256)   INFO S.S.
Rokku .rokku Possibly related with Chimera Curve25519 + ChaCha     INFO S.S.
RoshaLock   Stores your files in a password protected RAR file     INFO S.S.
RozaLocker .ENC       INFO S.S.
Runsomewere   Utilizes the Jigsaw Ransomware background   Based on HT/EDA2 INFO S.S.
RussianRoulette   Variant of the Philadelphia ransomware     INFO S.S.
SADStory   Variant of CryPy     INFO S.S.
Sage 2.0 .sage Predecessor CryLocker     INFO
INFO
S.S.
Samas-Samsam .encryptedAES
.encryptedRSA
.encedRSA
.justbtcwillhelpyou
.btcbtcbtc
.btc-help-you
.only-we_can-help_you
.iwanthelpuuu
.notfoundrans
.encmywork
.VforVendetta
.theworldisyours
.Whereisyourfiles
.helpmeencedfiles
.powerfulldecrypt
.noproblemwedecfiles
.weareyourfriends
.otherinformation
.letmetrydecfiles
.encryptedyourfiles
.weencedufiles
.iaufkakfhsaraf
.cifgksaffsfyghd
Targeted attacks: Jexboss / PSExec / Hyena AES(256) + RSA(2096) samsam.exe
MIKOPONI.exe
RikiRafael.exe
showmehowto.exe
INFO INFO
INFO
S.S.
Sanction .sanction   AES(256) + RSA(2096) Based on HiddenTear, but heavily modified keygen     S.S.
Sardoninir .enc       INFO S.S.
Satan .stn RaaS     INFO S.S.
Satana Sarah_G@ausi.com___         INFO
INFO
S.S.
Scraper NONE       INFO   S.S.
SerbRansom .velikasrbija       INFO
INFO
S.S.
Serpent .serpent Batch file
Passcode: RSA1014DJW2048
AES(256) PayDOS INFO
INFO
S.S.
Serpico   DetoxCrypto Variant AES     INFO S.S.
Shark .locked   AES(256) Atom   INFO
INFO
S.S.
ShellLocker .L0cked       INFO S.S.
ShinoLocker .shino         INFO
INFO
S.S.
Shujin       KinCrypt   INFO
INFO
S.S.
Simple_Encoder .~   AES     INFO S.S.
SkidLocker .locked   AES(256) Based on EDA2
Pompous
INFO INFO S.S.
SkyName       Based on HiddenTear INFO S.S.
Smash!         INFO S.S.
Smrss32 .encrypted            
SNSLocker .RSNSlocked
.RSplited
  AES(256) Based on EDA2   INFO S.S.
Spora         INFO
INFO
S.S.
Sport .sport           S.S.
Stampado .locked Coded by "The_Rainmaker"
Randomly deletes a file every 6hrs up to 96hrs then deletes decryption key
AES(256)   INFO
INFO
INFO
INFO
INFO
S.S.
Strictor .locked   AES(256) Based on EDA2   INFO S.S.
Surprise .surprise
.tzu
  AES(256) Based on EDA2     S.S.
Survey   Still in development, shows FileIce survey     INFO S.S.
SynoLocker   Exploited Synology NAS firmware directly over WAN         S.S.
SZFLocker .szf       INFO   S.S.
TeamXrat .___xratteamLucked   AES(256)   INFO S.S.
TeleCrypt .xcri Telecrypt will generate a random string to encrypt with that is between 10-20 length and only contain the letters vo,pr,bm,xu,zt,dq.     INFO
INFO
INFO
INFO
S.S.
TeslaCrypt 0.x - 2.2.0 .vvv
.ecc
.exx
.ezz
.abc
.aaa
.zzz
.xyz
    AlphaCrypt INFO
INFO
  S.S.
TeslaCrypt 3.0+ .micro
.xxx
.ttt
.mp3
  AES(256) + ECHD + SHA1   INFO
INFO
INFO
  S.S.
TeslaCrypt 4.1A NONE   AES(256) + ECHD + SHA1   INFO
INFO
INFO
INFO INFO S.S.
TeslaCrypt 4.2         INFO
INFO
INFO
INFO S.S.
Thanksgiving         INFO S.S.
Threat Finder         S.S.
TorrentLocker .Encrypted
.enc
Newer variants not decryptable
Only first 2 MB are encrypted
AES(256) CBC for files
RSA(1024) for AES key
uses LibTomCrypt
Crypt0L0cker
CryptoFortress
Teerac
INFO INFO
INFO
S.S.
TowerWeb           INFO S.S.
Toxcrypt .toxcrypt           S.S.
Trojan .braincrypt     BrainCrypt INFO INFO S.S.
Troldesh .breaking_bad
.better_call_saul
.xtbl
.da_vinci_code
.windows10
.no_more_ransom
  AES(256) Shade
XTBL
INFO INFO
INFO
S.S.
TrueCrypter .enc   AES(256)     INFO S.S.
Trump Locker .TheTrumpLockerf
.TheTrumpLockerfp
      INFO S.S.
Turkish .sifreli       INFO S.S.
Turkish (Fake CTB-Locker) .encrypted keys in '%name%.manifest.xml       INFO S.S.
Turkish Ransom .locked   AES(256)     INFO S.S.
UltraLocker     AES(256) Based on the idiotic open-source ransomware called CryptoWire INFO
INFO
S.S.
UmbreCrypt   umbrecrypt_ID_[VICTIMID]
CrypBoss Family
AES   INFO   S.S.
UnblockUPC         INFO S.S.
Ungluk .H3LL
.0x0
.1999
Ransom note instructs to use Bitmessage to get in contact with attacker
Secretishere.key
secret.key
AES       S.S.
Unlock26 .locked-[XXX]       INFO S.S.
Unlock92 .CRRRT
.CCCRRRPPP
        INFO S.S.
Vanguard   GO Ransomware     INFO S.S.
VapeLauncher   CryptoWire variant     INFO S.S.
VaultCrypt .vault
.xort
.trun
  GPG CrypVault
Zlader
  INFO S.S.
VBRANSOM 7 .VBRANSOM Does not actually encrypt     INFO S.S.
VenisRansomware         INFO
INFO
S.S.
VenusLocker .Venusf
.Venusp
  AES(256) Based on EDA2   INFO
INFO
S.S.
Vindows Locker .vindows   AES   INFO
INFO
INFO
INFO
S.S.
Virlock .exe Polymorphism / Self-replication       INFO INFO
INFO
INFO
S.S.
Virus-Encoder .CrySiS
.xtbl
.crypt
.DHARMA
.[email_address].DHARMA AES(256) CrySiS INFO
INFO
INFO
INFO
S.S.
Vortex .aes     Ŧl๏tєгค гคภร๏๓ฬคгє INFO S.S.
vxLock .vxLock       S.S.
Wcry .wcry       INFO S.S.
WildFire Locker .wflx Zyklon variant   Hades Locker   INFO S.S.
Winnix Cryptor .wnx   GPG   INFO S.S.
XCrypt         INFO S.S.
Xorist .EnCiPhErEd
.73i87A
.p5tkjw
.PoAr2w
.fileiscryptedhard
.encoderpass
.zc3791
.antihacker2017
Encrypted files will still have the original non-encrypted header of 0x33 bytes length XOR or TEA   INFO   S.S.
XRTN .xrtn VaultCrypt family         S.S.
XYZWare       Based on HiddenTear INFO S.S.
You Have Been Hacked!!! .Locked Attempt to steal passwords     INFO S.S.
YourRansom .yourransom       INFO
INFO
S.S.
Zcrypt .zcrypt     Zcryptor   INFO S.S.
Zeta .code
.scl
.rmd
    CryptoMix INFO S.S.
Zimbra .crypto         INFO S.S.
ZinoCrypt .ZINO       INFO S.S.
Zlader / Russian .vault VaultCrypt family RSA VaultCrypt
CrypVault
  INFO S.S.
Zorro .zorro       INFO S.S.
zScreenLocker         INFO S.S.
Zyka .locked       INFO INFO S.S.
Zyklon .zyklon Hidden Tear family
GNL Locker variant
  GNL Locker     S.S.

 

Mosh
@nyxbone
#MalwareMustDie

Inicio       ||       Comunidad       ||      Servicios       ||      Proyectos       ||      Hacking       ||      Contáctenos