· 9 years ago · Apr 13, 2017, 12:36 PM
1
2
3
4
5Name:
6 Nhtnwcuf
7 Â Ransomware
8 (Fake)
9 Month Detected: March 2017
10 Decrypt Key: not yet
11 Extension Ending:
12 RANDOM 3 LETTERS ARE ADDED
13 Encryption: AES
14 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments.
15 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
16 ..
17 Note:
18 https://4.bp.blogspot.com/-OkiR6pVmYUw/WMFiLGPuJhI/AAAAAAAAEME/wccYzFDIzJYWKXVxaTQeB4vM-4X6h3atgCLcB/s1600/note-nhtnwcuf.gif
19 Source:
20 https://id-ransomware.blogspot.co.il/2017/03/nhtnwcuf-ransomware.html
21
22
23
24
25Name:
26 CryptoJacky
27 Ransomware
28 Month Detected: March 2017
29 Decrypt Key: not yet
30 Extension Ending: RANDOM 3 LETTERS ARE ADDED
31 Encryption: AES
32 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
33 ..
34 Note:
35 https://1.bp.blogspot.com/-pSmSehFx0bI/WL8Rp7RoMHI/AAAAAAAAEKw/eyfsAjikl9sDHlcjdyQeRxZsLto4hxvGwCLcB/s1600/note-1-2.png
36 Source:
37 https://id-ransomware.blogspot.co.il/2017/03/cryptojacky-ransomware.html
38
39
40
41
42Name:
43 Kaenlupuf
44 Â Ransomware
45 Month Detected: March 2017
46 Decrypt Key: not yet
47 Extension Ending:
48 n/a
49 Encryption: AES
50 -128
51 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
52 ..
53 Note:
54 https://1.bp.blogspot.com/-yTOgGw5v_vo/WMBUGHN7bnI/AAAAAAAAELY/8DDyxB4pSWgje_-iVbXgy2agNty1X6D6ACLcB/s1600/C6TUfkZWAAEewi_.jpg
55 Source:
56 https://id-ransomware.blogspot.co.il/2017/03/kaenlupuf-ransomware.html
57
58
59
60
61Name:
62 EnjeyCrypter
63 Â Ransomware
64 Month Detected: March 2017
65 Decrypt Key: Contact:
66 https://twitter.com/demonslay335/status/839244287476912133
67 Shadow files can be deleted using the following code:
68 vssadmin
69 delete shadows /all /Quiet
70 Extension Ending:
71 example
72 :
73 .
74 encrypted.contact_here_me@india.com.enjey
75 Encryption: AES
76 -256
77 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
78 ..
79 Note:
80 https://2.bp.blogspot.com/-rkOR4L9jDZc/WMG1uI6vqQI/AAAAAAAAEMk/SAu_FleTLHcagf_maS31xt3D_qnwAx2RQCLcB/s1600/note-enjey_2.png
81 Source:
82 https://id-ransomware.blogspot.co.il/2017/03/enjey-crypter-ransomware.html
83 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-10th-2017-spora-cerber-and-technical-writeups/
84 https://www.bleepingcomputer.com/news/security/embittered-enjey-ransomware-developer-launches-ddos-attack-on-id-ransomware/
85
86
87
88
89Name:
90 Dangerous Ransomware
91 Month Detected: March 2017
92 Decrypt Key: not yet
93 Extension Ending: n/a
94 Encryption: AES-128
95 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
96 ..
97 Note:
98 DANGEROUS_RANSOM
99 Hacked.
100 Please contact
101 hakermail@someting.com
102 Source:
103 https://id-ransomware.blogspot.co.il/2017/03/dangerous-ransomware.html
104
105
106
107
108Name:
109 Vortex
110 Ransomware
111 Month Detected: March 2017
112 Decrypt Key: not yet
113 Extension Ending: n/a
114 Encryption: AES-128
115 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
116 ..
117 Note:
118 Vortex Ransomware
119 Can not
120 find the files on the hard drive? The contents of the files do not open?
121 This is the result of the work of the program, which encrypts a lot of your data with the help of a strong algorithm AES-256, used by power structures to mask the data transferred in electronic form.
122 The only way to recover your files is to buy a decryption program from us, using a one-time key created for you!
123 When you decide to restore your data, please contact us by e-mail: rsapl@openmailbox.org or poiskiransom@airmail.cc
124 2 files will be decrypted in vain to prove that we can do it, for the others, unfortunately, have to pay!
125 Price for the decryption of all files: $ 199
126 Attention! Do not waste your
127 time,
128 time is money, after 4 days the price will increase by 100%!
129 IP = ID =
130 Source:
131 https://id-ransomware.blogspot.co.il/2017/03/vortex-ransomware.html
132
133
134
135
136Name:
137 GC47Â Ransomware
138 Month Detected: March 2017
139 Decrypt Key: not yet
140 Extension Ending:
141 .
142 fuck_you
143 Encryption: AES-128
144 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
145 ..
146 Note:
147 https://3.bp.blogspot.com/-i4i0joM4qRk/WMO7sKLu4dI/AAAAAAAAENU/vLR4B1Xg39wduycHe2f0vEYSv_dtJ-gxwCLcB/s1600/note.jpg
148 Source:
149 https://id-ransomware.blogspot.co.il/2017/03/gc47-ransomware.html
150
151
152
153
154Name:
155 RozaLocker
156 Â Ransomware
157 Month Detected: March 2017
158 Decrypt Key: not yet
159 Extension Ending:
160 .
161 enc
162 Encryption: AES-128
163 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
164 ..
165 Note:
166 YOUR FILES are encrypted (EVEN NOT LOOKING THAT THEY ARE PARTIALLY OPEN). WE HAVE YOUR LOGIN AND PASSWORD FROM THE ENTERTAINMENT, ONE-CLASSICS, ONLINE BANKS AND OTHERS.
167 YOU HAVE 6 HOURS TO PAY FOR A PURCHASE FOR THEM, OTHERWISE WE SHOULD PUT INTO OPEN ACCESS!
168 INSTRUCTION:
169 1) Find 10 000 (10 thousand) rubles, not less. Suitable for the following -
170 (
171 Qiwi
172 ,
173 Sberbank
174 ,
175 Yandex.Money
176 ,
177 Tinkoff
178 Bank, VTB, but better
179 Qiwi
180 (faster)
181 2) In the browser, open the site https://x-pay.cc/ - through this site you will transfer money
182 3) In the column I DELETE where you will translate (according to item 1) and above enter the amount - 10,000 rubles.
183 4) In the RIGHT I select
184 Bitcoin
185 and on top the amount should automatically be transferred to
186 btc
187 5) In the column DATA ENTRY, fill in your requisites from where you will pay and where to transfer (
188 Bitcoin
189 wallet)
190 ATTENTION-ATTENTION,
191 CORRECTly
192 copy this number to a purse (yes, it's so strange)
193 3FjtFZWjyj46UcfDY4AiUrEv7wLtyzZv5o
194 After inserting, carefully, again check whether it is copied correctly.
195 6) Click on GO TO PAY and follow the instructions on the site.
196 In a couple of hours we'll write you on the desktop and return everything to you.
197 If there are difficulties, then write on the mailbox -
198 aoneder@mail.ru
199 Source:
200 https://id-ransomware.blogspot.co.il/2017/03/rozalocker-ransomware.html
201
202
203
204
205Name:
206 CryptoMeister
207 Â Ransomware
208 Month Detected: March 2017
209 Decrypt Key: not yet
210 Extension Ending: .
211 enc
212 Encryption: AES-128
213 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
214 ..
215 Note:
216 Blocked
217 Your computer has been blocked
218 All your files are encrypted. To access your PC, you need to send to
219 Bitcoin
220 at the address below
221 loading
222 Step 1: Go to
223 xxxxs
224 : //wvw.coinbase.com/
225 siqnup
226 Step 2: Create an account and follow the instructions
227 Step 3: Go to the "Buy
228 Bitcoins
229 " section and then buy
230 Bitcoin
231 Step 4: Go to the "Send"
232 section,
233 enter the address above and the amount (0.1
234 Bitcoin
235 )
236 Step 5: Click on the button below to verify the payment, your files will be decrypted and the virus will disappear
237 'Check'
238 If you try to bypass the lock, all files will be published on the Internet, as well as your login for all sites.
239 Source:
240 https://id-ransomware.blogspot.co.il/2017/03/cryptomeister-ransomware.html
241
242
243
244
245Name:
246 GGÂ Ransomware
247 Month Detected: March 2017
248 Decrypt Key: not yet
249 Extension Ending: .
250 GG
251 Encryption: AES-128
252 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
253 ..
254 Poses as
255 Hewlett-Packard 2016
256 .
257 Note:
258 n/a
259 Source:
260 https://id-ransomware.blogspot.co.il/2017/03/gg-ransomware.html
261
262
263
264
265Name:
266 Project34 Ransomware
267 Month Detected: March 2017
268 Decrypt Key: not yet
269 Extension Ending: .
270 Project34
271 Encryption: AES-128
272 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
273 ..
274 Note:
275 (TRANSLATED BY THE SITE
276 EDITOR)
277 YOUR FILES HAVE BEEN LOCKED WITH A PASSWORD
278 TO GET
279 THE
280 PASSWORD
281 WRITE TO US AT project34@india.com
282 WE WILL RESPOND TO YOU WITHIN 20 HOURS
283 IN A MESSAGE, SPECIFY YOUR IP ADDRESS
284 .
285 YOU CAN FIND OUT AT 2IP.RU
286 Source:
287 https://id-ransomware.blogspot.co.il/2017/03/project34-ransomware.html
288
289
290
291
292Name:
293 PetrWrap
294 Â Ransomware
295 Month Detected: March 2017
296 Decrypt Key: not yet
297 Extension Ending:
298 Encryption: AES-128
299 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
300 ..
301 Note:
302 https://1.bp.blogspot.com/-ZbWrN1LR-14/WMhPB7M8LBI/AAAAAAAAERQ/ZGG3RDHd8V0hwK_pf-vYChTn9VRpLBgNQCLcB/s1600/petya-based_ru_3.png
303 Source:
304 https://id-ransomware.blogspot.co.il/2017/03/petrwrap-ransomware.html
305 https://www.bleepingcomputer.com/news/security/petrwrap-ransomware-is-a-petya-offspring-used-in-targeted-attacks/
306 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-17th-2017-revenge-petrwrap-and-captain-kirk/
307
308
309
310
311Name:
312 Karmen
313 Â Ransomware
314 Month Detected: March 2017
315 Decrypt Key: not yet
316 Extension Ending:
317 .
318 grt
319 Encryption: AES-128
320 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
321 ..
322 Note:
323 https://3.bp.blogspot.com/-OmuOKzLOHnw/WMl74fSSaJI/AAAAAAAAESg/4CsOYOSuUeEhsO4jSi6k10sbb_1NnfYxACLcB/s1600/lock-screen.jpg
324 Source:
325 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-17th-2017-revenge-petrwrap-and-captain-kirk/
326 https://id-ransomware.blogspot.co.il/2017/03/karmen-ransomware.html
327
328
329
330
331Name:
332 Revenge Ransomware
333 Month Detected: March 2017
334 Decrypt Key: not yet
335 Shadow files deletion:
336 /C vssadmin.exe Delete Shadows /All /Quiet
337 /C
338 bcdedit
339 /set {default}
340 recoveryenabled
341 No
342 /C
343 bcdedit
344 /set {default}
345 bootstatuspolicy
346 ignoreallfailures
347 /C net stop
348 vss
349 /C vssadmin.exe Delete Shadows /All /Quiet
350 /C net stop
351 vss
352 Extension Ending:
353 .REVENGE
354 Encryption: AES-256 + RSA-1024
355 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
356 ..
357 Note:
358 https://2.bp.blogspot.com/-KkPVDxjy8tk/WM7LtYHmuAI/AAAAAAAAEUw/kDJghaq-j1AZuqjzqk2Fkxpp4yr9Yeb5wCLcB/s1600/revenge-note-2.jpg
359 ===ENGLISH===
360 All of your files were encrypted using REVENGE Ransomware.
361 The action required to restore the files.
362 Your files are not lost, they can be returned to their normal state by decoding them.
363 The only way to do this is to get the software and your personal decryption key.
364 Using any other software that claims to be able to recover your files will result in corrupted or destroyed files.
365 You can purchase the software and the decryption key by sending us an email with your ID.
366 And we send instructions for payment.
367 After payment, you receive the software to return all files.
368 For proof, we can decrypt one file for free. Attach it to an e-mail
369 .
370 Source:
371 https://www.bleepingcomputer.com/news/security/revenge-ransomware-a-cryptomix-variant-being-distributed-by-rig-exploit-kit/
372 https://id-ransomware.blogspot.co.il/2017/03/revenge-ransomware.html
373
374
375
376
377Name:
378 Turkish
379 FileEncryptor
380 Â Ransomware
381 Month Detected: March 2017
382 Decrypt Key: not yet
383 Extension Ending:
384 .encrypted
385 Encryption: AES
386 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
387 ..
388 Note:
389 https://2.bp.blogspot.com/-ccU4txzjpWg/WMl33c7YD3I/AAAAAAAAESU/moLHgQnVMYstKuHKuNgWKz8VbNv5ECdzACLcB/s1600/lock-note.jpg
390 FILES NUMBERED
391 Your local drives, network folders, your external drives are encrypted using 256-bit encryption
392 technology,
393 this means your files are encrypted with a key. They cannot be opened without buying a decryption program and a private key, after the purchase, our program decrypts all your files and they will work like before. If you do not buy the program within 24 hours, then all your files will be permanently deleted. See the "My Documents" folder for more information in the file "
394 Beni
395 Oku.txt".
396 Contact address: d3crypt0r@lelantos.org
397 BTC address: 13hp68keuvogyjhvlf7xqmeox8dpr8odx5
398 You have to pay at BTC to the above address $ 150
399 Bitcoin
400 You can do this by purchasing
401 Bitcoin
402 at www.localbitcoins.co
403 Information: Using a computer recovery does not help. Antivirus scanning does not help to recover files, but can lead to loss.
404 Source:
405 https://id-ransomware.blogspot.co.il/2017/03/turkish-fileencryptor.html
406 https://twitter.com/JakubKroustek/status/842034887397908480
407
408
409
410
411Name:
412 Kirk Ransomware & Spock
413 Decryptor
414 Month Detected: March 2017
415 Decrypt Key: not yet
416 Extension Ending: .
417 kirked
418 Encryption: AES
419 +RSA
420 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
421 ..
422 Note:
423 https://3.bp.blogspot.com/-USLFJX6OMD4/WMwmKIsJnEI/AAAAAAAAETQ/S8uzyHF5mWQZjra6EGBidZ6wqgzrNqIMgCLcB/s1600/full-ransom-note.png
424 !
425 IMPORTANT !
426 READ CAREFULLY:
427 Your computer has fallen victim to the Kirk malware and important files have been encrypted - locked up so they don't work. This may have broken some software, including games, office suites etc.
428 Here's a list of some the file extensions that were
429 targetted
430 :
431 ***
432 There are an additional 441 file extensions that are
433 targetted
434 . They are mostly to do with games.
435 To get your files back, you need to pay. Now. Payments
436 recieved
437 more than 48 hours after the time of infection will be charged double. Further time penalties are listed below. The time of infection has been logged.
438 Any files with the extensions listed above will now have the extra extension '.
439 kirked
440 ',
441 these files are encrypted using military grade encryption.
442 In the place you ran this program from, you should find a note (named RANSOM_NOTE.txt) similar to this one.
443 You will also find a file named '
444 pwd
445 ' - this is your encrypted password file. Although it was generated by your computer, you have no way of ever decrypting it. This is due to the security of both the way it was generated and the way it was encrypted. Your files were encrypted using this password.
446 SPOCK TO THE RESCUE!
447 "Logic, motherfucker." ~ Spock.
448 Decrypting your files is easy. Take a deep breath and follow the steps below.
449 1) Make the proper payment.
450 Payments are made in
451 Monero
452 . This is a crypto-currency, like
453 bitcoin
454 .
455 You can buy
456 Monero
457 , and send it, from the same places you can any other
458 crypto-currency
459 . If you're still unsure,
460 google
461 '
462 bitcoin
463 exchange'.
464 Sign up at one of these exchange sites and send the payment to the address below.
465 Make note of the payment / transaction ID, or make one up if you have the option.
466 Payment Address (
467 Monero
468 Wallet):
469 3000375
470 -199390
471 0
472 0
473 4AqSwfTexbNaHcn8giSJw3KPiWYHGBaCF9bdgPxvHbd5A8Q3Fc7n6FQCReEns8uEg8jUo4BeB79rwf4XSfQPVL1SKdVp2jz
474 Prices:
475 Days :
476 Monero
477 : Offer Expires
478 0-2 : 50 : 03/18/17 15:32:14
479 3-7 : 100 : 03/23/17 15:32:14
480 8-14 : 200 : 03/30/17 15:32:14
481 15-30 : 500 : 04/15/17 15:32:14
482 Note: In 31 days your password decryption key gets permanently deleted.
483 You then have no way to ever retrieve your files. So pay now.
484 2) Email us.
485 Send your
486 pwd
487 file as an email attachment to one of the email addresses below.
488 Include the payment ID from step 1.
489 Active email addresses:
490 kirk.help@scryptmail.com
491 kirk.payments@scryptmail.com
492 3) Decrypt your files.
493 You will
494 recieve
495 your decrypted password file and a program called 'Spock'.
496 Download these both to the same place and run Spock.
497 Spock reads in your decrypted password file and uses it to decrypt all of the
498 affected
499 files on your computer.
500 >
501 IMPORTANT !
502 The password is unique to this infection.
503 Using an old password or one from another machine will result in corrupted files.
504 Corrupted files cannot be retrieved.
505 Don't fuck around.
506 4) Breathe.
507 LIVE LONG AND PROSPER
508 Source:
509 https://id-ransomware.blogspot.co.il/2017/03/kirkspock-ransomware.html
510 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-17th-2017-revenge-petrwrap-and-captain-kirk/
511 https://www.bleepingcomputer.com/forums/t/642239/kirk-ransomware-help-support-topic-kirk-extension-ransom-notetxt/
512 http://www.networkworld.com/article/3182415/security/star-trek-themed-kirk-ransomware-has-spock-decryptor-demands-ransom-be-paid-in-monero.html
513 http://www.securityweek.com/star-trek-themed-kirk-ransomware-emerges
514 https://www.grahamcluley.com/kirk-ransomware-sports-star-trek-themed-decryptor-little-known-crypto-currency/
515
516
517
518
519Name:
520 ZinoCrypt
521 Â Ransomware
522 Month Detected: March 2017
523 Decrypt Key: not yet
524 Extension Ending:
525 .ZINO
526 Encryption: AES
527 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
528 The hacker spread the virus using email spam, fake updates, and harmful attachments.
529 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
530 ..
531 Note:
532 https://4.bp.blogspot.com/-t1Q-a7sJlag/WMw8MBNIrkI/AAAAAAAAET4/aycY-m5GXVYQjcbZJ8N0kIfUZ3onYt8AgCLcB/s1600/note.jpg
533 Source:
534 https://id-ransomware.blogspot.co.il/2017/03/zinocrypt-ransomware.html
535 https://twitter.com/demonslay335?lang=en
536
537
538
539
540Name:
541 Crptxxx
542 Â Ransomware
543 Month Detected: March 2017
544 Decrypt Key: not yet
545 Extension Ending:
546 .
547 crptxxx
548 Encryption: AES
549 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
550 The hacker spread the virus using email spam, fake updates, and harmful attachments.
551 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
552 ..
553 Note:
554 https://2.bp.blogspot.com/-itq9nR2EedY/WM2OPtDKCgI/AAAAAAAAEUI/KcC8vtnmlHENz0CSOvxqoYeZL8qdx1IZgCLcB/s1600/note_2.png
555 Source:
556 https://id-ransomware.blogspot.co.il/2017/03/crptxxx-ransomware.html
557 https://www.bleepingcomputer.com/forums/t/609690/ultracrypter-cryptxxx-ultradecrypter-ransomware-help-topic-crypt-cryp1/page-84
558 http://www.fixinfectedpc.com/uninstall-crptxxx-ransomware-from-pc
559
560
561
562
563Name:
564 MOTD Ransomware
565 Month Detected: March 2017
566 Decrypt Key: not yet
567 Extension Ending:
568 .
569 enc
570 Encryption: AES
571 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
572 The hacker spread the virus using email spam, fake updates, and harmful attachments.
573 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
574 ..
575 Note:
576 https://4.bp.blogspot.com/-suCNGXgzWuM/WM7HPujx_qI/AAAAAAAAEUk/gIvzbsbB_BUrBmmBsgpb_8w7zjwudu_mACLcB/s1600/note_2.png
577 Source:
578 https://id-ransomware.blogspot.co.il/2017/03/motd-ransomware.html
579 https://www.bleepingcomputer.com/forums/t/642409/motd-of-ransome-hostage/
580
581
582
583
584Name:
585 CryptoDevil
586 Ransomware
587 Month Detected: March 2017
588 Decrypt Key: not yet
589 Extension Ending:
590 .devil
591 Encryption: AES
592 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
593 The hacker spread the virus using email spam, fake updates, and harmful attachments.
594 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
595 ..
596 Note:
597 3876675
598 271145
599 0
600 0
601 https://1.bp.blogspot.com/-i5iUwC8XWDo/WM7dSVNQ8UI/AAAAAAAAEVY/uXmUErkLgHcWbfpdw1zGTvwY9DimiAH8wCLcB/s1600/lock-panel.jpg
602 https://1.bp.blogspot.com/-9ovaMSUgtFQ/WM7dXo84tlI/AAAAAAAAEVc/_Zx9gZuvHA0tU9-jtzP492bXa5fQiL7kgCLcB/s1600/key-price.jpg
603 Source:
604 https://id-ransomware.blogspot.co.il/2017/03/cryptodevil-ransomware.html
605
606
607
608
609Name:
610 FabSysCrypto
611 Ransomware
612 Month Detected: March
613 2017
614 Decrypt Key: not yet
615 Extension Ending:
616 .locked
617 Encry
618 ption: AES
619 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
620 The hacker spread the virus using email spam, fake updates, and harmful attachments.
621 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
622 ..
623 Note:
624 https://3.bp.blogspot.com/-QuBYcLAKRPU/WLnE3Rn3MhI/AAAAAAAAEH4/WnC5Ke11j4MO7wmnfqBhtA-hpx6YN6TBgCLcB/s1600/note_2.png
625 Source:
626 https://id-ransomware.blogspot.co.il/2017/03/fabsyscrypto-ransomware.html
627
628
629
630
631Name:
632 Lock2017 Ransomware
633 Month Detected: March 2017
634 Decrypt Key: not yet
635 Extension Ending:
636 [file_name.file_ext].id-[UserID]__contact_me_lock2017@protonmail.com_or_lock2017@unseen.is
637 Encry
638 ption:
639 Â AES+RSA
640 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
641 The hacker spread the virus using email spam, fake updates, and harmful attachments.
642 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
643 ..
644 Note:
645 https://4.bp.blogspot.com/-FllHGqIx_JQ/WL1QF2uMCCI/AAAAAAAAEJQ/Fn-8j2t8dwgSo8YTHM1iOkL-3U_hbcaKwCLcB/s1600/Note_2.png
646 Source:
647 https://id-ransomware.blogspot.co.il/2017/03/lock2017-ransomware.html
648
649
650
651
652Name:
653 RedAnts
654 Â Ransomware
655 Month Detected: March 2017
656 Decrypt Key: not yet
657 Extension Ending:
658 .
659 Horas
660 -Bah
661 Encryption: AES
662 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
663 The hacker spread the virus using email spam, fake updates, and harmful attachments.
664 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
665 ..
666 Note:
667 n/a
668 Source:
669 https://id-ransomware.blogspot.co.il/2017/03/redants-ransomware.html
670
671
672
673
674Name:
675 ConsoleApplication1Â Ransomware
676 Month Detected: March 2017
677 Decrypt Key: not yet
678 Extension Ending:
679 .locked
680 Encryption: AES
681 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
682 The hacker spread the virus using email spam, fake updates, and harmful attachments.
683 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
684 ..
685 Note:
686 n/a
687 Source:
688 https://id-ransomware.blogspot.co.il/2017/03/consoleapplication1-ransomware.html
689
690
691
692
693Name:
694 KRider
695 Ransomware
696 Month Detected: March 2017
697 Decrypt Key: not yet
698 Extension Ending:
699 .kr3
700 Encryption: AES
701 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
702 The hacker spread the virus using email spam, fake updates, and harmful attachments.
703 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
704 ..
705 Note:
706 n/a
707 Source:
708 https://id-ransomware.blogspot.co.il/2017/03/krider-ransomware.html
709
710
711
712
713Name:
714 CYR-Locker Ransomware
715 (FAKE)
716 Month Detected: February 2017
717 Decrypt Key: not yet
718 Extension Ending:
719 n/a
720 Encry
721 ption: n/a
722 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
723 The hacker spread the virus using email spam, fake updates, and harmful attachments.
724 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
725 ..
726 The following note is what you get if you put in the wrong key code:
727 https://3.bp.blogspot.com/-qsS0x-tHx00/WLM3kkKWKAI/AAAAAAAAEDg/Zhy3eYf-ek8fY5uM0yHs7E0fEFg2AXG-gCLcB/s1600/failed-key.jpg
728 Note:
729 Source:
730 https://id-ransomware.blogspot.co.il/search?updated-min=2017-01-01T00:00:00-08:00&updated-max=2018-01-01T00:00:00-08:00&max-results=50
731
732
733
734
735Name:
736 DotRansomware
737 Month Detected: February 2017
738 Decrypt Key: not yet
739 Extension Ending: .locked
740 Encry
741 ption: AES
742 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
743 The hacker spread the virus using email spam, fake updates, and harmful attachments.
744 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
745 ..
746 Note:
747 DotRansomware
748 Setup Guide
749 Attention!!!
750 We recommend you to build your ransomware inside virtual machine!
751 (But it is safe to use builder on your PC, just don't run
752 builded
753 exe file on your PC!)
754 Recommendation:
755 If you have got possibility to run ransomware on victim's computer with
756 administrator
757 privileges then do it.
758 Because it will provide better conversion.
759 Recommended decryption price: 0.1
760 Recommended special decryption prices:
761 FR|0.15|FI|0.15|IE|0.15|IS|0.15|AU|0.15|BE|0.15|CA|0.15|AT|0.15|DK|0.15|SE|0.15|DE|0.15|NL|0.15|SA|0.2|US|0.2|HK|0.2|LU|0.2|CH|0.2|NO|0.2|AE|0.2|SG|0.2|KW|0.2|MO|0.2|QA|0.2
762 Recommended attacked extensions: ***
763 Recommendation:
764 You need to test
765 builded
766 exe file inside virtual machine, because operability can be broken after crypt/pack of core!
767 Links to website: ***
768 https://4.bp.blogspot.com/-BoKI2-Lhsp8/WLHq34zCtdI/AAAAAAAAECo/YkfIG29vRRsLvdn51ctrMEypptRzZS2IgCLcB/s1600/raas.png
769 Source:
770 https://id-ransomware.blogspot.co.il/2017/02/dotransomware.html
771
772
773
774
775Name:
776 Unlock26 Ransomware
777 Month Detected: February 2017
778 Decrypt Key: not yet
779 Extension Ending:
780 .locked-[3_random_chars]
781 Encryption: AES
782 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
783 The hacker spread the virus using email spam, fake updates, and harmful attachments.
784 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
785 ..
786 Note:
787 https://4.bp.blogspot.com/-92aP_sumdLo/WLAy3D2kLvI/AAAAAAAAEAQ/FA1j--rOIygsNbDAWqrDqufT7zSwuEnvQCLcB/s1600/note-html_2.png
788 https://3.bp.blogspot.com/-E1vV0sqaw2o/WLB1OvOLCPI/AAAAAAAAEAg/D4OkAOBT_uM4DeVS1hAu6eBGcmga8CSYwCLcB/s1600/site1.png
789 Source:
790 https://id-ransomware.blogspot.co.il/2017/02/unlock26-ransomware.html
791
792
793
794
795Name:
796 Pickels
797 Ransomware
798 Month Detected: February 2017
799 Decrypt Key: not yet
800 Extension Ending:
801 .
802 EnCrYpTeD
803 Encryption: AES
804 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
805 The hacker spread the virus using email spam, fake updates, and harmful attachments.
806 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
807 ..
808 Note:
809 Source:
810 https://id-ransomware.blogspot.co.il/2017/02/pickles-ransomware.html
811
812
813
814
815Name:
816 Vanguard Ransomware
817 Month Detected: February 2017
818 Decrypt Key: not yet
819 Extension Ending:
820 Encry
821 ption: ChaCha20 and
822 Poly1305
823 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
824 The hacker spread the virus using email spam, fake updates, and harmful attachments.
825 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
826 ..
827 This ransomware poses at MSOffice to fool users into opening the infected file.
828 Note:
829 NOT
830 YOUR
831 LANGUAGE? https://translate.google.com
832 Your personal files and documents have been encrypted with AES-256 and RSA-2048!
833 Decrypting your files is only possible with decrypt key stored on our server.
834 Price for key is %
835 bitcoin
836 % BTC (
837 Bitcoin
838 ).
839 1. Send %
840 bitcoin
841 % BTC to %
842 bitcoinaddress
843 %
844 http://www.coindesk.com/information/how-can-i-buy-bitcoins/
845 https://www.bitcoin.com/buy-bitcoin
846 2. Wait some time for transaction to process
847 3. PRIVATE KEY WILL BE DOWNLOADED AND SYSTEM WILL AUTOMATICALLY DECRYPT YOUR FILES!
848 If you do not pay within %
849 hoursvalid
850 %
851 hours
852 key will become DESTROYED and your files LOST forever!
853 Removing this software will make recovering
854 files
855 IMPOSSIBLE! Disable your antivirus for safety.
856 Source:
857 https://id-ransomware.blogspot.co.il/2017/02/vanguard-ransomware.html
858
859
860
861
862Name:
863 PyL33TÂ Ransomware
864 Month Detected: February 2017
865 Decrypt Key: not yet
866 Extension Ending:
867 .d4nk
868 Encryption: ChaCha20 and Poly1305
869 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
870 The hacker spread the virus using email spam, fake updates, and harmful attachments.
871 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
872 ..
873 Note:
874 ATTENTION
875 You Have Been Infected With Ransomware.
876 Please Make Note of Your Unique
877 Idenfier
878 : ***
879 Source:
880 https://id-ransomware.blogspot.co.il/2017/02/pyl33t-ransomware.html
881
882
883
884
885Name:
886 TrumpLocker
887 Ransomware
888 Month Detected: February 2017
889 Decrypt Key: not yet
890 Extension Ending:
891 .
892 trumplockerf
893 Encry
894 ption: AES-128
895 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
896 The hacker spread the virus using email spam, fake updates, and harmful attachments.
897 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
898 ..
899 This is the old
900 VenusLocker
901 in
902 disquise
903 .
904 To delete shadow files use the following commend:
905 C:\\Windows\\system32\\wbem\\wmic.exe
906 shadowcopy
907 delete&exit
908 https://2.bp.blogspot.com/-8qIiBHnE9yU/WK1mZn3LgwI/AAAAAAAAD-M/ZKl7_Iwr1agYtlVO3HXaUrwitcowp5_NQCLcB/s1600/lock.jpg
909 Note:
910 https://www.bleepstatic.com/images/news/u/986406/Ransomware/TrumpLocker/TrumpLocker-wallpaper.jpg
911 Source:
912 https://www.bleepingcomputer.com/news/security/new-trump-locker-ransomware-is-a-fraud-just-venuslocker-in-disguise/
913 https://id-ransomware.blogspot.co.il/2017/02/trumplocker.html
914 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-24th-2017-trump-locker-macos-rw-and-cryptomix/
915
916
917
918
919Name:
920 Damage Ransomware
921 Month Detected: February 2017
922 Decrypt Key: not yet
923 Extension Ending:
924 .damage
925 Encryption: AES-128
926 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
927 The hacker spread the virus using email spam, fake updates, and harmful attachments.
928 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
929 ..
930 Note:
931 TtWGgOd57SvPlkgZ***
932 ==========
933 end
934 of
935 secret_key
936 To restore your files - send e-mail to damage@india.com
937 Source:
938 https://id-ransomware.blogspot.co.il/2017/02/damage-ransomware.html
939
940
941
942
943Name:
944 YouAreFu
945 cked
946 Â Ransomware
947 Month Detected: February 2017
948 Decrypt Key: not yet
949 Extension Ending:
950 your files get marked with: “
951 youarefucked
952 â€
953 Encryption: AES-128
954 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
955 The hacker spread the virus using email spam, fake updates, and harmful attachments.
956 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
957 ..
958 Note:
959 https://1.bp.blogspot.com/-S0-Bop8XUgk/WLD_RVgldgI/AAAAAAAAEBU/r2LmgjTHUbMTtIKGH2pHdKfFXcUEOQdMgCLcB/s1600/lock-act2.png
960 Source:
961 https://www.enigmasoftware.com/youarefuckedransomware-removal/
962 Name: :
963 XYZWare
964 Â Ransomware
965 Month Detected: February 2017
966 Decrypt Key: not yet
967 Extension Ending: your files get marked with: “
968 youarefucked
969 â€
970 Encryption: AES-128
971 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
972 The hacker spread the virus using email spam, fake updates, and harmful attachments.
973 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
974 ..
975 Note:
976 All your files
977 has
978 been encrypted with RSA-2048 and AES-128.
979 There is no way to decrypt without private key and decrypt program. You can buy the private key and the decrypt program just for 0.2 BTC (
980 Bitcoin
981 )
982 You have 48 hours to buy it. After that, your private key will
983 gone
984 and we can't guarantee to decrypt.
985 Email me for more information about how to buy it at cyberking@indonesianbacktrack.or.id
986 Source:
987 https://id-ransomware.blogspot.co.il/2017/02/xyzware-ransomware.html
988
989
990
991
992Name:
993 CryptConsole
994 2.0Â Ransomware
995 Month Detected: February 2017
996 Decrypt Key: not yet
997 Extension Ending:
998 Sample of a decrypted file:
999 setup.ini -> something_ne@india.com
1000 _73657475702E696E69
1001 Encry
1002 ption: AES
1003 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
1004 The hacker spread the virus using email spam, fake updates, and harmful attachments.
1005 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
1006 ..
1007 Note:
1008 https://4.bp.blogspot.com/-M2CMU8RPgqw/WLfqOCgNXrI/AAAAAAAAEGA/W-uAf30qQgoZxqRwblUcSKzYrM5QmcLfgCLcB/s1600/note-html_2.png
1009 Source:
1010 https://id-ransomware.blogspot.co.il/2017/02/cryptconsole-2-ransomware.html
1011
1012
1013
1014
1015Name:
1016 CryptoLocker
1017 by NTKÂ Ransomware
1018 Month Detected: February 2017
1019 Decrypt Key:
1020 http://decryptors.blogspot.co.il/2017/02/stupid-decrypter.html
1021 Extension Ending:
1022 Encryption: AES
1023 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
1024 The hacker spread the virus using email spam, fake updates, and harmful attachments.
1025 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
1026 ..
1027 Note:
1028 https://2.bp.blogspot.com/-hvTBarxSO8Y/WKs5kjdpgDI/AAAAAAAAD9Q/m3louiSE6xY0BcGjnWvg_NNDU6K1ok3ggCLcB/s1600/lock.jpg
1029 Source:
1030 https://id-ransomware.blogspot.co.il/2017/02/cryptolocker-by-ntk-ransomware.html
1031
1032
1033
1034
1035Name:
1036 BarRax
1037 Â Ransomware or
1038 BarRaxCrypt
1039 Â Ransomware
1040 Month Detected: February 2017
1041 Decrypt Key:
1042 not yet
1043 Extension Ending:
1044 .
1045 barRex
1046 Encryption: AES
1047 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
1048 The hacker spread the virus using email spam, fake updates, and harmful attachments.
1049 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
1050 ..
1051 Note:
1052 n/a
1053 Source:
1054 https://id-ransomware.blogspot.co.il/2017/02/barraxcrypt-ransomware.html
1055
1056
1057
1058
1059Name:
1060 UserFilesLocker
1061 Â Ransomware
1062 or
1063 CzechoSlovak
1064 Â Ransomware
1065 Month Detected: February 2017
1066 Decrypt Key: not yet
1067 Extension Ending:
1068 .ENCR
1069 Encryption: Â AES-256+RSA
1070 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
1071 The hacker spread the virus using email spam, fake updates, and harmful attachments.
1072 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
1073 ..
1074 Note:
1075 All of your personal information, unfortunately for you,
1076 were
1077 encrypted
1078 Step 1 - PAYMENT
1079 Step 2 - Tell us
1080 Step 3 - Data Recovery
1081 Your data and files were encrypted, unfortunately, you need our key. For the encryption each key is unique AES-256 is created on the computer. At the moment, all the files are already encrypted and the keys securely stored in an encrypted form with RSA-2048.
1082 Only one way you can recover your files - make payment in
1083 Bitcoins
1084 and get our key for decryption. Do not believe in any fairy tales on the Internet, it can be circumvented if it was easy, a lot of things in the world stopped working.
1085 Pay according to the instructions, click through the tabs, and wait for your keys. We value the market professional customer service and reputation, so will try to unlock your files as soon as possible.
1086 Payment Amount: 0
1087 ,8
1088 BTC
1089 Payment Amount: 2.1 BTC (another option)
1090 https://3.bp.blogspot.com/-0D8XdlTNIsA/WLXFiBWz5II/AAAAAAAAEFQ/Hojw0BHHysUieiCnidoVwTrqXVCckLkSQCLcB/s1600/lock-screen.jpg
1091 Source:
1092 https://id-ransomware.blogspot.co.il/2017/02/userfileslocker-ransomware.html
1093
1094
1095
1096
1097Name:
1098 AvastVirusinfo
1099 Â Ransomware
1100 Month Detected: February 2017
1101 Decrypt Key: not yet
1102 Extension Ending:
1103 .A9v9Ahu4
1104 -000
1105 Encryption: Â AES-256+RSA
1106 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
1107 The hacker spread the virus using email spam, fake updates, and harmful attachments.
1108 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
1109 ..
1110 PAYING RANSOM IS
1111 USELESS,
1112 YOUR FILES WILL NOT BE FIXED. THE DAMAGE IS PERMENENT!!!!
1113 Note:
1114 N/A
1115 Source:
1116 https://id-ransomware.blogspot.co.il/2017_03_01_archive.html
1117 https://id-ransomware.blogspot.co.il/2017/03/avastvirusinfo-ransomware.html
1118
1119
1120
1121
1122Name:
1123 FabSysCrypto
1124 Ransomware
1125 Month Detected: February 2017
1126 Decrypt Key: not yet
1127 Extension Ending:
1128 Encryption: Â AES-256+RSA
1129 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
1130 The hacker spread the virus using email spam, fake updates, and harmful attachments.
1131 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
1132 ..
1133 Note:
1134 https://3.bp.blogspot.com/-QuBYcLAKRPU/WLnE3Rn3MhI/AAAAAAAAEH4/WnC5Ke11j4MO7wmnfqBhtA-hpx6YN6TBgCLcB/s1600/note_2.png
1135 Source:
1136 https://id-ransomware.blogspot.co.il/2017/03/fabsyscrypto-ransomware.html
1137
1138
1139
1140
1141Name:
1142 SuchSecurity
1143 Â Ransomware
1144 Month Detected: February 2017
1145 Decrypt Key: not yet
1146 Extension Ending:
1147 Encryption: Â
1148 AES
1149 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
1150 The hacker spread the virus using email spam, fake updates, and harmful attachments.
1151 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
1152 ..
1153 Note:
1154 https://2.bp.blogspot.com/-OCBIabrrZNg/WLm1RGFVKEI/AAAAAAAAEHY/1MASb-0Y7jsBlE2TzyqgknrfDhuEsNx2gCLcB/s1600/Screenshot_1.png
1155 Source:
1156 https://id-ransomware.blogspot.co.il/2017/03/suchsecurity-ransomware.html
1157
1158
1159
1160
1161Name:
1162 PleaseRead
1163 Ransomware or
1164 VHDLocker
1165 Ransomware
1166 Month Detected: February
1167 2017
1168 Decrypt Key: not yet
1169 Extension Ending: n/a
1170 Encryption: AES-256
1171 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
1172 ..
1173 Note:
1174 https://2.bp.blogspot.com/-viZiAZr3_ns/WKrIDWEEBXI/AAAAAAAAD8c/8n1RJ9m2Odoe3bvMMmIm421NdxS-OIRzQCLcB/s1600/note_2.png
1175 Source:
1176 https://id-ransomware.blogspot.co.il/2017/02/vhd-ransomware.html
1177
1178
1179
1180
1181Name:
1182 Kasiski
1183 Ransomware
1184 Month Detected: February 2017
1185 Decrypt Key: not yet
1186 Extension Ending:
1187 [
1188 KASISKI]
1189 Encryption:
1190 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
1191 ..
1192 Note:
1193 https://2.bp.blogspot.com/-ehXlWPLxtR8/WKdHF_Y-MeI/AAAAAAAAD5A/KKXO-S9OtMQAcNM-IOV2ees8qKlAJ3pzACLcB/s1600/note.jpg
1194 Source:
1195 https://id-ransomware.blogspot.co.il/2017/02/kasiski-ransomware.html
1196 https://twitter.com/MarceloRivero/status/832302976744173570
1197 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-17th-2017-live-hermes-reversing-and-scada-poc-ransomware/
1198
1199
1200
1201
1202Name:
1203 Fake
1204 Locky
1205 Ransomware
1206 or
1207 Locky
1208 Impersonator Ransomware
1209 Month Detected: February 2017
1210 Decrypt Key: not yet
1211 Extension Ending:
1212 .locked
1213 Encryption:
1214 AES
1215 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
1216 ..
1217 Note:
1218 Files has been encrypted with
1219 Locky
1220 Ransomware, Do not alter your files or you will not be able to recover anything nobody will be able to recover your data since its set to AES-256 and requires our Key
1221 Send me 1.0
1222 bitcoins
1223 Send payment to this Address: 13DYdAKb8nfo1AYeGpJXwKZYupyeqYu2QZ
1224 For Instructions on how to Purchase & send
1225 bitcoin
1226 refer to this
1227 link :
1228 ***
1229 for
1230 support Email: lockyransomware666@sigaint.net
1231 After 48 Hours your ransom doubles to 2.0 BTC
1232 After 72 Hours we will delete your recovery keys
1233 Source
1234 :
1235 https://www.bleepingcomputer.com/news/security/the-locky-ransomware-encrypts-local-files-and-unmapped-network-shares/
1236 https://id-ransomware.blogspot.co.il/2017/02/locky-impersonator.html
1237 https://www.bleepingcomputer.com/news/security/locky-ransomware-switches-to-thor-extension-after-being-a-bad-malware/
1238
1239
1240
1241
1242Name:
1243 CryptoShield
1244 1.0 Ransomware
1245 Month Detected: January 2017
1246 Decrypt Key:
1247 CryptoMix
1248 Â >Â
1249 HYPERLINK "http://id-ransomware.blogspot.ru/2017/01/cryptoshield-ransomware.html" \t "_blank"
1250 CryptoShield
1251 1.0
1252 Â >
1253 CryptoShield
1254 2.0Â
1255 Extension Ending: .CRYPTOSHIELD (The name is first changed using ROT-13, and after a new extension is added.)
1256 Encryption: AES-256
1257 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
1258 ..
1259 CryptoShield
1260 1.0 is a ransomware from the
1261 CryptoMix
1262 family.
1263 Note:
1264 # RESTORING FILES #.txt
1265 # RESTORING FILES #.html
1266 https://2.bp.blogspot.com/-A-N9zQgZrhE/WJHAHzuitvI/AAAAAAAADhI/AHkLaL9blZgqQWc-sTevVRTxVRttbugoQCLcB/s1600/note-2.png
1267 Sources:
1268 https://id-ransomware.blogspot.co.il/2017/02/cryptoshield-2-ransomware.html
1269 https://www.bleepingcomputer.com/news/security/cryptomix-variant-named-cryptoshield-1-0-ransomware-distributed-by-exploit-kits/
1270
1271
1272
1273
1274Name:
1275 Hermes Ransomware
1276 Month Detected: February 2017
1277 Decrypt Key:
1278 (Watch video in the link below)
1279 https://www.bleepingcomputer.com/news/security/hermes-ransomware-decrypted-in-live-video-by-emsisofts-fabian-wosar/
1280 Extension Ending: .locked
1281 Encryption: AES
1282 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
1283 ..
1284 Note:
1285 https://4.bp.blogspot.com/-nzY6thZOXSk/WKbYmWxa0rI/AAAAAAAAD3s/t_3d90FGOe8je8rfeeYLF1jzJinG5JMVgCLcB/s1600/note_2_2.png
1286 https://3.bp.blogspot.com/-Yisae5e5Pjs/WKbXmIXU8YI/AAAAAAAAD3g/WZs5XzL4l4snT2j4yfc3CAaF7KonH_DQACLcB/s1600/note_1.png
1287 Source:
1288 https://id-ransomware.blogspot.co.il/2017/02/hermes-ransomware.html
1289 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-17th-2017-live-hermes-reversing-and-scada-poc-ransomware/
1290
1291
1292
1293
1294Name:
1295 LoveLock
1296 RansomwareÂ
1297 or
1298 Love2Lock Ransomware
1299 Month Detected: February 2017
1300 Decrypt Key: not yet
1301 Extension Ending:
1302 .hasp
1303 Encryption: AES
1304 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
1305 ..
1306 Note:
1307 https://3.bp.blogspot.com/-YdCKWLUFBOo/WKRCD2BLzTI/AAAAAAAAD14/BPtYMLvQpEMAbT-ZdiCVPi_LZCrXYJMhwCLcB/s1600/ReadME%2521.txt.jpg
1308 Source:
1309 https://id-ransomware.blogspot.co.il/2017/02/lovelock-ransomware.html
1310
1311
1312
1313
1314Name:
1315 Wcry
1316 Ransomware
1317 Month Detected: February 2017
1318 Decrypt Key: not yet
1319 Extension Ending:
1320 .
1321 wcry
1322 Encryption: AES
1323 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
1324 ..
1325 Note:
1326 https://1.bp.blogspot.com/-iUq492KUatk/WKH-GXnO4-I/AAAAAAAADzw/9uwo1LF5ciIvMJ6jAn3mskSqtdiTkxvlACLcB/s1600/lock-note.jpg
1327 Source:
1328 https://id-ransomware.blogspot.co.il/2017/02/wcry-ransomware.html
1329
1330
1331
1332
1333Name:
1334 DUMB Ransomware
1335 Month Detected: February 2017
1336 Decrypt Key: not yet
1337 Extension Ending
1338 :
1339 .
1340 Encryption: AES
1341 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
1342 ..
1343 Note:
1344 https://2.bp.blogspot.com/-_Udncaac_gM/WKROBN00ORI/AAAAAAAAD2U/HsHkEspG85YSfPg-8MbPYYTYmBU4PAJAgCLcB/s1600/note_2.png
1345 https://4.bp.blogspot.com/-Vx9ZtCODajg/WKiMr2QX5cI/AAAAAAAAD64/QAh37o_CRIImaxUfIhoEh8qE4JLn5HaNwCLcB/s1600/dumb.jpg
1346 Source:
1347 https://id-ransomware.blogspot.co.il/2017/02/dumb-ransomware.html
1348 https://twitter.com/bleepincomputer/status/816053140147597312?lang=en
1349
1350
1351
1352
1353Name: X-Files
1354 Month Detected: February
1355 2017
1356 Decrypt Key: not yet
1357 Extension Ending:
1358 .b0C
1359 Â
1360 or
1361 Â
1362 b0C.x
1363 Encryption: AES
1364 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
1365 ..
1366 Note: n/a
1367 Source:
1368 https://id-ransomware.blogspot.co.il/2017_02_01_archive.html
1369 https://id-ransomware.blogspot.co.il/2017/02/x-files-ransomware.html
1370
1371
1372
1373
1374Name:
1375 Polski
1376 Ransomware
1377 Month Detected: February
1378 2017
1379 Decrypt Key:
1380 not yet
1381 Extension Ending: .
1382 aes
1383 Encryption: AES
1384 -256
1385 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
1386 ..
1387 The Ransom is 249$ and the hacker demands that the victim gets in contact through e-mail and a Polish messenger called
1388 Gadu-Gadu
1389 .
1390 Note:
1391 https://1.bp.blogspot.com/-ahpZEI1FHQM/WJd7_dpYlyI/AAAAAAAADm8/4-nFXqc9bjEI93VDJRdsLSlBOwQiaM7swCLcB/s1600/note.jpg
1392 Source:
1393 https://id-ransomware.blogspot.co.il/2017/02/polski-ransomware.html
1394 Name:
1395 :
1396 YourRansom
1397 Ransomware
1398 Month Detected: February 2016
1399 Decrypt Key: not yet
1400 Extension Ending: .
1401 yourransom
1402 Encryption: AES-256
1403 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
1404 ..
1405 This hacker demands that the victim contacts him through email and decrypts the files for FREE.
1406 (
1407 more
1408 info in the link below)
1409 Note:
1410 https://4.bp.blogspot.com/-dFQlF_6uTkI/WJYigC5GwiI/AAAAAAAADlk/jm-ZwqJ2mVYd2gtAQgYW_lOd78u5N2x0ACLcB/s1600/note_2.png
1411 Source:
1412 https://id-ransomware.blogspot.co.il/2017/02/yourransom-ransomware.html
1413 Here is all the information on this educational or not so funny prank ransomware:
1414 https://www.bleepingcomputer.com/news/security/yourransom-is-the-latest-in-a-long-line-of-prank-and-educational-ransomware/
1415 Name: :
1416 Ranion
1417 Raas
1418 Ransomware
1419 Month Detected: February 2016
1420 Decrypt Key: not yet
1421 Extension Ending
1422 : .
1423 Encryption: AES-256
1424 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
1425 ..
1426 Ranion
1427 Raas
1428 gives the opportunity to regular people to buy and distribute ransomware for a very cheap price. (More info in the link below).
1429 Note:
1430 https://3.bp.blogspot.com/-ORiqmM6oWXc/WJV7X4IvTWI/AAAAAAAADlE/wXvz5Hsv1gQ-UrLoA1plVjLTVD7iDDxwQCLcB/s1600/buy_2.png
1431 Sources:
1432 https://id-ransomware.blogspot.co.il/2017/02/ranion-raas.html
1433 More info:
1434 https://www.bleepingcomputer.com/news/security/ranion-ransomware-as-a-service-available-on-the-dark-web-for-educational-purposes/
1435 Name: :
1436 Potato Ransomware
1437 Month detected:
1438 January 2017
1439 Decrypt Key: No
1440 t yet
1441 Extension ending:
1442 .potato
1443 Encrypsion
1444 type:
1445 AES-256
1446 About:
1447 Wants a ransom to get
1448 the
1449 victim’s
1450 files
1451 back
1452 . Originated in
1453 English
1454 . Spread worldwide.
1455 Note:
1456 How to recover my files.txt, README.png, README.html
1457 https://2.bp.blogspot.com/-E9GDxEoz95k/WIop79nWZ2I/AAAAAAAADZU/CnsvOl96yesoH07BZ2Q05Fp40kLcTMmqQCLcB/s1600/note.jpg
1458 Kidnapper’s site:
1459 https://1.bp.blogspot.com/-57Ub8RNt4Nw/WIopxahy2TI/AAAAAAAADZQ/faNyU5K0qPoeIeT4kF5OHM9i8GjwJ44gwCLcB/s1600/tor-site.png
1460 How it’s spread?
1461 Spread with the help of e-mail spam, fake ads,
1462 fake
1463 updates.
1464 More info:
1465 http://www.im-infected.com/ransomware/remove-potato-ransomware-virus.html
1466 Reference:
1467 https://id-ransomware.blogspot.co.il/2017/01/polato-ransomware.html
1468 Name: of Ransomware:
1469 OpenToYou
1470 (Formerly known as
1471 OpenToDecrypt
1472 )
1473 Created: December 2016/
1474 January 2017
1475 Decrypt Code:
1476 https://decryptors.blogspot.co.il/2017/01/opentoyou-decrypter.html
1477 Extension ending:
1478 .-opentoyou@india.com
1479 Encryption Type: RC4
1480 About: This ransomware is originated in English, therefore could be used worldwide.
1481 Note
1482 : !!!.txt
1483 and screen lock, which becomes
1484 workdesk’s
1485 wallpaper. (files 1.bmp or 1.jpg)
1486 https://3.bp.blogspot.com/-RPeHrC9Trqk/WGk1kQlBQQI/AAAAAAAAC6o/FutnWrlUf44hq54_xI_6Uz2migCR0rwlwCLcB/s1600/Note-wallp.jpg
1487 Note contains:
1488 Your files are encrypted!
1489 To decrypt write on email - opentoyou@india.com
1490 Identification key - 5E1C0884
1491 Spreads: Ransomware is spread with the help of email spam, fake ads, fake updates, infected install files.
1492 Reference:
1493 https://id-ransomware.blogspot.co.il/2017/01/opentodecrypt-ransomware.html
1494
1495
1496
1497
1498Name:
1499 RansomPlus
1500 Month detected: January 2017
1501 Decrypt Key
1502 : not yet
1503 Extension Ending: .encrypted
1504 Encryption Type: AES
1505 About: Author of this ransomware is
1506 sergej
1507 . Ransom is 0.25
1508 bitcoins
1509 for the return of files. Originated in English. Used worldwide.
1510 Ransom note:
1511 YOUR FILES ARE ENCRYPTED
1512 !!!.txt
1513 https://2.bp.blogspot.com/-uIb_TdWTk3Q/WI2qRSlsXJI/AAAAAAAADcE/h92XEY6AraQMUwEIOBZ9moxN1J2So8xpwCLcB/s1600/note_2.png
1514 Note contains:
1515 YOUR FILES ARE ENCRYPTED!!!
1516 To restore (decrypt) them you must
1517 :
1518 1. Pay 0.25
1519 bitcoin
1520 (
1521 btc
1522 ) to address 36QLSB***
1523 You can get BTC on this site http://localbitcoins.com
1524 2. After payment you must send
1525 Bitcoin
1526 Transacation
1527 ID to E-mail: andresaha82@gmail.com
1528 Then we will send you decryption tool.
1529 More information:
1530 http://www.2-spyware.com/remove-ransomplus-ransomware-virus.html
1531 Spreads:
1532 This r
1533 ansomware is spread with the help of email spam, fake ads, fake updates, infected install files.
1534 Sources/reference:
1535 https://id-ransomware.blogspot.co.il/2017/01/ransomplus-ransomware.html
1536
1537
1538
1539
1540Name:
1541 CryptConsole
1542 Month detected: January 2017
1543 Decryption Key:
1544 https://decryptors.blogspot.co.il/2017/01/cryptconsole-decrypter.html
1545 (
1546 decrypt
1547 in Russian, please use translator)
1548 Extension ending: The following style of encryption is added to the supposed encrypted files,
1549 .unCrypte@outlook.com_<random_numbers_and_upper_alphabetic_characters>Â
1550 .decipher_ne@outlook.com_<random_numbers_and_upper_alphabetic_characters
1551 >
1552 Exapmple
1553 :
1554 unCrypte@outlook.com_91CFABE91D02B572FFD6EBFABCFC123D86DBCEAB5B33902D229477A5020C40A188EE08194D0301838C914FD6CF94DD48
1555 left
1556 top
1557 https://4.bp.blogspot.com/-aU7F5LNrRjo/WIuQ7UYHCNI/AAAAAAAADbc/qYR2F9pFc1McO3EIY-oCS4aDizFnuoBZwCLcB/s1600/files.png
1558 Encryption Type: AES
1559 About:
1560 This ransomware does not actually encrypt your file, but only changes the names of your files, just like Globe Ransomware.
1561 Note:
1562 How decrypt files.hta
1563 Your files are encrypted!
1564 Your
1565 personal ID764F6A6664514B414373673170615339554A534A5832546A55487169644B4A35
1566 Discovered a serious vulnerability in your network security.
1567 No data was stolen and no one will be able to do it while they are encrypted.
1568 For you we have automatic
1569 decryptor
1570 and instructions for remediation.
1571 How to get the automatic
1572 decryptor
1573 :
1574 1) Pay 0
1575 ,25
1576 BTC
1577 Buy BTC on one of these sites:
1578 https://localbitcoins.com
1579 https://www.coinbase.com
1580 https://xchange.cc
1581 bitcoin
1582 adress
1583 for pay:
1584 1KG8rWYWRYHfvjVe8ddEyJNCg6HxVWYSQm
1585 Send 0
1586 ,25
1587 BTC
1588 2) Send screenshot of payment to unCrypte@outlook.com. In the letter include your personal ID (look at the beginning of this document).
1589 3) You will receive automatic
1590 decryptor
1591 and all files will be restored
1592 * To be sure in getting the decryption, you can send one file (less than 10MB) to unCrypte@outlook.com
1593 In
1594 the letter include your personal ID (look at the beginning of this document). But this action will increase the cost of the automatic
1595 decryptor
1596 on 0
1597 ,25
1598 btc
1599 ...
1600 Attention!
1601 • No Payment = No decryption
1602 • You really get the
1603 decryptor
1604 after payment
1605 • Do not attempt to remove the program or run the anti-virus tools
1606 • Attempts to self-decrypting files will result in the loss of your data
1607 • Decoders other users are not compatible with your data, because each user's unique encryption key
1608 https://4.bp.blogspot.com/-aU7F5LNrRjo/WIuQ7UYHCNI/AAAAAAAADbc/qYR2F9pFc1McO3EIY-oCS4aDizFnuoBZwCLcB/s1600/files.png
1609 Sources/reference
1610 https://id-ransomware.blogspot.co.il/2017/01/cryptconsole-ransomware.html
1611 Spreads:
1612 This ransomware is spread with the help of email spam, fake ads, fake
1613 updates, infected install files
1614
1615
1616
1617
1618Name: ZXZ
1619 Ramsomware
1620 Month Detected: January 2017
1621 Decrypt Key: Not yet
1622 Extension ending: .
1623 zxz
1624 Encryption type: n/a
1625 Note: n/a
1626 About: Originated in English, could affect users worldwide,
1627 however
1628 so far only reports from Saudi Arabia. T
1629 he malware name found
1630 ed by a windows server tools
1631 is called win32/
1632 wagcrypt.A
1633 Sources/References
1634 https://www.bleepingcomputer.com/forums/t/638191/zxz-ransomware-support-help-topic-zxz/?hl=%2Bzxz#entry4168310
1635 https://id-ransomware.blogspot.co.il/2017/01/zxz-ransomware.html
1636
1637
1638
1639
1640Name:
1641 VxLock
1642 Ransomware
1643 Month detected: January 2017
1644 Decrypt Key: not yet
1645 Extension Ending: .
1646 vxlock
1647 Encryption Type:
1648 AES+RSA
1649 About: Developed in Visual Studios in 2010. Original name is
1650 VxCrypt
1651 . This ransomware encrypts your files, including photos, music, MS office, Open Office, PDF…
1652 etc
1653 Note: n/a
1654 https://id-ransomware.blogspot.co.il/2017/01/vxlock-ransomware.html
1655
1656
1657
1658
1659Name:
1660 FunFact
1661 Ransomware
1662 Month Detected: January 2017
1663 Decryption key: not yet
1664 Extension ending:
1665 clsign.dll
1666 ??
1667 Encryption type:
1668 AES+RSA
1669 About:
1670 Funfact
1671 uses an open code for GNU Privacy Guard (
1672 GnuPG
1673 ), then asks to email them to find out the
1674 amout
1675 of
1676 bitcoin
1677 to send (to receive a decrypt code). Written in English, can attach all over the world.
1678 The ransom is
1679 1.22038 BTC
1680 , which is 1100USD.
1681 Note:
1682 note.iti
1683 left
1684 top
1685 https://4.bp.blogspot.com/-9ZHb1mXEcyM/WIjqOnDOnmI/AAAAAAAADYw/Ix0x6RN2Y2E_6jr7gAgAQzoJ29ve1G6LACLcB/s320/note_2.png
1686 Important Information!!!!
1687 You had bad luck. All your files are encrypted with RSA and AES ciphers.
1688 to
1689 get your files back read carefully.
1690 if
1691 you do not understand, Read again. All your documents are recoverable only with our software and key file.
1692 To decrypt files you need to contact worldfunfact@sigaint.org or funfacts11@tutanota.com and set your ID as email title and send clsign.dll file from your computer. That is the key file and yes, it’s encrypted. Search your computer for filename “clsign.dllâ€
1693 attach
1694 it to email. Â
1695 if
1696 you wish we will decrypt one of your encrypted file for free! It’s your guarantee. After you made payment you will receive decryption software with key and necessary instructions.
1697 if
1698 you don’t contact us within 72 hours we will turn on sanctions.
1699 you’ll
1700 have to pay more. Recovery is only possible during 7 days.
1701 after
1702 that don’t contact us.
1703 Remember you are just single payment away from all your files
1704 If your files are urgent pay exactly requested amount to
1705 Bitcoin
1706 (
1707 BTC) address and send clsign.dll file to us. We will send your decryption software within 24 hours; remember if you contact us first maybe you’ll have to pay less
1708 User ID: 658061***
1709 BTC Address: 1AQrj***
1710 Amount(BTC): 1.65806
1711 -----BEGIN PGP PUBLIC KEY BLOCK-----
1712 Version:
1713 GnuPG
1714 v2
1715 *******************************
1716 -----END PGP PUBLIC KEY BLOCK-----
1717 Sources/References
1718 https://id-ransomware.blogspot.co.il/2017/01/funfact.html
1719 http://www.enigmasoftware.com/funfactransomware-removal/
1720
1721
1722
1723
1724Name:
1725 ZekwaCrypt
1726 Ransomware
1727 Month Detected:
1728 January 2017
1729 Decrypt Key
1730 : not yet
1731 Extension Ending
1732 : .<7_random_letters>
1733 For
1734 exemple
1735 : a file named dark.png will become “
1736 dark.png.zfgxvbo
1737 â€
1738 Encryption
1739 :
1740 AES+RSA
1741 About:
1742 First spotted in May 2016, however made a big comeback in January 2017. It’s directed to English speaking users, therefore is able to infect worldwide.
1743 Note:
1744 encrypted_readme.txt
1745 _<encrypt extensions>_encrypted_readme.txtÂ
1746 https://2.bp.blogspot.com/-CLo4JTpveKY/WI4sVXEQSPI/AAAAAAAADcU/n8qrwehDEQMlG845cjNow_fC4PDqlvPIQCLcB/s1600/note_2.png
1747 WARNING! Your personal files are encrypted!
1748 Your
1749 most important files on this computer have been encrypted: photos,Â
1750 documents, videos, music, etc. You can verify this by trying to open such files.Â
1751 Encryption was produced using an UNIQUE public RSA-4096 key, speciallyÂ
1752 generated for this computer only,
1753 thus making it impossible to decrypt suchÂ
1754 files
1755 without knowing private key and comprehensive decipher software. We have left on our server a copy of the private key, along with all required software for the decryption. To make sure that software is working as intended you have a possibility to decrypt one file for free, see contacts below.Â
1756 The private key will be destroyed after 7 days, afterwards making it impossibleÂ
1757 to decrypt your files.
1758 Encryption date: ***
1759 Private key destruction date: ***
1760 For
1761 obtaining decryption software, please, contact: myserverdoctor@gmail.com or XMPP jabber: doctordisk@jabbim.com
1762 Spreads: Ransomware is spread with the help of email spam, fake ads, fake updates, infected install files.
1763 Sources/References
1764 https://id-ransomware.blogspot.co.il/2016/06/zekwacrypt-ransomware.html
1765 http://www.2-spyware.com/remove-zekwacrypt-ransomware-virus.html
1766
1767
1768
1769
1770Name:
1771 Sage 2.0 Ransomware
1772 Month Detected:
1773 January 2017
1774 Decrypt Key
1775 :
1776 not yet
1777 Extension Ending
1778 :
1779 .sage
1780 Encryption
1781 :
1782 AES
1783 About:
1784 It’s directed to English speaking users, therefore is able to infect worldwide.
1785 This ransomware attacks your
1786 MS Office by offering a Micro to help with your program, but instead
1787 incrypts
1788 all your files if the used id not protected.
1789 Note:
1790 https://2.bp.blogspot.com/-6YhxRaqa_9Q/WISA9dW31bI/AAAAAAAADUE/78mNNKpPMyc2Gzi1N9CooyQp7RNT40NNgCLcB/s1600/note1_2.png
1791 https://1.bp.blogspot.com/-_c5vGu4nCvE/WIT_pWP_FSI/AAAAAAAADUs/8hK8a4E48sY3U_aAHC2qNzYDBL0bQcNjgCLcB/s1600/note-wallp111.png
1792 Sources:
1793 https://id-ransomware.blogspot.co.il/2017/01/sage-2-ransomware.html
1794 More information:
1795 https://isc.sans.edu/forums/diary/Sage+20+Ransomware/21959/
1796 http://www.securityweek.com/sage-20-ransomware-demands-2000-ransom
1797
1798
1799
1800
1801Name:
1802 CloudSword
1803 Ransomware
1804 Month Detected: January 2017
1805 Decrypt Key: not yet
1806 Extension Ending:
1807 Encryption: AES
1808 About: It’s directed to English speaking users, therefore is able to infect worldwide.
1809 Uses the name “Window Update†to confuse its victims. Then imitates the window update process , while turning off the Window
1810 Startup
1811 Repair
1812 and changes the
1813 BootStatusPolicy
1814 using these commands:
1815 bcdedit.exe /set {default}
1816 recoveryenabled
1817 No
1818 Â bcdedit.exe /set {default}
1819 bootstatuspolicy
1820 ignoreallfailures
1821 Note:
1822 Warning
1823 è¦å‘Š
1824 .html
1825 https://4.bp.blogspot.com/-OTxFEWf7LiY/WIO0rJmBgJI/AAAAAAAADTQ/U3BLcd2-CPQQ_73eIKIyg28cKFmw4nctgCLcB/s1600/note.jpg
1826 Sources:
1827 https://id-ransomware.blogspot.co.il/2017/01/cloudsword.html
1828 http://bestsecuritysearch.com/cloudsword-ransomware-virus-removal-steps-protection-updates/
1829 Name: :
1830 DN
1831 or
1832 DoNotOpen
1833 Ransomware
1834 Month Detected: January 2017
1835 Decrypt Key: M4N1F3STO >
1836 Manifestus
1837 >Â DN Ransomware
1838 Extension Ending: .
1839 killedXXX
1840 Encryption: AES
1841 About: It’s directed to English speaking users, therefore is able to infect worldwide. Uses the name “
1842 Chrome
1843 Update†to confuse its victims.
1844 Then imitates the chrome
1845 update
1846 process ,
1847 while
1848 encrypting the files. DO NOT pay the ransom, since
1849 YOUR COMPUTER WILL NOT BE RESTORED FROM THIS MALWARE
1850 !!!!
1851 Note:
1852 https://2.bp.blogspot.com/-llR46G5zOBE/WIJuTTHImXI/AAAAAAAADS8/Ww_QU1Z7Q3geZgiSStJB3siO3oQJpIcowCLcB/s1600/note.jpg
1853 https://4.bp.blogspot.com/-ilIaUD5qOuk/WIJuV1TuC1I/AAAAAAAADTA/SOj8St_qXMsgDexK1BGgZT0yFDkNDz_7QCLcB/s1600/lock.jpg
1854 Sources:
1855 https://id-ransomware.blogspot.co.il/2017/01/dn-donotopen.html
1856
1857
1858
1859
1860Name:
1861 GarryWeber
1862 Ransomware
1863 Month Detected: January 2017
1864 Decrypt Key:
1865 not yet
1866 Extension Ending: .id-<ID>_garryweber@protonmail.ch
1867 Encryption: AES
1868 About:
1869 It’s directed to English speaking users, therefore is able to infect worldwide
1870 . Its original name is
1871 FileSpy
1872 and
1873 FileSpy
1874 Application. It is spread using email spam, fake updates,
1875 infected
1876 attachments and so on. It
1877 encryps
1878 all your files, including: music, MS Office, Open Office, pictures etc
1879 ..
1880 Note:
1881 HOW_OPEN_FILES.html
1882 https://1.bp.blogspot.com/-w6lxK0qHj8A/WIO_iAngUzI/AAAAAAAADTk/dLGlrwwOh508AlG2ojLRszpUxL0tHrtSQCLcB/s1600/note-html.jpg
1883 https://1.bp.blogspot.com/-w6lxK0qHj8A/WIO_iAngUzI/AAAAAAAADTk/dLGlrwwOh508AlG2ojLRszpUxL0tHrtSQCLcB/s1600/note-html.jpg
1884 Sources:
1885 https://id-ransomware.blogspot.co.il/2017/01/garryweber.html
1886
1887
1888
1889
1890Name:
1891 Satan
1892 Ransomware
1893 Month Detected: January 2017
1894 Decrypt Key: possible
1895 Extension Ending:
1896 .
1897 stn
1898 Encryption: AES-256 + RSA-2048
1899 About:
1900 It’s directed to English speaking users, therefore is able to infect worldwide. Its original name is
1901 RAAS RANSOMWARE
1902 . It is spread using email spam, fake updates,
1903 infected
1904 attachments and so on. It
1905 encryps
1906 all your files, including: music, MS Office, Open Office, pictures etc
1907 ..
1908 This ransomware promotes other to download viruses and spread them as ransomware to infect other users and keep 70% of the ransom. (
1909 leaving
1910 the other 30% to Satan)
1911 left
1912 top
1913 https://3.bp.blogspot.com/-7fwX40eYL18/WH-tfpNjDgI/AAAAAAAADPk/KVP_ji8lR0gENCMYhb324mfzIFFpiaOwACLcB/s1600/site-raas.gif
1914 Note:
1915 https://1.bp.blogspot.com/-5BgSHIym-8Y/WIH92q4ymHI/AAAAAAAADSk/MF2T-mmhuY4irQZFqmpGZjmUI2onlNCyACLcB/s1600/ransom-note.png
1916 Sources:
1917 https://id-ransomware.blogspot.co.il/2017/01/satan-raas.html
1918 https://www.bleepingcomputer.com/forums/t/637811/satan-ransomware-help-support-topic-stn-extension-help-decrypt-fileshtml/
1919 More info:
1920 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-20th-2017-satan-raas-spora-locky-and-more/
1921 https://www.bleepingcomputer.com/news/security/new-satan-ransomware-available-through-a-ransomware-as-a-service-/
1922 https://twitter.com/Xylit0l/status/821757718885236740
1923 https://www.bleepingcomputer.com/news/security/new-satan-ransomware-available-through-a-ransomware-as-a-service-/
1924
1925
1926
1927
1928Name:
1929 Havoc or
1930 HavocCrypt
1931 Ransomware
1932 Month Detected: January 2017
1933 Decrypt Key:
1934 not yet
1935 Extension Ending:
1936 .
1937 HavocCrypt
1938 Â
1939 Encryption: AES
1940 About: It’s directed to English speaking users, therefore is able to infect worldwide
1941 .
1942 It is spread using email spam, fake updates,
1943 infected
1944 attachments and so on. It
1945 encrypts
1946 all your files, including: music, MS Office, Open Office, pictures
1947 , videos, shared online files
1948 etc
1949 ..
1950 Note:
1951 https://2.bp.blogspot.com/-Xs7yigomWw8/WH0mqn0QJLI/AAAAAAAADKA/0Fk5QroMsgQ3AsXbHsbVtopcJN4qzDgdACLcB/s1600/note.jpg
1952 Sources:
1953 https://id-ransomware.blogspot.co.il/2017/01/havoc-ransomware.html
1954
1955
1956
1957
1958Name:
1959 CryptoSweetTooth
1960 Ransomware
1961 Month Detected: January 2017
1962 Decrypt Key:
1963 HiddenTear
1964 >>
1965 CryptoSweetTooth
1966 Â
1967 Extension Ending:
1968 .locked
1969 Â
1970 Encryption: AES
1971 About: It’s directed to English speaking users, therefore is able to infect worldwide
1972 . It is spread using email spam, fake upda
1973 tes,
1974 attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
1975 ..
1976 Its fake name is
1977 Bitcoin
1978 and maker’s name is Santiago.
1979 Work of the encrypted requires the user to have .NET Framework 4.5.2. on his computer.
1980 Note:
1981 IMPORTANTE_LEER.html
1982 RECUPERAR_ARCHIVOS.html
1983 https://3.bp.blogspot.com/-KE6dziEK4To/WHnvPzKOs7I/AAAAAAAADHI/KPBjmO9iChgAa12-f1VOxF49Pv27-0XfQCLcB/s1600/note.jpg
1984 Sources:
1985 https://id-ransomware.blogspot.co.il/2017/01/cryptosweettooth.html
1986 http://sensorstechforum.com/remove-cryptosweettooth-ransomware-restore-locked-files/
1987 Name:
1988 :
1989 Kaandsona
1990 Ransomware
1991 or
1992 RansomTroll
1993 Ransomware
1994 Month Detected: January 2017
1995 Decrypt Key:
1996 not yet
1997 Extension Ending: .
1998 kencf
1999 Encryption: AES
2000 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2001 ..
2002 The work
2003 Kaandsona
2004 is Estonian, therefore the creator is probably from Estonia.
2005 Note:
2006 https://4.bp.blogspot.com/-v3jncd77m3U/WHkjPoEusKI/AAAAAAAADGE/xJOIgzm-ST0L4kpNeThKTyfukq3e1Th-QCLcB/s1600/troll-22.png
2007 You have been struck by the holy
2008 Kaandsona
2009 ransomware
2010 Either you pay 1 BTC in 24 hours or you lose ALL FILES
2011 button
2012 'Show all encrypted files'
2013 button
2014 'PAY'
2015 Sources:
2016 https://id-ransomware.blogspot.co.il/2017/01/kaandsona-ransomtroll.html
2017
2018
2019
2020
2021Name:
2022 LambdaLocker
2023 Ransomware
2024 Month Detected: January 2017
2025 Decrypt Key: not yet
2026 Extension Ending:
2027 .lambda_l0cked
2028 Encryption: AES
2029 About: It’s directed to English
2030 and Chinese
2031 speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2032 ..
2033 Note:
2034 READ_IT.hTmL
2035 https://1.bp.blogspot.com/-B3o6bGziu_M/WHkyueI902I/AAAAAAAADGw/la7psCE9JEEe17GipFh69xVnIDYGFF38wCLcB/s1600/note-1-2.gif
2036 Sources:
2037 https://id-ransomware.blogspot.co.il/2017/01/lambdalocker.html
2038 http://cfoc.org/how-to-restore-files-affected-by-the-lambdalocker-ransomware/
2039 Name: :
2040 NMoreia
2041 2.0 Ransomware
2042 or
2043 HakunaMatata
2044 Ransomware
2045 Month Detected: January 2017
2046 Decrypt Key:
2047 Â
2048 HYPERLINK "https://id-ransomware.blogspot.ru/2016/11/nmoreira-ransomware.html" \t "_blank"
2049 NMoreia
2050 Â >
2051 NMoreia
2052 2.0.Â
2053 Extension Ending: .
2054 HakunaMatata
2055 Encryption: AES
2056 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2057 ..
2058 Note:
2059 Recovers files yako.html
2060 https://4.bp.blogspot.com/-DUXeyyzqwKs/WHkrGvLyFvI/AAAAAAAADGg/SPfrNMZYGs8edE7X5z-3MBroIqS5GQ8kACLcB/s1600/note_1-str_2.png
2061 Sources:
2062 https://id-ransomware.blogspot.co.il/2017/01/hakunamatata.html
2063 https://id-ransomware.blogspot.co.il/2016_03_01_archive.html
2064
2065
2066
2067
2068Name:
2069 Marlboro Ransomware
2070 Month Detected: January 2017
2071 Decrypt Key:
2072 Â
2073 https://decryptors.blogspot.co.il/2017/01/marlboro-decrypter.html
2074 (
2075 in
2076 Russian please use translator)
2077 Extension Ending: .
2078 oops
2079 Encryption:
2080 RSA-2048 and
2081 AES-128
2082 (really it’s just XOR)
2083 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2084 ..
2085 Ransom is .2
2086 bitcoin
2087 ,
2088 however there is no point of even trying to pay, since this damage is irreversible. Once the ransom is paid the hacker does not return decrypt the files.
2089 Another name is
2090 DeMarlboro
2091 and it is written in language C++.
2092 Note:
2093 https://4.bp.blogspot.com/-7UmhPM2VSKY/WHe5tDsHfuI/AAAAAAAADFM/FRdUnAyxAggvF0hX0adtrpq48F7HXPbawCLcB/s1600/check-decrypt.png
2094 Beware of an attachment
2095 like the one shown
2096 below
2097 :
2098 Do not follow the instructions. Delete the source of the documents
2099 and just in case always back
2100 up your files and update all your programs.
2101 https://1.bp.blogspot.com/-MWRTa6aXtdk/WHflJFyb-GI/AAAAAAAADFs/dc-l-RrWSCAPE8akw2SCb1uuj-a-2shiwCLcB/s1600/docm.png
2102 Sources:
2103 https://id-ransomware.blogspot.co.il/2017/01/marlboro.html
2104
2105
2106
2107
2108Name:
2109 Spora
2110 Ransomware
2111 Month Detected: January 2017
2112 Decrypt Key:
2113 Â
2114 https://xn--b1aew.xn--p1ai/
2115 request_main
2116 Extension Ending:
2117 n/a
2118 Encryption: AES+RSA
2119 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2120 ..
2121 Sample of a spam email with a viral attachment:
2122 https://4.bp.blogspot.com/-KkJXiHG80S0/WHX4TBpkamI/AAAAAAAADDg/F_bN796ndMYnzfUsgSWMXhRxFf3Ic-HtACLcB/s1600/spam-email.png
2123 Note:
2124 https://1.bp.blogspot.com/-0COE3ADdaYk/WHpnHzuo7OI/AAAAAAAADHY/yfDF3XG720Yyn3xQHwFngt1T99cT-Xt3wCLcB/s1600/rus-note_2.png
2125 Sources and more detailed info (in Russian, please use a translator):
2126 https://id-ransomware.blogspot.co.il/2017/01/spora-ransomware.html
2127 Name:
2128 :
2129 CryptoKill
2130 Ransomware
2131 Month Detected: January 2017
2132 Decrypt Key:
2133 n/a
2134 Extension Ending:
2135 .crypto
2136 Encryption: AES+RSA
2137 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2138 ..
2139 The files get encrypted, but the decrypt key is not available
2140 . NO POINT OF PAYING THE RANSOM, THE FILES WILL NOT BE RETURNED.
2141 Note: n/a
2142 Source:
2143 https://id-ransomware.blogspot.co.il/2017/02/cryptokill-ransomware.html
2144
2145
2146
2147
2148Name:
2149 All_Your_Documents
2150 Â Ransomware
2151 Month Detected: January 2017
2152 Decrypt Key: n/a
2153 Extension Ending:
2154 none
2155 Encryption: AES+RSA
2156 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2157 ..
2158 Note:
2159 https://2.bp.blogspot.com/-mwIvQNkFH4g/WKAydZnGn_I/AAAAAAAADxs/6xHgbD3OUFUbebeuNVkI6tp_cMRVUQHtQCLcB/s1600/note_2.png
2160 Source:
2161 https://id-ransomware.blogspot.co.il/2017/02/allyourdocuments-ransomware.html
2162
2163
2164
2165
2166Name:
2167 SerbRansom
2168 2017 Ransomware
2169 Month Detected: January 2017
2170 Decrypt Key: n/a
2171 Extension Ending:
2172 .
2173 velikasrbija
2174 Encryption: AES
2175 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2176 ..
2177 The ransom is 500$ in
2178 bitcoins
2179 . The name of the hacker is
2180 R4z0rx0r Serbian Hacker
2181 .
2182 Note:
2183 https://3.bp.blogspot.com/-OY8jgTN5Y9Q/WKAI6a9xfMI/AAAAAAAADwc/ng36hAXsvfYQ5rdkSFeVgEvLY88pJmnWACLcB/s1600/note-html-wallp.jpg
2184 https://3.bp.blogspot.com/-DQQ5tk0C9lY/WKALND0dYPI/AAAAAAAADwo/EuKiO_F0Mn0ImrGLVE-Sks-j93pHoTjKACLcB/s1600/konstr.jpg
2185 Source:
2186 https://id-ransomware.blogspot.co.il/2017/02/serbransom-2017.html
2187 https://www.bleepingcomputer.com/news/security/ultranationalist-developer-behind-serbransom-ransomware/
2188 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-10th-2017-serpent-spora-id-ransomware/
2189 Name: :
2190 Fadesoft
2191 Ransomware
2192 Month Detected: January 2017
2193 Decrypt Key: not yet
2194 Extension Ending:
2195 n/a
2196 Encryption: AES
2197 About:
2198 It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2199 ..
2200 The ransom is 0.33
2201 bitcoins
2202 .
2203 Note:
2204 https://1.bp.blogspot.com/-5t-5eBl4Tng/WKARmYV5GVI/AAAAAAAADxA/OuS7Eo__z1sh2tRbBpQIxJQ6IVbSiQakwCLcB/s1600/lock-note.jpg
2205 Source:
2206 https://id-ransomware.blogspot.co.il/2017/02/fadesoft-ransomware.html
2207 Name: :
2208 HugeMe
2209 Ransomware
2210 Month Detected: January 2017
2211 Decrypt Key: not yet
2212 Extension Ending:
2213 .
2214 encypted
2215 Encryption: AES-256 +Â RSA-2048
2216 About:
2217 It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2218 ..
2219 Note:
2220 https://4.bp.blogspot.com/-kolk6sABFzQ/WJ95ddcAxNI/AAAAAAAADwI/oP8ZFD7KnqoQWgpfgEHId843x3l0xfhjACLcB/s1600/note_2.png
2221 Source:
2222 https://id-ransomware.blogspot.co.il/2017/02/hugeme-ransomware.html
2223 https://www.ozbargain.com.au/node/228888?page=3
2224 https://id-ransomware.blogspot.co.il/2016/04/magic-ransomware.html
2225 Name: :
2226 DynA
2227 -Crypt Ransomware
2228 or
2229 DynA
2230 CryptoLocker
2231 Ransomware
2232 Month Detected: January 2017
2233 Decrypt Key: not yet
2234 Extension Ending:
2235 .crypt
2236 Encryption: AES-256 +Â RSA-2048
2237 About:
2238 It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2239 ..
2240 Note:
2241 https://2.bp.blogspot.com/-Qx8RhielSbI/WJypR9Zw9nI/AAAAAAAADus/Opsfy8FxRIIBmouywdl7uT94ZpfwKr6JACLcB/s1600/note.jpg
2242 Source:
2243 https://id-ransomware.blogspot.co.il/2017/02/dyna-crypt-ransomware.html
2244 Name: :
2245 Serpent 2017 Ransomware or
2246 Serpent Danish Ransomware
2247 Month Detected: January 2017
2248 Decrypt Key: not yet
2249 Extension Ending: .crypt
2250 Encryption: AES-256 +Â RSA-2048
2251 About:
2252 It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2253 ..
2254 Note:
2255 ==== NEED HELP WITH TRANSLATE? USE https://translate.google.com ====
2256 ================ PLEASE READ THIS MESSAGE CAREFULLY ================
2257 Your documents, photos, videos, databases and other important files have been encrypted!
2258 The files have been encrypted using AES256 and RSA2048 encryption (unbreakable)
2259 To decrypt your files you need to buy the special software 'Serpent
2260 Decrypter
2261 '.
2262 You can buy this software on one of the websites below.
2263 xxxx://vdpbkmwbnp.pw/00000000-00000000-00000000-00000000
2264 xxxx://hnxrvobhgm.pw/00000000-00000000-00000000-00000000
2265 If the websites above do not work you can use a special website on the TOR network. Follow the steps below
2266 1. Download the TOR browser https://www.torproject.org/projects/torbrowser.html.en#downloads
2267 2. Inside the TOR browser
2268 brower
2269 navigate
2270 to :
2271 3o4kqe6khkfgx25g.onion/00000000-00000000-00000000-00000000
2272 3. Follow the instructions to buy 'Serpent
2273 Decrypter
2274 '
2275 ================ PLEASE READ THIS MESSAGE CAREFULLY ================
2276 Source:
2277 https://id-ransomware.blogspot.co.il/2017/02/serpent-danish-ransomware.html
2278 Name: :
2279 Erebus 2017 Ransomware
2280 Month Detected: January 2017
2281 Decrypt Key: not yet
2282 Extension Ending:
2283 none
2284 Encryption:
2285 ROT-23
2286 About:
2287 It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2288 ..
2289 Note:
2290 https://1.bp.blogspot.com/-tAp9wE6CJxM/WJrvOOyIfRI/AAAAAAAADts/iMfaiDRyRcQuPXgtQV--qt7q8ZI3ZV0tQCLcB/s1600/note1%252B.jpg
2291 Source:
2292 https://id-ransomware.blogspot.co.il/2017/02/erebus-2017-ransomware.html
2293 Name: :
2294 Cyber Drill Exercise
2295 or
2296 Ransomuhahawhere
2297 Month Detected: January 2017
2298 Decrypt Key: not yet
2299 Extension Ending:
2300 .locked
2301 Encryption:
2302 n/a
2303 About:
2304 It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2305 ..
2306 https://1.bp.blogspot.com/-7KRVg6kt418/WJnwxDOV5NI/AAAAAAAADrk/or9DbPMl-7ksN7OwIAH6BMJwE5fGc_BfgCLcB/s1600/note_2.png
2307 Note:
2308 left
2309 top
2310 Source:
2311 https://id-ransomware.blogspot.co.il/2017/02/ransomuhahawhere.html
2312 Name:
2313 : Cancer Ransomware
2314 FAKE
2315 Month Detected:
2316 February
2317 2017
2318 Decrypt Key: not yet
2319 Extension Ending:
2320 .cancer
2321 Encryption: n/a
2322 About:
2323 It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on
2324 . This is a
2325 trollware
2326 that does not encrypt your files but makes your computer act crazy (like in the video in the link below). It is meant to be annoying and it is hard to erase from your PC, but possible.
2327 Note:
2328 https://4.bp.blogspot.com/-ozPs6mwKfEI/WJjTwbrOx9I/AAAAAAAADqE/4gewG-f_dLQQDevajtn8CnX69lvWgCZQACLcB/s1600/wallp.jpg
2329 Source:
2330 https://id-ransomware.blogspot.co.il/2017/02/cancer-ransomware.html
2331 More info in English and video to see how it affects your computer:
2332 https://www.bleepingcomputer.com/news/security/watch-your-computer-go-bonkers-with-cancer-trollware/
2333 Name: :
2334 UpdateHost
2335 Ransomware
2336 Month Detected: January 2017
2337 Decrypt Key: not yet
2338 Extension Ending:
2339 .locked
2340 Encryption: AES
2341 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2342 ..
2343 Poses as Microsoft Copyright 2017 and requests ransom in
2344 bitcoins
2345 .
2346 Note:
2347 https://1.bp.blogspot.com/-BOmKmroIvEI/WJn-LAUmyyI/AAAAAAAADsI/W987TEaOnEAd45AOxO1cFyFvxEx_RfehgCLcB/s1600/note_2.png
2348 Source:
2349 https://id-ransomware.blogspot.co.il/2017/02/updatehost-ransomware.html
2350 https://www.bleepingcomputer.com/startups/Windows_Update_Host-16362.html
2351 Name: :
2352 Month Detected: January 2017
2353 Decrypt Key: not yet
2354 Extension Ending: .locked
2355 Encryption: AES
2356 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2357 ..
2358
2359
2360
2361
2362Name:
2363 Nemesis Ransomware
2364 Month Detected: January 2017
2365 Decrypt Key
2366 : not yet
2367 Extension Ending:
2368 .v8dp
2369 Encryption:
2370 AES
2371 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2372 ..
2373 Ransom is 10
2374 bitcoins
2375 .
2376 Note:
2377 https://4.bp.blogspot.com/-dLSbqOiIbLU/WHPh-akYinI/AAAAAAAADC0/6nFQClDBJ5M7ZhrjkhnxfkdboOh7SlE-ACLcB/s1600/v5YZMxt.jpg
2378 Sources:
2379 https://id-ransomware.blogspot.co.il/2017/01/nemesis-ransomware.html
2380
2381
2382
2383
2384Name:
2385 Evil Ransomware
2386 or
2387 File0Locked KZÂ Ransomware
2388 Month Detected: January 2017
2389 Decrypt Key: not yet
2390 Extension Ending:
2391 .
2392 file0locked
2393 Encryption: AES
2394 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2395 ..
2396 Domain KZ is used, therefore it is assumed that the
2397 decrypter
2398 is from Kazakhstan.
2399 Note:
2400 HOW_TO_DECRYPT_YOUR_FILES.TXT
2401 HOW_TO_DECRYPT_YOUR_FILES.HTML
2402 https://3.bp.blogspot.com/-0NFy_yDghZ0/WHO_ClbPdMI/AAAAAAAADCQ/RX2cgYg3z381gro6UUQtAED7JgXHbvGLgCLcB/s1600/note-txt_2.png
2403 https://4.bp.blogspot.com/-xxJ9xdRuWis/WHO_FL-hWcI/AAAAAAAADCU/VqI02AhzopQY1WKk-k6QYSdHFWFzg1NcACLcB/s1600/note_2.png
2404 Sources and other info:
2405 https://id-ransomware.blogspot.co.il/2017/01/evil-ransomware.html
2406 http://www.enigmasoftware.com/evilransomware-removal/
2407 http://usproins.com/evil-ransomware-is-lurking/
2408 Note:
2409 Ocelot Ransomware
2410 or
2411 Ocelot Locker Ransomware
2412 (
2413 FAKE RAN
2414 SOMWARE
2415 )
2416 Month Detected: January 2017
2417 Decrypt Key:
2418 Not necessary
2419 Extension Ending:
2420 none
2421 Encryption:
2422 none
2423 About: It’s directed to English speaking users, therefore is able to infect worldwide.
2424 This is a fake ransomware. You files are not really encrypted, however the attacker does ask for a ransom of .03
2425 bitcoins
2426 . It is still dangerous even though it is fake, he still go through to your computer.
2427 Note:
2428 https://1.bp.blogspot.com/-3iMAtqvAmts/WHEyA_dW5OI/AAAAAAAADAY/tE5FtaVMJcc3aQQvWI4XOdjtvbXufFgywCLcB/s1600/lock1.jpg
2429 After receiving the payment, the
2430 victom
2431 gets the following note:
2432 https://3.bp.blogspot.com/-DMxJm5GT0VY/WHEyEOi_vZI/AAAAAAAADAc/6Zi3IBuBz1I7jdQHcSrzhUGagGCUfs6iACLcB/s1600/lock2.jpg
2433 Sources:
2434 https://id-ransomware.blogspot.co.il/2017/01/ocelot-ransomware.html
2435
2436
2437
2438
2439Name:
2440 SkyName:
2441 Ransomware
2442 or
2443 Blablabla
2444 Ransomware
2445 Month Detected: January 2017
2446 Decrypt Key:
2447 HiddenTear
2448 >>Â
2449 SkyName:
2450 Extension Ending:
2451 n/a
2452 Encryption: AES
2453 About: It’s directed to Czechoslovakian
2454 speaking user
2455 s
2456 . It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2457 ..
2458 Note:
2459 INFOK1.txt
2460 https://1.bp.blogspot.com/-i4ksJq-UzX8/WHFFXQL5wAI/AAAAAAAADA8/awfsqj1lr7IMBAPtE0tB44PNf1N6zkGDwCLcB/s1600/note_2.png
2461 https://1.bp.blogspot.com/-OlKgHvtAUHg/WHFDCx4thaI/AAAAAAAADAw/wzBXV17Xh-saaFGlrxw3CDNhGSTaVe2dQCLcB/s1600/lock1.jpg
2462 Sources:
2463 https://id-ransomware.blogspot.co.il/2017/01/skyname-ransomware.html
2464 Note:
2465 MafiaWare
2466 Ransomware
2467 or
2468 Depsex
2469 Ransomware
2470 Month Detected: January 2017
2471 Decrypt Key:
2472 HiddenTear
2473 >>Â
2474 MafiaWare
2475 Extension Ending: .
2476 locked-by-mafia
2477 Encryption: AES
2478 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2479 ..
2480 Ransom is 155$ in
2481 bitcoins
2482 . Creator of ransomware is called Mafia.
2483 Note:
2484 https://2.bp.blogspot.com/-BclLp7x1sUM/WG6acqtDBbI/AAAAAAAAC_I/ToVEXx-G2DcKD4d7TZ0RkVqA1wRicxnZQCLcB/s1600/note_2.png
2485 Sources and for more info:
2486 https://id-ransomware.blogspot.co.il/2017/01/mafiaware.html
2487 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-6th-2017-fsociety-mongodb-pseudo-darkleech-and-more/
2488
2489
2490
2491
2492Name: Globe3 Ransomware
2493 Month Detected: January 2017
2494 Decrypt Key:
2495 https://decrypter.emsisoft.com/howtos/emsisoft_howto_globe3.pdf
2496 Extension Ending:
2497 .decrypt2017
2498 .
2499 hnumkhotep
2500 .
2501 badnews
2502 .globe
2503 Encryption: AES-256+RSA
2504 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2505 ..
2506 Ransom is 3
2507 bitcoins
2508 .
2509 Note:
2510 How To Recover Encrypted Files.hta
2511 https://2.bp.blogspot.com/-Wk1_IdcEHbk/WG6FVnoaKlI/AAAAAAAAC-4/WeHzJAUJ0goxxuAoGUUebSgzGHrnD6LQQCLcB/s1600/Globe-ransom-note_2.png.png
2512 https://3.bp.blogspot.com/-lYkopoRH0wQ/WHOt1KhhzhI/AAAAAAAADCA/nPdhHK3wEucAK1GHodeh5w3HcpdugzSHwCLcB/s1600/globe3-9-1-17.png
2513 Sources:
2514 https://id-ransomware.blogspot.co.il/2017/01/globe3-ransomware.html
2515 https://www.bleepingcomputer.com/forums/t/624518/globe-ransomware-help-and-support-purge-extension-how-to-restore-fileshta/
2516 https://www.bleepingcomputer.com/news/security/the-globe-ransomware-wants-to-purge-your-files/
2517 https://decryptors.blogspot.co.il/2017/01/globe3-decrypter.html
2518
2519
2520
2521
2522Name:
2523 BleedGreen
2524 Ransomware
2525 or
2526 FireCrypt
2527 Ransomware
2528 Month Detected: January 2017
2529 Decrypt Key:
2530 Deadly
2531 Â >Â
2532 BleedGreen
2533 (
2534 FireCrypt
2535 ).
2536 Extension Ending:
2537 .
2538 firecrypt
2539 Encryption: AES
2540 -256
2541 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2542 ..
2543 Ransom is 500$ in
2544 bitcoins
2545 .
2546 Requires .
2547 NET Framework 4.0. Gets into your startup system and sends you notes like the one below:
2548 https://4.bp.blogspot.com/-xrr6aoB_giw/WG1UrGpmZJI/AAAAAAAAC-Q/KtKdQP6iLY4LHaHgudF5dKs6i1JHQOBmgCLcB/s1600/green1.jpg
2549 Note:
2550 https://3.bp.blogspot.com/-np8abNpYeoU/WG1KX4_H0yI/AAAAAAAAC98/gxRJeDb01So5yTboXYP7sZWurJFBbWziACLcB/s1600/note-html.jpg
2551 Sources:
2552 https://id-ransomware.blogspot.co.il/2017/01/bleedgreen-ransomware.html
2553 https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/
2554
2555
2556
2557
2558Name:
2559 BTCamant
2560 Ransomware
2561 Month Detected: December 2016
2562 Decrypt Key:
2563 Radamant
2564 >>
2565 BTCamant
2566 Â
2567 Extension Ending:
2568 .BTC
2569 Encryption: AES
2570 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2571 ..
2572 Original name is Mission 1996 or Mission: “Impossible†(1996) (like the movie)
2573 Note:
2574 BTC_DECRYPT_FILES.txt
2575 BTC_DECRYPT_FILES.html
2576 https://2.bp.blogspot.com/-uiHluU553MU/WGzoFpEWkfI/AAAAAAAAC9o/M34ndwHUsoEfZiLJv9j4PCgBImS8oyYaACLcB/s1600/note_2.png
2577 Sources:
2578 https://id-ransomware.blogspot.co.il/2017/01/btcamant.html
2579
2580
2581
2582
2583Name:
2584 X3M Ransomware
2585 Month Detected: January 2017
2586 Decrypt Key: Â not yet
2587 Extension Ending:
2588 _x3m
2589 _r9oj
2590 _locked
2591 Encryption: AES
2592 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2593 ..
2594 It is also possible to break in using RDP Windows with the help of Pass-the-Hash system
2595 ,
2596 PuTTY
2597 ,
2598 mRemoteNG
2599 ,
2600 TightVNC
2601 , Chrome Remote Desktop,
2602 modified version of
2603 TeamViewer
2604 ,
2605 AnyDesk
2606 ,
2607 Ammyy
2608 A
2609 dmin,
2610 LiteManager
2611 ,
2612 Radmin
2613 and others.
2614 Ransom is 700$ in
2615 Bitcoins
2616 .
2617 Note:
2618 https://4.bp.blogspot.com/-hMAakgAORvg/WG_i-lk09II/AAAAAAAADAI/Uq2iCHC5ngYzeVcuxQF0mcbrLqyOGcA_wCLcB/s1600/note.png
2619 Sources:
2620 https://id-ransomware.blogspot.co.il/2017/01/x3m-ransomware.html
2621
2622
2623
2624
2625Name: GOG Ransomware
2626 Month Detected: December 2016
2627 Decrypt Key:
2628 EDA2 >> GOG
2629 Extension Ending:
2630 .LOCKED
2631 Encryption: AES
2632 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2633 ..
2634 Note:
2635 DecryptFile.txt
2636 https://4.bp.blogspot.com/-cAnilnXjK7k/WG_OHhC_UdI/AAAAAAAAC_4/sdbzTx9hP4sryM7xE59ONdk7Zr8D_m6XwCLcB/s1600/note-txt_2.png
2637 https://1.bp.blogspot.com/-TDK91s7FmNM/WGpcwq5HmwI/AAAAAAAAC8Q/i0Q66vE7m-0kmrKPXWdwnYQg6Eaw2KSDwCLcB/s1600/note-pay_2.png
2638 Sources:
2639 https://id-ransomware.blogspot.co.il/2017/01/gog-ransomware.html
2640 Note: Erebus Ransomware
2641 Month Detected: September
2642 2016
2643 Decrypt Key:
2644 not yet
2645 Extension Ending:
2646 .
2647 ecrypt
2648 Encryption: AES
2649 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2650 ..
2651 After the files are decrypted, the shadow files are deleted using the following command:
2652 vssadmin.exe
2653 Delete Shadows /All /Quiet
2654 Note:
2655 https://4.bp.blogspot.com/-E9WbSxLgaYs/WGn8gC6EfvI/AAAAAAAAC8A/bzd7uP9fcxU6Fyq1n6-9ZbUUGWlls9lrwCLcB/s1600/note-txt_2.png
2656 Sources:
2657 https://id-ransomware.blogspot.co.il/2016/09/erebus-ransomware.html
2658
2659
2660
2661
2662Name:
2663 EdgeLocker
2664 Month Dete
2665 cted: December
2666 2016
2667 Decrypt Key: not yet
2668 Extension Ending: .
2669 edgel
2670 Encryption: AES
2671 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2672 ..
2673 Ransom is 0.1
2674 Bitcoins
2675 . Original name is
2676 TrojanRansom
2677 .
2678 Note:
2679 https://3.bp.blogspot.com/-dNBgohC1UYg/WGnXhem546I/AAAAAAAAC7w/Wv0Jy4173xsBJDZPLMxe6lXBgI5BkY4BgCLcB/s1600/note-lock.jpg
2680 Sources:
2681 https://id-ransomware.blogspot.co.il/2017/01/edgelocker-ransomware.html
2682 Name:
2683 :
2684 Red Alert
2685 Month Detected: December 2016
2686 Decrypt Key:
2687 HiddenTear
2688 >> Red Alert
2689 Extension Ending: .
2690 locked
2691 Encryption: AES
2692 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2693 ..
2694 Fake name: Microsoft Corporation
2695
2696
2697
2698
2699Name:
2700 MESSAGE.txt
2701 https://1.bp.blogspot.com/-tDS74fDwB1Q/WGk2D5DcUYI/AAAAAAAAC6s/vahju5JD9B4chwnNDUvDPp4ejZOxnj_awCLcB/s1600/note-wallp.jpg
2702 Source:
2703 https://id-ransomware.blogspot.co.il/2017/01/red-alert-ransomware.html
2704
2705
2706
2707
2708Name: First
2709 Month Detected: December 2016
2710 Decrypt Key:
2711 HiddenTear
2712 >>Â First Ransomware
2713 Extension Ending: .locked
2714 Encryption: AES
2715 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2716 ..
2717 Note:
2718 https://2.bp.blogspot.com/-T0PhVuoFSyA/WGk5mYkRFAI/AAAAAAAAC64/j14Pt84YUmQMNa_5LSEn6fZ5CoYqz60swCLcB/s1600/note-lock.jpg
2719 Sources:
2720 https://id-ransomware.blogspot.co.il/2017/01/first-ransomware.html
2721 Name: :
2722 XCrypt
2723 Ransomware
2724 Month Dete
2725 cted: January 2017
2726 Decrypt Key:
2727 not yet
2728 Extension Ending:
2729 no extension is added
2730 Encryption:
2731 Twofish
2732 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2733 ..
2734 Written on Delphi.
2735 The user requests the victim to get in touch with him through ICQ to get the ransom and return the files.
2736 Note:
2737 https://4.bp.blogspot.com/-XZNMg5P75r4/WI985j-EKHI/AAAAAAAADcw/jGdtXoq2pnwjlAbFAJia4UsXuJrV5AU3gCLcB/s1600/note.jpg
2738 Source:
2739 https://id-ransomware.blogspot.co.il/2017/01/xcrypt-ransomware.html
2740
2741
2742
2743
2744Name:
2745 7Zipper Ransomware
2746 https://1.bp.blogspot.com/-ClM0LCPjQuk/WI-BgHTpdNI/AAAAAAAADc8/JyEQ8-pcJmsXIntuP-MMdE-pohVncxTXQCLcB/s1600/7-zip-logo.png
2747 Month Detected: January 2017
2748 Decrypt Key: not yet
2749 Extension Ending:
2750 .7zipper
2751 Encryption:
2752 Twofish
2753 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2754 ..
2755 Note:
2756 https://3.bp.blogspot.com/-BR0DvtIft7g/WI95IF7IdUI/AAAAAAAADck/gzWAMbpFvaYicHFuMzvlM3YGJpgulMQBQCLcB/s1600/note_2.png
2757 Sources:
2758 https://id-ransomware.blogspot.co.il/2017/01/7zipper-ransomware.html
2759
2760
2761
2762
2763Name:
2764 Zyka
2765 Ransomware
2766 Month Detected: January 2017
2767 Decrypt Key:
2768 https://www.pcrisk.com/removal-guides/10899-zyka-ransomware
2769 Extension Ending:
2770 .lock
2771 Encryption:
2772 AES
2773 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2774 ..
2775 Ransom is 170$ or EUR in
2776 Bitcoins
2777 .
2778 Note:
2779 https://3.bp.blogspot.com/-SF4RsOANlI0/WJBQd4SJv6I/AAAAAAAADdY/hI-Ncw9FoFMi5jvljUftpzTgdykOfR3vgCLcB/s1600/lock-wallp_2.png.png
2780 Sources:
2781 https://id-ransomware.blogspot.co.il/2017/01/zyka-ransomware.html
2782 https://www.pcrisk.com/removal-guides/10899-zyka-ransomware
2783
2784
2785
2786
2787Name:
2788 SureRansom
2789 Ransomeware
2790 (
2791 Fake
2792 )
2793 Month Detected: January 2017
2794 Decrypt Key:
2795 no need
2796 Extension Ending:
2797 none
2798 Encryption:
2799 AES-256 (fake)
2800 About: It’s directed to English speaking us
2801 ers, therefore is able to strike
2802 worldwide.
2803 This ransomware does not really encrypt your files.
2804 Ransom
2805 requested is
2806 £
2807 50
2808 using credit card.
2809 Note:
2810 https://1.bp.blogspot.com/-zShnOIf3R_E/WJBfhC4CdSI/AAAAAAAADdo/6l4hwSOmI0Evj4W0Esj1S_uNOy5Yq6X0QCLcB/s1600/note1-2-3.gif
2811 Source:
2812 https://id-ransomware.blogspot.co.il/2017/01/sureransom-ransomware.html
2813 http://www.forbes.com/sites/leemathews/2017/01/27/fake-ransomware-is-tricking-people-into-paying/#777faed0381c
2814 Note:
2815 Netflix Ransomware
2816 Month Detected: January 2017
2817 Decrypt Key: not yet
2818 Extension Ending:
2819 .se
2820 Encryption:
2821 AES-256
2822 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2823 ..
2824 This ransomware uses the known online library as a decoy. It poses as Netflix Code generator for Netflix login, but instead encrypts your files. The ransom is 100$ in
2825 Bitcoins
2826 .
2827 left
2828 top
2829 https://4.bp.blogspot.com/-bQQ4DTIClvA/WJCIh6Uq2nI/AAAAAAAADfY/hB5HcjuGgh8rRJKeLHo__IRz3Ezth22-wCEw/s1600/form1.jpg
2830 https://4.bp.blogspot.com/-ZnWdPDprJOg/WJCPeCtP4HI/AAAAAAAADfw/kR0ifI1naSwTAwSuOPiw8ZCPr0tSIz1CgCLcB/s1600/netflix-akk.png
2831 Note:
2832 https://3.bp.blogspot.com/-vODt2aB9Hck/WJCFc3g5eCI/AAAAAAAADe8/OrEVkqUHMU4swRWedoZuBu50AWoKR1FGACLcB/s1600/netflix-note.jpg
2833 https://4.bp.blogspot.com/-Cw4e1drBKl4/WJCHmgp1vtI/AAAAAAAADfI/QqFxUsuadOwxiy_pJyBVFYPGXt-aWd5XACLcB/s1600/wallp.png
2834 Sources and more info:
2835 https://id-ransomware.blogspot.co.il/2017/01/netflix-ransomware.html
2836 http://blog.trendmicro.com/trendlabs-security-intelligence/netflix-scam-delivers-ransomware/
2837 https://www.bleepingcomputer.com/news/security/rogue-netflix-app-spreads-netix-ransomware-that-targets-windows-7-and-10-users/
2838 http://www.darkreading.com/attacks-breaches/netflix-scam-spreads-ransomware/d/d-id/1328012
2839
2840
2841
2842
2843Name:
2844 CryptoShield
2845 1.0
2846 Ransomware
2847 Month Detected: January 2017
2848 Decrypt Key:
2849 CryptoMix
2850 Â >Â
2851 CryptoShield
2852 1.0
2853 Extension Ending: .
2854 CRYPTOSHIELD (The name is first changed using ROT-13, and after a new extension is added.)
2855 Encryption: AES-256
2856 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2857 ..
2858 CryptoShield
2859 1.0 is a ransomware from the
2860 CryptoMix
2861 family.
2862 Note:
2863 # RESTORING FILES #.txt
2864 # RESTORING FILES #.html
2865 https://2.bp.blogspot.com/-A-N9zQgZrhE/WJHAHzuitvI/AAAAAAAADhI/AHkLaL9blZgqQWc-sTevVRTxVRttbugoQCLcB/s1600/note-2.png
2866 Sources:
2867 https://id-ransomware.blogspot.co.il/2017/01/cryptoshield-ransomware.html
2868 https://www.bleepingcomputer.com/news/security/cryptomix-variant-named-cryptoshield-1-0-ransomware-distributed-by-exploit-kits/
2869
2870
2871
2872
2873Name:
2874 Merry Christmas, Merry X-Mas or MRCR
2875 Month Dete
2876 cted: December 2016
2877 Decrypt Key:
2878 https://decryptors.blogspot.co.il/2017/01/mrcr-decrypter.html
2879 Extension Ending
2880 s
2881 :
2882 .
2883 MRCR1
2884 .PEGS1
2885 .RARE1
2886 .RMCM1
2887 .MERRY
2888 Encryption: AES-256
2889 About: It’s directed to English
2890 and Italian
2891 speaking users, therefore is able to infect worldwide.
2892 Most attacks are on organizations and servers.
2893 It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2894 ..
2895 They pose as a
2896 Consumer complaint notification
2897 that’s coming from
2898 Federal Trade Commission
2899 from USA, with an attached file called “complaint.pdfâ€.
2900 Written in Delphi by hacker
2901 MicrRP
2902 .
2903 Note:
2904 YOUR_FILES_ARE_DEAD.HTA
2905 https://2.bp.blogspot.com/-3F3QAZnDxsI/WGpvD4wZ2OI/AAAAAAAAC80/-2L6dIPqsgs8hZHOX0T6AFf5LwPwfZ-rwCLcB/s1600/note.png
2906 https://4.bp.blogspot.com/-_w8peyLMcww/WHNJ1Gb0qeI/AAAAAAAADBw/EVbR-gKipYoNujo-YF6VavafsUfWDANEQCLcB/s1600/8-1-17.png
2907 Sources:
2908 https://id-ransomware.blogspot.co.il/2016/12/mrcr1-ransomware.html
2909 https://www.bleepingcomputer.com/news/security/-merry-christmas-ransomware-now-steals-user-private-data-via-diamondfox-malware/
2910 http://www.zdnet.com/article/not-such-a-merry-christmas-the-ransomware-that-also-steals-user-data/
2911 https://www.bleepingcomputer.com/news/security/merry-christmas-ransomware-and-its-dev-comodosecurity-not-bringing-holiday-cheer/
2912
2913
2914
2915
2916Name:
2917 Seoirse
2918 Ransomware
2919 Month Detected: December 2016
2920 Decrypt Key:
2921 not yet
2922 Extension Ending: .
2923 seoire
2924 Encryption: AES
2925 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2926 ..
2927 Seoirse
2928 is
2929 h
2930 ow in Ireland people say the name George.
2931 Ransom is 0.5
2932 Bitcoins
2933 .
2934 Sources:
2935 https://id-ransomware.blogspot.co.il/2016/12/seoirse-ransomware.html
2936
2937
2938
2939
2940Name:
2941 KillDisk
2942 Ransomware
2943 left
2944 top
2945 https://2.bp.blogspot.com/-MVf3nxvWF68/WGT991G01jI/AAAAAAAAC3s/atN4BHHLwCABEOumh0Bfq97Hknzc9l4lQCLcB/s1600/FSociety.png
2946 Month Detected: November/December 2016
2947 Decrypt Key:
2948 KillDisk
2949 Malware + encryption >Â
2950 KillDisk
2951 Ransomware.
2952 Extension Ending:
2953 Encryption: AES+RSA
2954 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2955 ..
2956 Every file is encrypted with a personal
2957 AES-
2958 key
2959 ,
2960 and then
2961 AES-
2962 key encrypts with a
2963 RSA-1028
2964 key
2965 .
2966 Hacking by
2967 Â
2968 TeleBots
2969 (Sandworm).
2970 Â
2971 Goes under a fake name:
2972 Update center
2973 or
2974 Microsoft Update center.
2975 Note:
2976 https://1.bp.blogspot.com/-8MqANWraAgE/WGT7mj-XirI/AAAAAAAAC3g/H_f1hTxa7Sc_DEtllBe-vYaAfY-YqMelgCLcB/s1600/wallp.png
2977 Sources and Articles:
2978 https://id-ransomware.blogspot.co.il/2016/12/killdisk-ransomware.html
2979 https://www.bleepingcomputer.com/news/security/killdisk-ransomware-now-targets-linux-prevents-boot-up-has-faulty-encryption/
2980 https://www.bleepingcomputer.com/news/security/killdisk-disk-wiping-malware-adds-ransomware-component/
2981 http://www.zdnet.com/article/247000-killdisk-ransomware-demands-a-fortune-forgets-to-unlock-files/
2982 http://www.securityweek.com/destructive-killdisk-malware-turns-ransomware
2983 http://www.welivesecurity.com/2017/01/05/killdisk-now-targeting-linux-demands-250k-ransom-cant-decrypt/
2984
2985
2986
2987
2988Name:
2989 DeriaLock
2990 Ransomware
2991 Month Detected: December 2016
2992 Decrypt Key: not yet
2993 Extension Ending:
2994 .
2995 deria
2996 Encryption:
2997 AES
2998 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
2999 ..
3000 Maker is
3001 arizonacode
3002 and ransom amount is 20-30$.
3003 If the victim decides to pay the ransom, he will have to copy
3004 HWID
3005 and then speak to the hacker on Skype and forward him the payment.
3006 Note:
3007 (
3008 click
3009 on link to see the gif)
3010 https://3.bp.blogspot.com/-9vg_tRPq8rQ/WGOjf4ULuGI/AAAAAAAACzw/d16uRmEOotsCbRM4hwvzQ6bB8xAVNJ7ogCLcB/s1600/DeriaLock.gif
3011 Source:
3012 https://id-ransomware.blogspot.co.il/2016/12/derialock-ransomware.html
3013 https://www.bleepingcomputer.com/news/security/new-derialock-ransomware-active-on-christmas-includes-an-unlock-all-command/
3014
3015
3016
3017
3018Name:
3019 BadEncript
3020 Ransomware
3021 Month Detected: December 2016
3022 Decrypt Key: not yet
3023 Extension Ending: .
3024 bript
3025 Encryption: AES
3026 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3027 ..
3028 Note:
3029 More.html
3030 https://3.bp.blogspot.com/-hApL-ObdWsk/WGAYUyCzPcI/AAAAAAAACyg/NuL26zNgRGcLnnF2BwgOEn3AYMgVu3gQACLcB/s1600/More-note.png
3031 Source:
3032 https://id-ransomware.blogspot.co.il/2016/12/badencript-ransomware.html
3033 Note:
3034 AdamLocker
3035 Ransomware
3036 Month Detected: December 2016
3037 Decrypt Key: Please contact Michael to decrypt these files:
3038 https://twitter.com/demonslay335/status/813067161702952960
3039 Extension Ending:
3040 .
3041 adam
3042 Encryption: AES
3043 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3044 ..
3045 The name of the creator is puff69.
3046 Note:
3047 https://3.bp.blogspot.com/-9IgXt6L0hLY/WGARdzJgfvI/AAAAAAAACyQ/1bfnX_We65AirDcAFpiG49NPuBMfGH9wwCLcB/s1600/note-adam.jpg
3048 Source:
3049 https://id-ransomware.blogspot.co.il/2016/12/adamlocker-ransomware.html
3050
3051
3052
3053
3054Name:
3055 Alphabet Ransomware
3056 Month Detected: December 2016
3057 Decrypt Key: not yet
3058 Extension Ending:
3059 .alphabet
3060 Encryption: AES
3061 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3062 ..
3063 This ransomware poses as
3064 Windows 10 Critical Update Service.
3065 Offers you to update your Windows 10, but instead encrypts your files. For successful attack, the victim must
3066 have
3067 Â .
3068 NET Framework 4.5.2
3069 installed on him computer.
3070 Note:
3071 https://1.bp.blogspot.com/-bFPI3O1BI3s/WGPpvnDvNNI/AAAAAAAAC10/mLUiFOCWnEkjbV91PmUGnc3qsFMv9um8QCLcB/s1600/wallp.jpg
3072 Source:
3073 https://id-ransomware.blogspot.co.il/2016/12/alphabet-ransomware.html
3074
3075
3076
3077
3078Name:
3079 KoKoKrypt
3080 Ransomware or
3081 KokoLocker
3082 Â Ransomware
3083 Month Detected: December 2016
3084 Decrypt Key: not yet
3085 Extension Ending:
3086 .
3087 kokolocker
3088 Encryption: AES
3089 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread
3090 by its creator in forums
3091 . It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files
3092 and documents and more.
3093 The ransom is 0.1
3094 bitcoins
3095 within 72 hours. Uses
3096 Windows Update
3097 as a decoy. Creator:
3098 Talnaci
3099 Alexandru
3100 Note:
3101 https://4.bp.blogspot.com/-NiQ6rSIprB8/WF-uxTMq6hI/AAAAAAAACyA/tA6qO3aJdGc0Dn_I-IOZOM3IwN5rgq9sACLcB/s1600/note-koko.jpg
3102 Source:
3103 https://id-ransomware.blogspot.co.il/2016/12/kokokrypt-ransomware.html
3104 http://removevirusadware.com/tips-for-removeing-kokokrypt-ransomware/
3105
3106
3107
3108
3109Name:
3110 L33TAF Locker Ransomware
3111 Month Detected: December 2016
3112 Decrypt Key: not yet
3113 Extension Ending: .
3114 l33tAF
3115 Encryption: AES-256+RSA
3116 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3117 ..
3118 Ransom is 0.5
3119 bitcoins
3120 . The name of the creator is
3121 staffttt
3122 , he also created
3123 Fake
3124 CryptoLocker
3125 Note:
3126 YOU_HAVE_BEEN_HACKED.txt
3127 https://2.bp.blogspot.com/-yncl7-Jy198/WGDjdgNKXjI/AAAAAAAACzA/bfkDgwWEGKggUG3E1tgPBAWDXwi-p-7AwCLcB/s1600/note_2.png
3128 Source:
3129 https://id-ransomware.blogspot.co.il/2016/12/l33taf-locker-ransomware.html
3130
3131
3132
3133
3134Name:
3135 PClock4 Ransomware
3136 or
3137 PClock
3138 SysGop
3139 Ransomware
3140 Month Detected: December 2016
3141 Decrypt Key:
3142 Â
3143 WinMav
3144 (2015 г.) >Â
3145 HYPERLINK "http://id-ransomware.blogspot.ru/2016/05/pclock-pclock2-ransomware-xor-1.html" \t "_blank"
3146 PClock
3147 , PClock2
3148 Â >Â
3149 PClock3 (
3150 SuppTeam
3151 )
3152 Â >Â PClock4 (
3153 SysGop
3154 )
3155 Extension Ending:
3156 Encryption: AES-256+RSA
3157 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam
3158 (for
3159 exaplme
3160 : “you have a criminal case against youâ€)
3161 , fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3162 ..
3163 Note:
3164 https://4.bp.blogspot.com/-T9Mt0pE7kwY/WF7NKAPfv1I/AAAAAAAACxw/gOjxeSR0x7EurKQTI2p6Ym70ViYuYdsvQCLcB/s1600/note_2.png
3165 Source:
3166 https://id-ransomware.blogspot.co.il/2016/12/pclock4-sysgop-ransomware.html
3167
3168
3169
3170
3171Name:
3172 Guster
3173 Ransomware
3174 Month Detected: December 2016
3175 Decrypt Key:
3176 HiddenTear
3177 >>
3178 Guster
3179 Extension Ending: .locked
3180 Encryption: AES-256+RSA
3181 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3182 ..
3183 This ransomware uses VBS-script to send a voice message as the first few lines of the note.
3184 Note:
3185 https://2.bp.blogspot.com/-0-kDVCM-kuI/WGVH-d2trGI/AAAAAAAAC4A/4LlxFpwkhEk89QcJ5ZhO1i-T6dQ_RcVegCEw/s1600/guster-note-2.jpg
3186 Sources:
3187 https://id-ransomware.blogspot.co.il/2016/12/guster-ransomware.html
3188
3189
3190
3191
3192Name:
3193 Roga
3194 Month Detected: December 2016
3195 Decrypt Key:
3196 Free-Freedom >
3197 Roga
3198 Password for decryption: adamdude9
3199 Extension Ending: .
3200 madebyadam
3201 Encryption:
3202 AES
3203 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3204 ..
3205 The hacker requests the ransom in Play Store cards.
3206 https://3.bp.blogspot.com/-ClUef8T55f4/WGKb8U4GeaI/AAAAAAAACzg/UFD0X2sORHYTVRNBSoqd5q7TBrOblQHmgCLcB/s1600/site.png
3207 Note:
3208 https://2.bp.blogspot.com/-ZIWywQMf2mY/WGJD-rqLZYI/AAAAAAAACzQ/p5PWlpWyHjcVHKq74DOsE7yS-ornW48_QCLcB/s1600/note.jpg
3209 Source:
3210 https://id-ransomware.blogspot.co.il/2016/12/roga-ransomware.html
3211
3212
3213
3214
3215Name:
3216 CryptoLocker3 Ransomware or
3217 FakeÂ
3218 CryptoLocker
3219 Month Detected: December 2016
3220 Decrypt Key:
3221 not yet
3222 Extension Ending: .
3223 cryptolocker
3224 Encryption: AES
3225 -128+RSA
3226 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3227 ..
3228 Creator is
3229 staffttt
3230 and
3231 the ransom
3232 is 0.5
3233 botcoins
3234 .
3235 Note:
3236 https://4.bp.blogspot.com/-LDSJ7rws1WI/WGDR-oDSshI/AAAAAAAACyw/_Kn0mnjpm2YN5tS9YldEnca-zOLJpXjcACLcB/s1600/crypto1-2.gif
3237 Source:
3238 https://id-ransomware.blogspot.co.il/2016/12/cryptolocker3-ransomware.html
3239
3240
3241
3242
3243Name:
3244 ProposalCrypt
3245 RansomwareÂ
3246 Month Detected: December 2016
3247 Decrypt Key: not yet
3248 Extension Ending: .
3249 crypted
3250 Encryption: AES
3251 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3252 ..
3253 The ransom is 1.0
3254 bitcoins
3255 .
3256 Note:
3257 https://3.bp.blogspot.com/-TkMikT4PA3o/WFrb4it2u9I/AAAAAAAACww/_zZgu9EHBj8Ibar8i5ekwaowGBD8EoOygCLcB/s1600/note.jpg
3258 Sources:
3259 https://id-ransomware.blogspot.co.il/2016/12/proposalcrypt-ransomware.html
3260 http://www.archersecuritygroup.com/what-is-ransomware/
3261
3262
3263
3264
3265Name:
3266 Manifestus
3267 RansomwareÂ
3268 Month Detected: December 2016
3269 Decrypt Key:
3270 https://id-ransomware.blogspot.co.il/2016/12/m4n1f3sto-ransomware.html
3271 (
3272 please
3273 use a translator from Russian for the decrypt above)
3274 Extension Ending
3275 : .
3276 Encryption: AES
3277 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3278 ..
3279 The hacker demands 0.2
3280 bitcoins
3281 . The ransomware poses as a Window update.
3282 Note:
3283 https://3.bp.blogspot.com/-85wiBKXIqro/WFrFOaNeSsI/AAAAAAAACwA/UyrPc2bKQCcznmtLTFkEfc6lEvhseyRYACLcB/s1600/lock1.jpg
3284 Source:
3285 https://id-ransomware.blogspot.co.il/2016/12/manifestus-ransomware.html
3286 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-23rd-2016-cryptxxx-koolova-cerber-and-more/
3287 https://twitter.com/struppigel/status/811587154983981056
3288
3289
3290
3291
3292Name:
3293 EnkripsiPC
3294 RansomwareÂ
3295 Month Detected: December 2016
3296 Decrypt Key:
3297 DetoxCrypto
3298 (?) >>
3299 EnkripsiPC
3300 Extension Ending: .
3301 fucked
3302 Encryption: AES
3303 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3304 ..
3305 The name of the hacker is
3306 humanpuff69
3307 and he requests 0.5
3308 bitcoins
3309 .
3310 Note:
3311 https://4.bp.blogspot.com/-owEtII_eezA/WFmOp0ccjaI/AAAAAAAACvk/gjYcSeflS4AChm5cYO5c3EV4aSmzr14UwCLcB/s1600/enc100.gif
3312 Source:
3313 https://id-ransomware.blogspot.co.il/2016/12/enkripsipc-ransomware.html
3314
3315
3316
3317
3318Name:
3319 BrainCrypt
3320 Ransomware
3321 Month Detected: December 2016
3322 Decrypt Key:
3323 not yet
3324 Extension Ending: .
3325 braincrypt
3326 Encryption: AES
3327 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3328 ..
3329 So far the victims are from Belarus and Germany.
3330 Note:
3331 https://1.bp.blogspot.com/-KrKO1vYs-1w/WFlw6bOfI_I/AAAAAAAACug/42w1VSl2GIoxRuA2SPKJr6xYp3c4OBnJQCLcB/s1600/note_2.png
3332 https://3.bp.blogspot.com/-8bxTSAADM7M/WFmBEu-eUXI/AAAAAAAACvU/xaQBufV5a-4GWEJhXj2VVLqXnTjQJYNrwCLcB/s1600/note-brain2.jpg
3333 Source:
3334 https://id-ransomware.blogspot.co.il/2016/12/braincrypt-ransomware.html
3335
3336
3337
3338
3339Name:
3340 MSN
3341 CryptoLocker
3342 Ransomware
3343 Month Detected: December 2016
3344 Decrypt Key: not yet
3345 Extension Ending: n/a
3346 Encryption: AES
3347 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3348 ..
3349 Ransom is 0.2
3350 bitcoins
3351 .
3352 Note:
3353 https://2.bp.blogspot.com/-R-lKbH_tLvs/WGPRa-hCtqI/AAAAAAAAC1Y/zgKYZmys_jciaYhtTUsVLen5IHX8_LyiACLcB/s1600/note_2.png
3354 Source:
3355 https://id-ransomware.blogspot.co.il/2016/12/msn-cryptolocker-ransomware.html
3356
3357
3358
3359
3360Name:
3361 CryptoBlock
3362 RansomwareÂ
3363 Month Detected: December 2016
3364 Decrypt Key: not yet
3365 Extension Ending: n/a
3366 Encryption:
3367 RSA-2048
3368 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3369 ..
3370 The ransom is in the amount is 0.3
3371 bitcoins
3372 . The ransomware is disguises themselves as
3373 Adobe Systems, Incorporated.
3374 Note:
3375 https://4.bp.blogspot.com/-4Y7GZEsWh7A/WFfnmQFF7nI/AAAAAAAACsQ/j3rXZmWrDxMM6xhV1s4YVl_WLDe28cpAwCLcB/s1600/001.jpg
3376 Sources:
3377 https://id-ransomware.blogspot.co.il/2016/12/cryptoblock-ransomware.html
3378
3379
3380
3381
3382Name:
3383 AES-NI RansomwareÂ
3384 Month Detected: December 2016
3385 Decrypt Key: not yet
3386 Extension Ending: .aes256
3387 Encryption:
3388 AES-256 (ECB
3389 )Â + RSA-2048
3390 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3391 ..
3392 Note:
3393 Â
3394 !!! READ THIS -
3395 IMPORTANT !!!.txt
3396 https://4.bp.blogspot.com/-GdF-kk1j9-8/WFl6NVm3PAI/AAAAAAAACvE/guFIi_FUpgIQNzX-usJ8CpofX45eXPvkQCLcB/s1600/note_2.png
3397 Source:
3398 https://id-ransomware.blogspot.co.il/2016/12/aes-ni-ransomware.html
3399
3400
3401
3402
3403Name:
3404 Koolova
3405 Ransomware
3406 Month Detected: December 2016
3407 Decrypt Key:
3408 Jigsaw +Â
3409 HiddenTear
3410 >>Â
3411 Koolova
3412 Extension Ending: .encrypted
3413 Encryption:
3414 AES-256
3415 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3416 ..
3417 The hacker of this ransomware tends to make lots of spelling errors in his requests.
3418 Note:
3419 https://2.bp.blogspot.com/-kz7PePfAiLI/WGTpY3us5LI/AAAAAAAAC3A/wu1rkx-BWlMzglJXXmCxeuYzbZKN5FP4gCLcB/s1600/koolova-v2.png
3420 Source:
3421 https://id-ransomware.blogspot.co.il/2016/12/koolova-ransomware.html
3422
3423
3424
3425
3426Name:
3427 Fake Globe Ransomware
3428 or
3429 Globe Imposter
3430 Month Detected: December 2016
3431 Decrypt Key: https://decrypter.emsisoft.com/globeimposter
3432 Extension Ending: .crypt
3433 Encryption:
3434 AES
3435 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, v
3436 ideos, shared online files etc…
3437 The ransom is 1
3438 bitcoin
3439 .
3440 Note:
3441 https://1.bp.blogspot.com/-F8oAU82KnQ4/WFWgxjZz2vI/AAAAAAAACrI/J76wm21b5K4F9sjLF1VcEGoif3cS-Y-bwCLcB/s1600/note.jpg
3442 Source:
3443 https://id-ransomware.blogspot.co.il/2016/12/fake-globe-ransomware.html
3444 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-30th-2016-infected-tvs-and-open-source-ransomware-sucks/
3445 https://twitter.com/fwosar/status/812421183245287424
3446
3447
3448
3449
3450Name:
3451 V8Locker RansomwareÂ
3452 Month Detected: December 2016
3453 Decrypt Key:
3454 Gomasom
3455 Â >Â
3456 HYPERLINK "https://id-ransomware.blogspot.ru/2016/10/rotorcrypt-ransomware.html" \t "_blank"
3457 RotorCrypt
3458 Â > V8Locker
3459 Extension Ending: .v8
3460 Encryption:
3461 RSA
3462 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…
3463 Note:
3464 https://3.bp.blogspot.com/-Acmbpw6fEaQ/WFUFKU9V9ZI/AAAAAAAACqc/47AceoWZzOwP9qO8uenjNVOVXeFJf7DywCLcB/s1600/note_2.png
3465 Sources:
3466 https://id-ransomware.blogspot.co.il/2016/12/v8locker-ransomware.html
3467
3468
3469
3470
3471Name:
3472 Cryptorium
3473 (Fake Ransomware)
3474 Month Detected: December 2016
3475 Decrypt Key:
3476 not needed
3477 Extension Ending: .ENC
3478 Encryption: RSA
3479 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It
3480 SUPPOSEDLY
3481 encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3482 .
3483 ,
3484 however your files are not really encrypted, only the names are changed.
3485 Note:
3486 https://4.bp.blogspot.com/-I0fsQu2YXMI/WFLb9LPdkFI/AAAAAAAACoY/xqRhgO1o98oruVDMC6rO4RxCk5MFDSTYgCLcB/s1600/lock.jpg
3487 Source:
3488 https://id-ransomware.blogspot.co.il/2016/12/cryptorium-ransomware.html
3489 Name: :
3490 Antihacker2017 RansomwareÂ
3491 Month Detected: December 2016
3492 Decrypt Key:
3493 not yet
3494 Extension Ending: .
3495 antihacker2017
3496 Encryption:
3497 XOR
3498 About: It’s directed to
3499 Russian
3500 speaking users, there
3501 fore is able to infect
3502 mosty
3503 the old USSR countries
3504 . It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3505 … The hacker goes by the nickname
3506 Antihacker
3507 and requests the victim to send him an email for the decryption. He does not request any money only a warning about looking at porn (gay, incest and rape porn to be specific).
3508 Note (in Russian only):
3509 https://3.bp.blogspot.com/-k7iDPgj17Zo/WFKEfMvR4wI/AAAAAAAACn4/8irB4Tf1x_MjfTmWaAjuae6mFJbva6GcwCLcB/s1600/note.jpg
3510 Source:
3511 https://id-ransomware.blogspot.co.il/2016/12/antihacker2017-ransomware.html
3512
3513
3514
3515
3516Name:
3517 CIA Special Agent 767 Ransomware
3518 (FAKE!!!)
3519 Month Detected: December 2016
3520 Decrypt Key:
3521 M4N1F3STO
3522 Â
3523 ⟺
3524 Â CIA Special Agent 767
3525 Extension Ending: none
3526 Encryption:
3527 none
3528 About: It’s directed to
3529 English
3530 speaking users, therefore is able to infect
3531 users all over the world
3532 . It is spread using email spam, fake updates, attachments and so on. It
3533 SUPPOSED
3534 LY
3535 encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…
3536 Your files are not really encrypted and nothing actually happens, however the hacker does ask the victim to pay a sum of 100$, after 5 days the sum goes up to 250$ and thereafter to 500$.
3537 After the payment is received, the victim gets the following message informing him that he has been fooled and he simply needed to delete the note.
3538 https://4.bp.blogspot.com/-T8iSbbGOz84/WFGZEbuRfCI/AAAAAAAACm0/SO8Srwx2UIM3FPZcZl7W76oSDCsnq2vfgCPcB/s1600/code2.jpg
3539 Note:
3540 https://1.bp.blogspot.com/-6I7jtsp5Wi4/WFLqnfUvg5I/AAAAAAAACow/BCOv7etYxxwpIERR1Qs5fmJ2wKBx3sqmACLcB/s1600/screen-locker.png
3541 Source:
3542 https://id-ransomware.blogspot.co.il/2016/12/cia-special-agent-767-ransomware.html
3543 https://www.bleepingcomputer.com/virus-removal/remove-cia-special-agent-767-screen-locker
3544 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-16th-2016-samas-no-more-ransom-screen-lockers-and-more/
3545 https://guides.yoosecurity.com/cia-special-agent-767-virus-locks-your-pc-screen-how-to-unlock/
3546 Name: :
3547 LoveServer
3548 RansomwareÂ
3549 Month Detected: December 2016
3550 Decrypt Key:
3551 not yet
3552 Ex
3553 tension Ending: n/a
3554 Encryption:
3555 n/a
3556 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…
3557 This hacker request your IP address in return for the decryption.
3558 Note:
3559 https://3.bp.blogspot.com/-LY1A0aeA_c0/WFEduvkiNQI/AAAAAAAACjk/B2-nFQoExscMVvZqvCaf9R4z_C6-rSdvACLcB/s1600/note2.png.png
3560 Source:
3561 https://id-ransomware.blogspot.co.il/2016/12/loveserver-ransomware.html
3562
3563
3564
3565
3566Name:
3567 Kraken RansomwareÂ
3568 Month Detected: December 2016
3569 Decrypt Key:
3570 not yet
3571 Ex
3572 tension Ending: .kraken
3573 Encryption:
3574 AES
3575 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…
3576 The hacker requests 2
3577 bitcoins
3578 in return for the files.
3579 Note:
3580 https://3.bp.blogspot.com/-E4brsgJRDHA/WFBU7wPaYLI/AAAAAAAACjU/sLEkzMiWp5wuc8hpFbylC7lLVMhftCLGgCLcB/s1600/111m.png
3581 https://2.bp.blogspot.com/-b5caw8XAvIQ/WFBUuOto40I/AAAAAAAACjQ/_yzwIU17BHw4Ke4E3wM_XBI1XfnAvGSZQCLcB/s1600/005.png
3582 Source:
3583 https://id-ransomware.blogspot.co.il/2016/12/kraken-ransomware.html
3584
3585
3586
3587
3588Name:
3589 Antix
3590 Ransomware
3591 Month Detected: December 2016
3592 Decrypt Key: not yet
3593 Ex
3594 tension Ending
3595 : .
3596 Encryption: AES
3597 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…
3598 The ransom is 0.25
3599 bitcoins
3600 and the nickname of the hacker is FRC 2016.
3601 Note:
3602 https://1.bp.blogspot.com/-6iMtvGe3T58/WE8Ftx7zcUI/AAAAAAAACiE/2ISTxSYzgKEgnfQ7FSUWo3BiCeVLHH_uwCLcB/s1600/note.jpg
3603 Source:
3604 https://id-ransomware.blogspot.co.il/2016/12/antix-ransomware.html
3605
3606
3607
3608
3609Name:
3610 PayDay
3611 RansomwareÂ
3612 Month Detected: December 2016
3613 Decrypt Key: not yet
3614 Extension Ending: .
3615 sexy
3616 Encryption: AES
3617 -256
3618 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…
3619 The ransom is R$950 which is due in 5 days. (R$ is a Brazilian currency)
3620 Note:
3621 https://3.bp.blogspot.com/-MWEyG49z2Qk/WE78wLqCXPI/AAAAAAAAChw/SIlQSe_o_wMars2egfZ7VqKfWuan6ThwQCLcB/s1600/note1.jpg
3622 Source:
3623 https://id-ransomware.blogspot.co.il/2016/12/payday-ransomware.html
3624
3625
3626
3627
3628Name:
3629 Slimhem
3630 RansomwareÂ
3631 Month Detected: December 2016
3632 Decrypt Key: not yet
3633 Extension Ending: .
3634 encrypted
3635 Encryption: AES-256
3636 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is
3637 NOT
3638 spread using email spam, fake updates,
3639 attachments
3640 and so on
3641 . It simply places a decrypt file on your computer.
3642 Note: NO NOTE NO RANSOM
3643 Source:
3644 https://id-ransomware.blogspot.co.il/2016/12/slimhem-ransomware.html
3645
3646
3647
3648
3649Name:
3650 M4N1F3STO RansomwareÂ
3651 (FAKE!!!!!)
3652 Month Detected: December 2016
3653 Decrypt Key:
3654 M4N1F3STOÂ
3655 ⟺
3656 Â
3657 CIA Special Agent 767
3658 Extension Ending: NONE
3659 Encryption: AES-256
3660 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…
3661 FILES DON’T REALLY GET DELETED NOR DO THEY GET ENCRYPTED
3662 !!!!!!!
3663 Note:
3664 I want to play a game with you. Let me explain the rules.
3665 Your personal files are being deleted. Your photos, videos, documents, etc...
3666 But, don't worry! It will only happen if you don't comply.
3667 However I've already encrypted your personal files, so you cannot access therm.
3668 Every hour I select some of them to delete permanently
3669 ,
3670 therefore I won't be able to access them, either.
3671 Are you familiar with the concept of exponential growth? Let me help you out.
3672 It starts out slowly then increases rapidly.
3673 During the first 24 hour you will only lose a few files,Â
3674 the second day a few hundred, the third day a few thousand, and so on.Â
3675 If you turn off your computer or try to close me, when i start the next time
3676 you will
3677 het
3678 1000 files deleted as punishment.
3679 Yes you will want me to start next time, since I am the only one that
3680 is capable to decrypt your personal data for you.
3681 Now, let's start and enjoy our little game together!
3682 Send 0.3
3683 bitcoins
3684 to this
3685 adress
3686 to unlock your Pc with your email
3687 adress
3688 Your
3689 can purchase
3690 bitcoins
3691 from
3692 localbitcoins
3693 https://3.bp.blogspot.com/-9MsC3A3tuUA/WFGZM45Pw5I/AAAAAAAACms/NbDFma30D9MpK2Zc0O6NvDizU8vqUWWlwCLcB/s1600/M4N1F3STO.jpg
3694 Source:
3695 https://id-ransomware.blogspot.co.il/2016/12/m4n1f3sto-ransomware.html
3696
3697
3698
3699
3700Name:
3701 Dale Ransomware or
3702 DaleLocker
3703 Ransomware
3704 Month Detected: December 2016
3705 Decrypt Key: not yet
3706 Extension Ending: .
3707 DALE
3708 Encryption: AES+RSA-512
3709 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…
3710 CHIP
3711 Â > DALE
3712 Note:
3713 https://2.bp.blogspot.com/-Th5OF2TBmPA/WE2BCyOPJeI/AAAAAAAACgs/uQlO9e9nyRkUIxfsUhco5RPqM8kTrlFrQCLcB/s1600/note2.png
3714 Source:
3715 https://id-ransomware.blogspot.co.il/2016/12/dale-ransomware.html
3716
3717
3718
3719
3720Name:
3721 UltraLocker
3722 RansomwareÂ
3723 Month Detected: December 2016
3724 Decrypt Key: not yet
3725 Extension Ending: .
3726 locked (added before the ending, not to the ending, for example: file.
3727 locked
3728 .doc
3729 Encryption:
3730 AES-256
3731 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…
3732 Note:
3733 left
3734 top
3735 :
3736 HYPERLINK "
3737 https://1.bp.blogspot.com/-DOjKnuzCMo8/WE1Xd8yksiI/AAAAAAAACfo/d93v2xn857gQDg4o5Rd4oZpP3q-Ipv9xgCLcB/s1600/UltraLocker.png
3738 "
3739 https://1.bp.blogspot.com/-DOjKnuzCMo8/WE1Xd8yksiI/AAAAAAAACfo/d93v2xn857gQDg4o5Rd4oZpP3q-Ipv9xgCLcB/s1600/UltraLocker.png
3740 Source:
3741 https://id-ransomware.blogspot.co.il/2016/12/ultralocker-ransomware.html
3742 Name: :
3743 AES_KEY_GEN_ASSIST Ransomware
3744 Month Detected: December 2016
3745 Decrypt Key:
3746 https://id-ransomware.blogspot.co.il/2016/09/dxxd-ransomware.html
3747 (
3748 go
3749 to the link above, scroll to the bottom of the page to
3750 the
3751 descryptor
3752 link in red and click to download)
3753 Extension Ending: .
3754 pre_alpha
3755 Encryption: AES-256
3756 and RSA-2048
3757 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…
3758 Note
3759 https://4.bp.blogspot.com/-6NIoKnSTwcs/WExcV900C_I/AAAAAAAACfI/_Hba3mOwk3UQ0T5rGercOglMsCTjVtCnQCLcB/s1600/note2.png
3760 Source:
3761 https://id-ransomware.blogspot.co.il/2016/12/aeskeygenassist-ransomware.html
3762 https://id-ransomware.blogspot.co.il/2016/09/dxxd-ransomware.html
3763 https://www.bleepingcomputer.com/forums/t/634258/aes-key-gen-assistprotonmailcom-help-support/
3764
3765
3766
3767
3768Name:
3769 Code Virus RansomwareÂ
3770 Month Detected: December 2016
3771 Decrypt Key:
3772 not yet
3773 Extension Ending: .
3774 locky
3775 Encryption: AES-256 and RSA-2048
3776 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures,
3777 videos, shared online files etc
3778 ..
3779 Note:
3780 https://2.bp.blogspot.com/-Lyd1uRKG-94/WFJ3TbNqWfI/AAAAAAAACnc/4LoazYU0S1s1YRz3Xck3LN1vOm5RwIpugCLcB/s1600/note.jpg
3781 This hacker tries to sell the ransomware to others to use to commit a crime. See gif bellow.
3782 https://4.bp.blogspot.com/-eBeh1lzEYsI/WFJ4l1oJ4fI/AAAAAAAACno/P5inceelNNk-zfkJGhE3XNamOGC8YmBwwCLcB/s1600/str123.gif
3783 Source:
3784 https://id-ransomware.blogspot.co.il/2016/12/code-virus-ransomware.html
3785
3786
3787
3788
3789Name:
3790 Â FLKR Ransomware
3791 Month Detected: December 2016
3792 Decrypt Key:
3793 http://virusinfo.info/showthread.php?t=206679
3794 (
3795 please
3796 use translator for the link
3797 abovr
3798 )
3799 Extension Ending:
3800 _morf56@meta.ua_
3801 Encryption:
3802 Blowfish
3803 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3804 ..
3805 Note:
3806 https://3.bp.blogspot.com/-Fh2I6542zi4/WEpmphY0i1I/AAAAAAAACe4/FBP3J6UraBMkSMTWx2tm-FRYnmlYLtFWgCLcB/s1600/note2.png.png
3807 Source:
3808 https://id-ransomware.blogspot.co.il/2016/12/flkr-ransomware.html
3809
3810
3811
3812
3813Name:
3814 PopCorn
3815 Time Ransomware
3816 Month Detected: December 2016
3817 Decrypt Key:
3818 not yet
3819 Extension Ending:
3820 .
3821 kok
3822 Â
3823 or
3824 Â
3825 .
3826 filock
3827 Encryption:
3828 AES-256
3829 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3830 ..
3831 These hackers claim to be students from Syria.
3832 This ransomware poses as the popular torrent movie screener called
3833 PopCorn
3834 . These criminals give you the chance to retrieve your files “for free†by spreading this virus to others. Like shown in the note bellow:
3835 https://www.bleepstatic.com/images/news/ransomware/p/Popcorn-time/refer-a-friend.png
3836 Note:
3837 https://3.bp.blogspot.com/-WxtRn5yVcNw/WEmgAPgO4AI/AAAAAAAACeo/M7iS6L8pSOEr8EUDkCK_g6h0aMKQQXfGwCLcB/s1600/note2.png
3838 After
3839 reciving
3840 the payment the victim receives the following note:
3841 https://3.bp.blogspot.com/-sLwR-6y2M-I/WEmVIdJuPMI/AAAAAAAACeY/gpQDT-2-d7kkrfTHgiEZCfxViHu7dNE7ACLcB/s1600/med.jpg
3842 Source:
3843 https://id-ransomware.blogspot.co.il/2016/12/popcorntime-ransomware.html
3844 https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/
3845 Name: :
3846 HackedLocker
3847 Ransomware
3848 Month Detected: December 2016
3849 Decrypt Key:
3850 https://www.bleepingcomputer.com/download/jigsaw-decrypter/
3851 Extension Ending: .
3852 hacked
3853 Encryption: AES-256
3854 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…
3855 NO POINT OF PAYING THE RANSOM—THE HACKER DOES NOT GIVE A DECRYPT AFTERWARDS.
3856 Note:
3857 https://4.bp.blogspot.com/-G-xrI4N08hs/WFJjQgB3ojI/AAAAAAAACnM/DEfy_skSg044UmbBfNodiQY4OaLkkQPOwCLcB/s1600/note-hacked.jpg
3858 Source:
3859 https://id-ransomware.blogspot.co.il/2016/12/hackedlocker-ransomware.html
3860
3861
3862
3863
3864Name:
3865 GoldenEye
3866 Ransomware
3867 Month Detected: December 2016
3868 Decrypt Key:
3869 Extension Ending:
3870 .<random_8_chars>
3871 Encryption: AES
3872 (CBC)
3873 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…
3874 Note :
3875 https://4.bp.blogspot.com/-qcJxWivTx1w/WEcEW14om5I/AAAAAAAACa4/xLAlsQGZjeg7Zlg3F2fQAcgQ_6b_cNQLACLcB/s1600/goldeneye-1.jpg
3876 https://4.bp.blogspot.com/-avE8liOWdPY/WEcEbdTxx6I/AAAAAAAACa8/KOKgXzU1h2EJ0tTOKMdQzZ_JdWWNeFMdwCLcB/s1600/goldeneye-1-2.jpg
3877 Source:
3878 https://id-ransomware.blogspot.co.il/2016/12/goldeneye-ransomware.html
3879 More information in the following link:
3880 https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/
3881 https://www.bleepingcomputer.com/forums/t/634778/golden-eye-virus/
3882
3883
3884
3885
3886Name:
3887 Sage
3888 Ransomware
3889 Month Detected:
3890 December 2016
3891 Decrypt Key: not yet
3892 Extension Ending: .sage
3893 Encryption: AES
3894 About: It’s directed to English speaking users, therefore is able to infect worldwide.
3895 It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…
3896 Note:
3897 https://4.bp.blogspot.com/-GasUzax8cco/WEar0U0tPqI/AAAAAAAACZw/6V_1JFxLMH0UnmLa3-WZa_ML9JbxF0JYACEw/s1600/note-txt2.png
3898 Collage of how the ransom payment works:
3899 Source:
3900 https://id-ransomware.blogspot.co.il/2016/12/sage-ransomware.html
3901 https://www.bleepingcomputer.com/forums/t/634978/sage-file-sample-extension-sage/
3902 https://www.bleepingcomputer.com/forums/t/634747/sage-20-ransomware-sage-support-help-topic/
3903
3904
3905
3906
3907Name:
3908 SQ_ RansomwareÂ
3909 or
3910 VO_ RansomwareÂ
3911 Month Detected: December 2016
3912 Decrypt Key: not yet
3913 Extension Ending:
3914 .VO_
3915 Encryption: AES
3916 and
3917 Â RSA-1024
3918 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…
3919 This hacker requests 4
3920 bitcoins
3921 for ransom.
3922 Note:
3923 https://2.bp.blogspot.com/-Lhq40sgYUpI/WEWpGkkWOKI/AAAAAAAACZQ/iOp9g9Ya0Fk9vZrNKwTEMVcEOzKFIwqgACLcB/s1600/english-2.png
3924 Source:
3925 https://id-ransomware.blogspot.co.il/2016/12/sq-vo-ransomware.html
3926
3927
3928
3929
3930Name:
3931 Matrix or Malta Ransomware
3932 Month Detected: December 2016
3933 Decrypt Key: not yet
3934 Extension Ending: .
3935 MATRIX
3936 Encryption: AES andÂ
3937 RSA
3938 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…
3939 Note:
3940 left
3941 top
3942 https://4.bp.blogspot.com/-RGHgroHt5cU/WEUWnFBn2hI/AAAAAAAACYA/zwSf7rmfWdo4ESQ8kjwj6mJrfzL2V22mgCLcB/s1600/note-eng.png
3943 Source:
3944 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2016-screenlockers-kangaroo-the-sfmta-and-more/
3945 https://id-ransomware.blogspot.co.il/2016/12/matrix-ransomware.html
3946 Name: :
3947 Satan666 Ransomware
3948 Month Detected: November 2016
3949 Decrypt Key: not yet
3950 Extension Ending: .locked
3951 Encryption: AES
3952 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3953 ..
3954 Note:
3955 https://3.bp.blogspot.com/-anaLWyg_iJI/WFaxDs8KI3I/AAAAAAAACro/yGXh3AV-ZpAKmD4fpQbBkAyYXXnkqgR3ACLcB/s1600/note666_2.png
3956 Source:
3957 https://id-ransomware.blogspot.co.il/2016/11/satan666-ransomware.html
3958
3959
3960
3961
3962Name:
3963 RIP (Phoenix) Ransomware
3964 Month Detected: November 2016
3965 Decrypt Key: not yet
3966 Extension Ending: .
3967 R.i.P
3968 Encryption: AES
3969 -256
3970 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3971 ..
3972 Note:
3973 https://2.bp.blogspot.com/-D-j_9_LZen0/WEPq4G5w5FI/AAAAAAAACXs/GTnckI3CGYQxuDMPXBzpGXDtarPK8yJ5wCLcB/s1600/note_2.PNG
3974 Source:
3975 https://id-ransomware.blogspot.co.il/2016/11/rip-ransomware.html
3976 Name: :
3977 Locked-In RansomwareÂ
3978 or
3979 NoValid
3980 Ransomware
3981 Month Detected: November 2016
3982 Decrypt Key
3983 :
3984 https://www.bleepingcomputer.com/forums/t/634754/locked-in-ransomware-help-support-restore-corupted-fileshtml/
3985 Extension Ending: .
3986 novalid
3987 Encryption: AES-256
3988 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
3989 ..
3990 Note:
3991 https://3.bp.blogspot.com/-BK_31ORE0ZY/WD284cEVoLI/AAAAAAAACWA/bU0n3MBMD8Mbgzv9bD6VLJb51Q_kr5AJgCLcB/s1600/note.jpg
3992 Source:
3993 https://id-ransomware.blogspot.co.il/2016/11/novalid-ransomware.html
3994 Name: :
3995 Chartwig
3996 RansomwareÂ
3997 Month Detected: November 2016
3998 Decrypt Key: not yet
3999 Extension Ending:
4000 n/a
4001 Encryption: AES
4002 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
4003 ..
4004 https://1.bp.blogspot.com/-0VV-OfVc7qo/WD3BYXXSYsI/AAAAAAAACWM/8_3gj1Ul4-0N9_tyXaO8nkXL2QwnBCOnACLcB/s1600/ext.jpg
4005 Note:
4006 n/a
4007 Source:
4008 https://id-ransomware.blogspot.co.il/2016/11/chartwig-ransomware.html
4009
4010
4011
4012
4013Name:
4014 Â
4015 RenLocker
4016 Ransomware
4017 (FAKE)
4018 Month Detected: November 2016
4019 Decrypt Key: not yet
4020 Extension Ending:
4021 .
4022 crypter
4023 Encryption: Rename >
4024 Ren
4025 + Locker
4026 About: It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
4027 ..
4028 The files don’t actually get encrypted, their names get changed using this formula:
4029 [www-hash-part-
4030 ]+
4031 [number]+[.
4032 crypter
4033 ]
4034 Note:
4035 https://3.bp.blogspot.com/-281TI8xvMLo/WDw2Nl72OsI/AAAAAAAACTk/nT_rL0z-Exo93FzoOXnyaFgQ7wPe0r7IgCLcB/s1600/Crypter1.jpg
4036 Source:
4037 https://id-ransomware.blogspot.co.il/2016/11/renlocker-ransomware.html
4038
4039
4040
4041
4042Name:
4043 Thanksgiving Ransomware
4044 Month Detected: November 2016
4045 Decrypt Key: not yet
4046 Extension Ending: n/a
4047 Encryption: AES
4048 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
4049 ..
4050 Note:
4051 https://4.bp.blogspot.com/-2dC_gQTed4o/WDxRSh_R-MI/AAAAAAAACT4/yWxzCcMqN_8GLjd8dOPf6Mw16mkbfALawCLcB/s1600/lblMain.png
4052 Source:
4053 https://id-ransomware.blogspot.co.il/2016/11/thanksgiving-ransomware.html
4054 This is the decrypt for a similar ransomware:
4055 https://id-ransomware.blogspot.co.il/2016/07/stampado-ransomware-1.html
4056
4057
4058
4059
4060Name:
4061 CockBlocker
4062 Ransomware
4063 Month Detected: November 2016
4064 Decrypt Key: not yet
4065 Extension Ending:
4066 .
4067 hannah
4068 Encryption:
4069 RSA
4070 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
4071 ..
4072 Note:
4073 https://1.bp.blogspot.com/--45C2Cr8sXc/WDiWLTvW-ZI/AAAAAAAACSA/JnJNRr8Kti0YqSnfhPQBF2rsFf-au1g9ACLcB/s1600/Cockblocke.gif
4074 Source:
4075 https://id-ransomware.blogspot.co.il/2016/11/cockblocker-ransomware.html
4076
4077
4078
4079
4080Name:
4081 Lomix
4082 Ransomware
4083 Month Detected: November 2016
4084 Decrypt Key: not yet
4085 Extension Ending:
4086 .encrypted
4087 Encryption:
4088 AES-256
4089 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
4090 ..
4091 Note:
4092 https://1.bp.blogspot.com/-nXv88GxxOvQ/WE1gqeD3ViI/AAAAAAAACf4/wcVwQ9Pi_JEP2iWNHoBGmeXKJFsfwmwtwCLcB/s1600/Lomix.png
4093 Source:
4094 https://id-ransomware.blogspot.co.il/2016/11/lomix-ransomware.html
4095
4096
4097
4098
4099Name:
4100 OzozaLocker
4101 Ransomware
4102 Month Detected: November 2016
4103 Decrypt Key: not yet
4104 Extension Ending:
4105 .lock
4106 ed
4107 Encryption:
4108 AES
4109 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
4110 ..
4111 https://3.bp.blogspot.com/--jubfYRaRmw/WDaOyZXkAaI/AAAAAAAACQE/E63a4FnaOfACZ07s1xUiv_haxy8cp5YCACLcB/s1600/ozoza2.png
4112 Note:
4113 https://2.bp.blogspot.com/-r-vBnl-wLwo/WDg7fHph9BI/AAAAAAAACRc/VuMxWa1nUPIGHCzhCf2AyL_uc7Z9iB6MACLcB/s1600/note_2.PNG
4114 Source:
4115 https://id-ransomware.blogspot.co.il/2016/11/ozozalocker-ransomware.html
4116
4117
4118
4119
4120Name:
4121 Crypute
4122 RansomwareÂ
4123 or
4124 m0on Ransomware
4125 Month Detected: November 2016
4126 Decrypt Key: not yet
4127 Extension Ending:
4128 .mo0n
4129 Encryption: AES
4130 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
4131 ..
4132 Note:
4133 n/a
4134 Encrypt:
4135 left
4136 top
4137 https://3.bp.blogspot.com/-8-8X7Nd1MYs/WDSZN6NIT1I/AAAAAAAACNg/ltc7ppfZZL0vWn8BV3Mk9BVrdmJbcEnpgCLcB/s1600/222.jpg
4138 Source:
4139 https://id-ransomware.blogspot.co.il/2016/11/crypute-ransomware-m0on.html
4140 https://www.bleepingcomputer.com/virus-removal/threat/ransomware/
4141
4142
4143
4144
4145Name:
4146 NMoreira
4147 RansomwareÂ
4148 or
4149 Fake
4150 Maktub
4151 Â Ransomware
4152 Month Detected: November 2016
4153 Decrypt Key:
4154 (Use translator to for the
4155 decrypter
4156 below)
4157 https://decrypter.emsisoft.com/nmoreira
4158 Extension Ending: .
4159 maktub
4160 Encryption:
4161 AES-256 + RSA
4162 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
4163 ..
4164 Note:
4165 https://4.bp.blogspot.com/-_i9AjhlvjB8/WDVuLKBnmlI/AAAAAAAACOA/xISXMTBLMbEH4PBS35DQ416woPpkuiVvQCLcB/s1600/note-2.PNG
4166 https://2.bp.blogspot.com/-4HNc9S8SY4I/WBMkpdKyDsI/AAAAAAAAB0I/udESgro7YB4pF98Dv2KrrecyymFGsvV2QCLcB/s1600/note.JPG
4167 English version:
4168 https://id-ransomware.blogspot.co.il/2016/10/airacrop-ransomware.html
4169 Source:
4170 https://id-ransomware.blogspot.co.il/2016/11/nmoreira-ransomware.html
4171
4172
4173
4174
4175Name:
4176 VindowsLocker
4177 Ransomware
4178 Month Detected: November 2016
4179 Decrypt Key:
4180 From
4181 Malwarebytes
4182 :
4183 https://malwarebytes.app.box.com/s/gdu18hr17mwqszj3hjw5m3sw84k8hlph
4184 From
4185 @TheWack0lian
4186 : (scroll down and click on
4187 decrypter
4188 @thewack0lian)
4189 https://id-ransomware.blogspot.co.il/2016/11/vindowslocker-ransomware.html
4190 Extension Ending:
4191 .
4192 vindows
4193 Encryption: AES
4194 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
4195 ..
4196 The ransom amount is 349.99$ and the hacker seems to be from India. He disguises himself as Microsoft Support.
4197 Note:
4198 https://4.bp.blogspot.com/-61DcGSFljUk/WDM2UpFZ02I/AAAAAAAACMw/smvauQCvG3IPHOtEjPP4ocGKmBhVRBv-wCLcB/s1600/lock-note.png
4199 Source:
4200 https://id-ransomware.blogspot.co.il/2016/11/vindowslocker-ransomware.html
4201
4202
4203
4204
4205Name:
4206 Donald Trump 2 Ransomware
4207 Month Detected: November 2016
4208 Decrypt Key: not yet
4209 Extension Ending:
4210 .
4211 ENCRYPTED
4212 Encryption: AES
4213 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
4214 ..
4215 Here is the original ransomware
4216 under this name:
4217 http://id-ransomware.blogspot.co.il/2016/09/donald-trump-ransomware.html
4218 Note:
4219 https://3.bp.blogspot.com/-RwJ6R-uvYg0/V-qfeRPz7GI/AAAAAAAABi8/7x4MxRP7Jp8edbTJqz4iuEye0q1u5k3pQCLcB/s1600/donald-trump-ransomware.jpg
4220 Source:
4221 http://id-ransomware.blogspot.co.il/2016/09/donald-trump-ransomware.html
4222 https://www.bleepingcomputer.com/news/security/the-donald-trump-ransomware-tries-to-build-walls-around-your-files/
4223
4224
4225
4226
4227Name:
4228 Nagini
4229 Â RansomwareÂ
4230 or
4231 Voldemort
4232 Ransomware
4233 Month Detected: November 2016
4234 Decrypt Key: not yet
4235 Extension Ending:
4236 n/a
4237 Encryption: RSA
4238 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
4239 ..
4240 Note:
4241 https://2.bp.blogspot.com/-qJHhbtoL1Y4/V-lOClxieEI/AAAAAAAABis/IbnVAY8hnmEfU8_iU1CgQ3FWeX4YZOkBACLcB/s1600/Nagini.jpg
4242 Source:
4243 http://id-ransomware.blogspot.co.il/2016/09/nagini-voldemort-ransomware.html
4244 https://www.bleepingcomputer.com/news/security/the-nagini-ransomware-sics-voldemort-on-your-files/
4245
4246
4247
4248
4249Name:
4250 ShellLocker
4251 Ransomware
4252 Month Detected: November 2016
4253 Decrypt Key: not yet
4254 Extension Ending:
4255 .l0cked
4256 Encryption: AES
4257 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
4258 ..
4259 Note:
4260 https://4.bp.blogspot.com/-0N1ZUh4WcxQ/WDCfENY1eyI/AAAAAAAACKE/_RVIxRCwedMrD0Tj9o6-ew8u3pL0Y5w8QCLcB/s1600/lock-note2.jpg
4261 Source:
4262 https://id-ransomware.blogspot.co.il/2016/11/shelllocker-ransomware.html
4263
4264
4265
4266
4267Name:
4268 Chip RansomwareÂ
4269 or
4270 ChipLocker
4271 Ransomware
4272 Month Detected: November 2016
4273 Decrypt Key: not yet
4274 Extension Ending:
4275 .CHIP
4276 Encryption: AES + RSA-512
4277 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
4278 ..
4279 Note:
4280 https://2.bp.blogspot.com/-OvB9TMJoimE/WC9QXRPFNwI/AAAAAAAACJU/iYcCC9tKvGIu4jH2bd6xLvmO7KMVVCLdgCLcB/s1600/note_2.PNG
4281 Source:
4282 https://id-ransomware.blogspot.co.il/2016/11/chip-ransomware.html
4283
4284
4285
4286
4287Name:
4288 Dharma Ransomware
4289 Month Detected: November 2016
4290 Decrypt Key:
4291 http://www.pcworld.com/article/3176592/security/free-decryption-tools-now-available-for-dharma-ransomware.html
4292 To delete the shadow files after the decryption use this code:
4293 Â
4294 vssadmin.exe
4295 vssadmin
4296 delete shadows /all /quiet
4297 Â
4298 Extension Ending:
4299 .dharma
4300 Encryption: AES + RSA-512
4301 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
4302 ..
4303 CrySiS
4304 Â > Dharma
4305 Note:
4306 ATTENTION!
4307 At the moment, your system is not protected.
4308 We can fix it and restore files.
4309 To restore the system write to this address:
4310 bitcoin143@india.com
4311 Source:
4312 https://id-ransomware.blogspot.co.il/2016/11/dharma-ransomware.html
4313
4314
4315
4316
4317Name:
4318 Angela Merkel Ransomware
4319 Month Detected: November 2016
4320 Decrypt Key: not yet
4321 Extension Ending:
4322 .
4323 angelamerkel
4324 Encryption:
4325 AES
4326 About: It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc
4327 ..
4328 Note:
4329 https://3.bp.blogspot.com/-QaJ-Z27tL7s/WDCvwYY2UVI/AAAAAAAACKg/swpf1eKf1Y8oYIK5U8gbfi1H9AQ3Q3r8QCLcB/s1600/angela-merkel.jpg
4330 Source:
4331 https://id-ransomware.blogspot.co.il/2016/11/angela-merkel-ransomware.html
4332
4333
4334
4335
4336Name:
4337 CryptoLuck
4338 Ransomware
4339 Month Detected: November 2016
4340 Decrypt Key: not yet
4341 Extension Ending:
4342 .
4343 <
4344 hex_id
4345 >_luck
4346 Encryption: AES-256 + RSA-2048
4347 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4348 The hacker spread the virus using
4349 email spam, fake updates,
4350 and harmful
4351 attachments
4352 .
4353 All your files are compromised including
4354 music, MS Office, Open Office, pictures, videos, shared online files etc
4355 ..
4356 Note:
4357 https://2.bp.blogspot.com/-skwh_-RY50s/WDK2XLhtt3I/AAAAAAAACL0/CaZ0A_fl2Zk-YZYU9g4QCQZkODpicbXpQCLcB/s1600/note_2.PNG
4358 https://4.bp.blogspot.com/-tCYSY5fpE5Q/WDLLZssImkI/AAAAAAAACMg/7TmWPW3k4jQuGIYZN_dCxcSGcY_c4po9wCLcB/s1600/note3_2.PNG
4359 Source:
4360 https://id-ransomware.blogspot.co.il/2016/11/cryptoluck-ransomware.html
4361
4362
4363
4364
4365Name:
4366 Crypton
4367 Ransomware
4368 Month Detected: November 2016
4369 Decrypt Key: not yet
4370 Extension Ending: _
4371 crypt
4372 Encryption:
4373 AES + RSA
4374 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4375 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4376 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4377 ..
4378 Note:
4379 https://4.bp.blogspot.com/-2fAMkigwn4E/WCs1vKiB9UI/AAAAAAAACIs/_kgk8U9wfisV0MTYInIbArwL8zgLyBDIgCLcB/s1600/note-eng.png
4380 Source:
4381 https://id-ransomware.blogspot.co.il/2016/11/crypton-ransomware.html
4382
4383
4384
4385
4386Name:
4387 Karma Ransomware
4388 Month Detected: November 2016
4389 Decrypt Key: not yet
4390 Extension Ending:
4391 .karma
4392 Encryption:
4393 AES
4394 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4395 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4396 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4397 ..
4398 Note:
4399 https://www.bleepstatic.com/images/news/ransomware/k/karma-ransomware/ransom-note.png
4400 Source:
4401 https://id-ransomware.blogspot.co.il/2016/11/karma-ransomware.html
4402 https://www.bleepingcomputer.com/news/security/researcher-finds-the-karma-ransomware-being-distributed-via-pay-per-install-network/
4403 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-18th-2016-crysis-cryptoluck-chip-and-more/
4404
4405
4406
4407
4408Name:
4409 WickedLocker
4410 HT RansomwareÂ
4411 Month Detected: November 2016
4412 Decrypt Key: not yet
4413 Extension Ending:
4414 .locked
4415 Encryption: AES
4416 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4417 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4418 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4419 ..
4420 Note:
4421 https://2.bp.blogspot.com/-CTLT300bjNk/WCg9mrJArSI/AAAAAAAACGk/weWSqTMVS9AXdxJh_SA06SOH4kh2VGW1gCLcB/s1600/note_2.PNG.png
4422 Source:
4423 https://id-ransomware.blogspot.co.il/2016/11/wickedlocker-ht-ransomware.html
4424
4425
4426
4427
4428Name:
4429 PClock3Â RansomwareÂ
4430 or
4431 PClock
4432 SuppTeam
4433 Â RansomwareÂ
4434 Month Detected: November 2016
4435 Decrypt Key: not yet
4436 Extension Ending: .locked
4437 Encryption: AES
4438 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4439 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4440 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4441 ..
4442 Note:
4443 Source:
4444 https://www.bleepingcomputer.com/news/security/old-cryptolocker-copycat-named-pclock-resurfaces-with-new-attacks/
4445 https://id-ransomware.blogspot.co.il/2016/11/suppteam-ransomware-sysras.html
4446 http://researchcenter.paloaltonetworks.com/2015/09/updated-pclock-ransomware-still-comes-up-short/
4447
4448
4449
4450
4451Name:
4452 Â
4453 Kolobo
4454 Ransomware
4455 or
4456 Kolobocheg
4457 Ransomware
4458 Month Detected: November 2016
4459 Decrypt Key:
4460 Contact someone on this forum
4461 https://support.drweb.com/new/free_unlocker/for_decode/?lng=en
4462 Extension Ending:
4463 .kolobocheg@aol.com_
4464 Encryption:
4465 XOR and
4466 RSA
4467 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4468 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4469 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4470 ..
4471 Note:
4472 https://www.ransomware.wiki/tag/kolobo/
4473 Source:
4474 https://www.ransomware.wiki/tag/kolobo/
4475 https://id-ransomware.blogspot.co.il/2016/11/kolobo-ransomware.html
4476 https://forum.drweb.com/index.php?showtopic=315142
4477
4478
4479
4480
4481Name:
4482 PaySafeGen
4483 (German) Ransomware
4484 Month Detected: November 2016
4485 Decrypt Key: not yet
4486 Extension Ending:
4487 .cry_
4488 Encryption: AES
4489 -256
4490 This
4491 is most likely to affect German
4492 speaking users, sinc
4493 e the note is written in German
4494 .
4495 Mostly affects users in German speaking countries.
4496 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4497 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4498 ..
4499 Note:
4500 https://3.bp.blogspot.com/-r2kaNLjBcEk/WCNCqrpHPZI/AAAAAAAACEE/eFSWuu4mUZoDV5AnduGR4KxHlFM--uIzACLcB/s1600/lock-screen.png
4501 Source:
4502 https://id-ransomware.blogspot.co.il/2016/11/paysafegen-german-ransomware.html
4503 Name:
4504 :
4505 Â
4506 iRansom
4507 Ransomware
4508 Month Detected: November 2016
4509 Decrypt Key: not yet
4510 Extension Ending: .locked
4511 Encryption: AES
4512 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4513 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4514 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4515 ..
4516 Note:
4517 Source:
4518 https://id-ransomware.blogspot.co.il/2016/11/iransom-ransomware.html
4519
4520
4521
4522
4523Name:
4524 Â
4525 Telecrypt
4526 Â Ransomware
4527 Month Detected: November 2016
4528 Decrypt Key:
4529 https://malwarebytes.app.box.com/s/kkxwgzbpwe7oh59xqfwcz97uk0q05kp3
4530 Extension Ending:
4531 .
4532 Xcri
4533 Telecrypt
4534 will generate a random string to encrypt the files that is between 10-20 length and only contain the letters
4535 vo
4536 ,pr,bm,xu,zt,dq
4537 .
4538 Encryption: AES
4539 This
4540 is most likely to affect Russian
4541 speaking users, sinc
4542 e the note is written in Russian
4543 .
4544 Therefore, residents of Russian speaking country are affected.
4545 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4546 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4547 ..
4548 The
4549 ransomware’s
4550 authors would request around $75 from their victims to provide them with a
4551 decryptor
4552 (payments are accepted via Russian payment services
4553 Qiwi
4554 or
4555 Yandex.Money
4556 ). Right from the start, however, researchers suggested that
4557 TeleCrypt
4558 was written by cybercriminals without advanced skills.
4559 Note:
4560 https://4.bp.blogspot.com/-UFksnOoE4Ss/WCRUNbQuqyI/AAAAAAAACFI/Gs3Gkby335UmiddlYWJDkw8O-BBLt-BlQCLcB/s1600/telegram_rans.gif
4561 Source:
4562 https://id-ransomware.blogspot.co.il/2016/11/telecrypt-ransomware.html
4563 https://blog.malwarebytes.com/threat-analysis/2016/11/telecrypt-the-ransomware-abusing-telegram-api-defeated/
4564 http://www.securityweek.com/telecrypt-ransomwares-encryption-cracked
4565
4566
4567
4568
4569Name:
4570 Â
4571 CerberTear
4572 Ransomware
4573 Month Detected: November 2016
4574 Decrypt Key: not yet
4575 Extension Ending:
4576 .
4577 cerber
4578 Encryption: AES
4579 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4580 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4581 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4582 ..
4583 Note:
4584 https://4.bp.blogspot.com/-ftA6aPEXwPM/WCDY3IiSq6I/AAAAAAAACCU/lnH25navXDkNccw5eQL9fkztRAeIqDYdQCLcB/s1600/note111.png
4585 Source:
4586 https://id-ransomware.blogspot.co.il/2016/11/cerbertear-ransomware.html
4587 https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/november-2016-month-ransomware/
4588
4589
4590
4591
4592Name:
4593 Â
4594 FuckSociety
4595 Ransomware
4596 Month Detected: November 2016
4597 Decrypt Key: not yet
4598 Extension Ending:
4599 .
4600 dll
4601 Encryption: RSA-4096
4602 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4603 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4604 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4605 ..
4606 Hidden Tear >>Â
4607 APT Ransomware
4608 Â +Â
4609 HYPERLINK "https://id-ransomware.blogspot.ru/2016/05/remindme-ransomware-2.html" \t "_blank"
4610 RemindMe
4611 Â >
4612 FuckSociety
4613 Â
4614 Note:
4615 Source:
4616 https://id-ransomware.blogspot.co.il/2016/11/fucksociety-ransomware.html
4617
4618
4619
4620
4621Name:
4622 Â
4623 PayDOS
4624 RansomwareÂ
4625 or
4626 Serpent Ransomware
4627 Month Detected: November 2016
4628 Decrypt Key: not yet
4629 Extension Ending: .
4630 dng
4631 Encryption:
4632 AES
4633 About:
4634 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4635 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4636 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4637 ..
4638 Note:
4639 Source:
4640 https://id-ransomware.blogspot.co.il/2016/11/paydos-ransomware-serpent.html
4641 https://www.bleepingcomputer.com/news/security/ransomware-goes-retro-with-paydos-and-serpent-written-as-batch-files/
4642 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-4th-2016-cerber-paydos-alcatraz-locker-and-more/
4643
4644
4645
4646
4647Name:
4648 Â
4649 zScreenLocker
4650 Ransomware
4651 Month Detected: November 2016
4652 Decrypt Key: not yet
4653 Extension Ending: .
4654 dng
4655 Encryption: AES
4656 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4657 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4658 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4659 ..
4660 Note:
4661 Source:
4662 https://id-ransomware.blogspot.co.il/2016/11/zscreenlocker-ransomware.html
4663 https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/november-2016-month-ransomware/
4664 https://twitter.com/struppigel/status/794077145349967872
4665
4666
4667
4668
4669Name:
4670 Â
4671 Gremit
4672 Â Ransomware
4673 Month Detected: November 2016
4674 Decrypt Key: not yet
4675 Extension Ending: .
4676 rnsmwr
4677 Encryption: AES
4678 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4679 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4680 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4681 ..
4682 Note:
4683 https://www.bleepstatic.com/images/news/columns/week-in-ransomware/11-4-16/CwZubUHW8AAE4qi[1].jpg
4684 Source:
4685 https://id-ransomware.blogspot.co.il/2016/11/gremit-ransomware.html
4686 https://twitter.com/struppigel/status/794444032286060544
4687 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-4th-2016-cerber-paydos-alcatraz-locker-and-more/
4688
4689
4690
4691
4692Name:
4693 Â
4694 Hollycrypt
4695 Ransomware
4696 Month Detected: November 2016
4697 Decrypt Key: not yet
4698 Extension Ending:
4699 .
4700 hollycrypt
4701 Encryption: AES
4702 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4703 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4704 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4705 ..
4706 Note:
4707 https://1.bp.blogspot.com/-PdtXGwSTn24/WBxIoomzF4I/AAAAAAAAB-U/lxTwKWc7T9MJhUtcRMh1mn9m_Ftjox9XwCLcB/s1600/note_2.PNG
4708 Source:
4709 https://id-ransomware.blogspot.co.il/2016/11/hollycrypt-ransomware.html
4710
4711
4712
4713
4714Name:
4715 Â
4716 BTCLocker
4717 RansomwareÂ
4718 or
4719 BTC Ransomware
4720 Month Detected: November 2016
4721 Decrypt Key: not yet
4722 Extension Ending:
4723 .BTC
4724 Encryption: AES
4725 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4726 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4727 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4728 ..
4729 Note:
4730 https://4.bp.blogspot.com/--7M0dtKhOio/WBxJx1PflYI/AAAAAAAAB-g/DSdMjLDLnVwwaMBW4H_98SzSJupLYm9WgCLcB/s1600/note_2.PNG
4731 Source:
4732 https://id-ransomware.blogspot.co.il/2016/11/btclocker-ransomware.html
4733
4734
4735
4736
4737Name:
4738  Kangaroo Ransomware
4739 Month Detected: November 2016
4740 Decrypt Key:
4741 https://www.bleepingcomputer.com/forums/t/632803/kangaroo-decryption-software/
4742 Extension Ending: .
4743 crypted_file
4744 Encryption: AES
4745 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4746 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4747 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4748 ..
4749 Note:
4750 https://1.bp.blogspot.com/-1jyI1HoqJag/WBzj9SLvipI/AAAAAAAAB_U/_sp8TglWEPQphG8neqrztfUUIjcBbVhDwCLcB/s1600/kangaroo-lock_2.png
4751 Source:
4752 https://id-ransomware.blogspot.co.il/2016/11/kangaroo-ransomware.html
4753 https://www.bleepingcomputer.com/news/security/the-kangaroo-ransomware-not-only-encrypts-your-data-but-tries-to-lock-you-out-of-windows/
4754
4755
4756
4757
4758Name:
4759 Â
4760 DummyEncrypter
4761 RansomwareÂ
4762 Month Detected: November 2016
4763 Decrypt Key: not yet
4764 Extension Ending:
4765 .
4766 dCrypt
4767 Encryption: AES
4768 -256
4769 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4770 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4771 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4772 ..
4773 Note:
4774 https://4.bp.blogspot.com/-2rS0Yq27wp0/WBtKfupZ2sI/AAAAAAAAB8I/0MR-9Xx0n-0zV_NBSScDCiYTp1KH-edtACLcB/s1600/Lockscreen_2.png
4775 Source:
4776 https://id-ransomware.blogspot.co.il/2016/11/dummyencrypter-ransomware.html
4777
4778
4779
4780
4781Name:
4782 Encryptss77 RansomwareÂ
4783 or
4784 SFX Monster Ransomware
4785 Month Detected: November 2016
4786 Decrypt Key: not yet
4787 Extension Ending: .
4788 dCrypt
4789 Encryption: AES-256
4790 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4791 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4792 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4793 ..
4794 Note:
4795 YOUR FILES ARE ENCRYPTED
4796 THAT THEIR DECRYPT
4797 SEND EMAIL US AT encryptss77@gmail.com
4798 IN MESSAGE INDICATE IP ADDRESS OF COMPUTER
4799 WHERE YOU SAW THIS MESSAGE
4800 YOU CAN FIND IT ON 2IP.RU
4801 WE WILL REPLY TO YOU WITHIN 24 HOURS
4802 Source:
4803 http://virusinfo.info/showthread.php?t=201710
4804 https://id-ransomware.blogspot.co.il/2016/11/encryptss77-ransomware.html
4805
4806
4807
4808
4809Name:
4810 WinRarer
4811 Ransomware
4812 Month Detected: November 2016
4813 Decrypt Key: not yet
4814 Extension Ending:
4815 .ace
4816 Encryption: AES-256
4817 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4818 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4819 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4820 ..
4821 Note:
4822 https://4.bp.blogspot.com/-zb0TP0wza7I/WBpShN0tCMI/AAAAAAAAB64/oTkSFwKFVx8hY1rEs5FQU6F7oaBW-LqHwCLcB/s1600/note_2.png
4823 Source:
4824 https://id-ransomware.blogspot.co.il/2016/11/winrarer-ransomware.html
4825
4826
4827
4828
4829Name:
4830 Russian Globe Ransomware
4831 Month Detected: November 2016
4832 Decrypt Key: not yet
4833 Extension Ending:
4834 .
4835 blackblock
4836 Encryption: AES-256
4837 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4838 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4839 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4840 ..
4841 Note:
4842 YOUR FILES HAVE BEEN ENCRYPTED!
4843 Your
4844 personal ID
4845 *****
4846 Your
4847 file have
4848 been encrypted with a powerful strain of a virus called ransomware.
4849 Your files are encrypted using the same methods banks and the military use. There is currently no possible way to decrypt files with the private key.
4850 Lucky for you, we can help. We are willing to sell you a
4851 decryptor
4852 UNIQUELY made for your computer (meaning someone else's
4853 decryptor
4854 will not work for you). Once you pay a small fee, we will instantly send you the software/info necessary to decrypt all your files, quickly and easily.
4855 Source:
4856 https://id-ransomware.blogspot.co.il/2016/11/russian-globe-ransomware.html
4857
4858
4859
4860
4861Name:
4862 ZeroCrypt
4863 Ransomware
4864 Month Detected: November 2016
4865 Decrypt Key: not yet
4866 Extension Ending: .
4867 zn2016
4868 Encryption: AES-256
4869 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4870 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4871 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4872 ..
4873 Note:
4874 https://1.bp.blogspot.com/-0AGEY4vAlA0/WBi_oChzFNI/AAAAAAAAB4w/8PrPRfFU30YFWCwHzqnsx4bYISVNFyesQCLcB/s1600/note.PNG
4875 Source:
4876 https://id-ransomware.blogspot.co.il/2016/11/zerocrypt-ransomware.html
4877
4878
4879
4880
4881Name:
4882 RotorCrypt
4883 (
4884 RotoCrypt
4885 , Tar) Ransomware
4886 Month Detected: October 2016
4887 Decrypt Key: not yet
4888 Extension Ending:
4889 .c400 or .c300
4890 Encry
4891 ption: RSA
4892 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4893 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4894 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4895 ..
4896 Note:
4897 Good day
4898 Your files were
4899 encrypted/locked
4900 As evidence can decrypt file 1 to 3 1-30MB
4901 The price of the transcripts of all the files on the server: 7
4902 Bitcoin
4903 Recommend to solve the problem quickly and not to delay
4904 Also give advice on how to protect
4905 Your
4906 server against threats from the network
4907 (Files
4908 sql
4909 mdf
4910 backup decryption strictly after payment)!
4911 Source:
4912 https://id-ransomware.blogspot.co.il/2016/10/rotorcrypt-ransomware.html
4913
4914
4915
4916
4917Name:
4918 Ishtar Ransomware
4919 Month Detected: October 2016
4920 Decrypt Key: not yet
4921 Extension Ending: Â
4922 ISHTAR-Â
4923 .
4924 (prefix)
4925 Encry
4926 ption:
4927 AES-256 + RSA-2048
4928 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4929 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4930 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4931 ..
4932 Link to sample decryption:
4933 https://1.bp.blogspot.com/-ysnFbC0yyqE/WDhJ2rl_xoI/AAAAAAAACRw/yY4ndxziiOwQ8a5U1imlqFMJvJ3MSaSUwCLcB/s1600/ishtar-doc.gif
4934 Note:
4935 FOR FILE DISCRIPTION, PLEASE CONTACT YOU@edtonmail@protonmail.com
4936 Â Or
4937 Â BM-NBYR3ctSgr67iciT43rRNmHdHPAYBBK7 USING BITMESSAGE DESKTOP OR https://bitmsg.me/
4938 Â BASIC TECHNICAL DETAILS:
4939 Â > Standard encryption order: AES 256 + RSA 2048.
4940 Â > A unique AES key is created for each file.
4941 Â > Decryption is impossible without the ISHTAR.DATA file (see% APPDATA% directory).
4942 Â -----
4943 Â TO DECRYPT YOUR FILES PLEASE WRITE TO youneedmail@protonmail.com
4944 Â OR TO
4945 Â BM-NBYR3ctSgr67iciT43rRNmHdHPAYBBK7 USING BITMESSAGE DESKTOP OR https://bitmsg.me/
4946 Â BASIC TECHNICAL DETAILS:
4947 Â >
4948 Standart
4949 encryption routine: AES 256 + RSA 2048.
4950 Â > Every AES key is unique per file.
4951 Â > Decryption is impossible without ISHTAR.DATA file (see% APPDATA% path).
4952 Source:
4953 https://id-ransomware.blogspot.co.il/2016/10/ishtar-ransomware.html
4954
4955
4956
4957
4958Name:
4959 MasterBuster
4960 Ransomware
4961 Month Detected: October 2016
4962 Decrypt Key: not yet
4963 Extension Ending: Â
4964 .
4965 hcked
4966 Encryption:
4967 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4968 The hacker spread the virus using email spam, fake updates, and harmful attachments.
4969 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
4970 ..
4971 Note:
4972 IMPORTANT!!!!
4973 All of your computer files have been encrypted.
4974 DO NOT CHANGE ANY FILES!
4975 We can restore all the files.
4976 How to restore files: -
4977 1) Follow this link:
4978 - http://goo.gl/forms/VftoBRppkJ
4979 2) Fill out the form above.
4980 3) For 24 hours on your email + mobile SMS will come instructions for solving the problem.
4981 Thank you!
4982 DarkWing020
4983 https://3.bp.blogspot.com/-gqEyoqXbZnE/WBXoF5bPZZI/AAAAAAAAB2U/YGpgIdjXyQQeDnwc9PlJs37YWtWTnH_wgCLcB/s1600/note.jpg
4984 Source:
4985 https://id-ransomware.blogspot.co.il/2016/10/masterbuster-ransomware.html
4986
4987
4988
4989
4990Name:
4991 JackPot
4992 Ransomware
4993 Month Detected: October 2016
4994 Decrypt Key: not yet
4995 Extension Ending: Â
4996 .coin
4997 Encryption:
4998 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
4999 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5000 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5001 ..
5002 Note:
5003 https://3.bp.blogspot.com/-oaElZvUqbfo/WBUOGdD8unI/AAAAAAAAB1w/Ya1_qq0gfa09AhRddUITQNRxKloXgD_BwCLcB/s1600/wallp.jpg
5004 Source:
5005 https://id-ransomware.blogspot.co.il/2016/10/jackpot-ransomware.html
5006 https://twitter.com/struppigel/status/791639214152617985
5007 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28-2016-locky-angry-duck-and-more/
5008
5009
5010
5011
5012Name:
5013 ONYX
5014 Ransomeware
5015 Month Detected: October 2016
5016 Decrypt Key: not yet
5017 Extension Ending
5018 : Â
5019 .
5020 Encryption:
5021 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5022 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5023 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5024 ..
5025 Note:
5026 All your files are encrypted
5027 ,
5028 but do not worry, they have not been removed. (
5029 for
5030 now)
5031 You have 24 hours to pay $100.
5032 Money
5033 move
5034 to the specified
5035 Bitcoin
5036 -account.
5037 Otherwise, all files will be destroyed.
5038 Do not turn off the computer and/or do not attempt to disable me.
5039 When disobedience will be deleted 100 files.
5040 https://1.bp.blogspot.com/-cukkC4KAhZE/WBY1jJbcQoI/AAAAAAAAB3I/p8p-iNQRnQwnP6c6H77h_SHMQNAlkJ1CgCLcB/s1600/onyx.jpg
5041 Source:
5042 https://id-ransomware.blogspot.co.il/2016/10/onyx-ransomware.html
5043 https://twitter.com/struppigel/status/791557636164558848
5044 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28-2016-locky-angry-duck-and-more/
5045
5046
5047
5048
5049Name:
5050 IFN643 Ransomware
5051 Month Detected: October 2016
5052 Decrypt Key: not yet
5053 Extension Ending: Â .
5054 inf643
5055 Encryption:
5056 AES
5057 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5058 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5059 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5060 ..
5061 Note:
5062 https://4.bp.blogspot.com/-JuBZKpEHV0Q/WBYNHFlW7pI/AAAAAAAAB20/z0DPYA_8l6U8tB6pbgo8ZwyIJRcrIVy2ACLcB/s1600/Note1.JPG
5063 Source:
5064 https://id-ransomware.blogspot.co.il/2016/10/ifn643-ransomware.html
5065 https://twitter.com/struppigel/status/791576159960072192
5066 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28-2016-locky-angry-duck-and-more/
5067
5068
5069
5070
5071Name:
5072 Alcatraz Locker Ransomware
5073 Month Detected: October 2016
5074 Decrypt Key: not yet
5075 Extension Ending: Â .
5076 Alcatraz
5077 Encryption: AES
5078 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5079 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5080 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5081 ..
5082 Note:
5083 https://3.bp.blogspot.com/-b0-Uvnz703Q/WBcMGkZqtwI/AAAAAAAAB3Y/a6clIjdp_tI2T-OE_ykyjvB2qNY3gqWdQCLcB/s1600/Screenshot_1.jpg
5084 https://2.bp.blogspot.com/-y5a6QnjAiv0/WBcMKV0zDDI/AAAAAAAAB3c/ytOQHJgmy30H_jEWPcfht7RRsh4NhcrvACLcB/s1600/Screenshot_2.jpg
5085 Source:
5086 https://id-ransomware.blogspot.co.il/2016/10/alcatraz-locker-ransomware.html
5087 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-4th-2016-cerber-paydos-alcatraz-locker-and-more/
5088 https://twitter.com/PolarToffee/status/792796055020642304
5089
5090
5091
5092
5093Name:
5094 Esmeralda Ransomware
5095 Month Detected: October 2016
5096 Decrypt Key: not yet
5097 Extension Ending: Â .
5098 encrypted
5099 Encryption: AES
5100 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5101 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5102 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5103 ..
5104 Note:
5105 Windows has encountered a critical problem and needs your immediate action to recover your data. The system access is locked and all the data have been encrypted to avoid the information be published or misused. You will not be able to access to your files and ignoring this message may cause the total loss of the data. We are sorry for the inconvenience.
5106 You need to contact the email below to restore the data of your system.
5107 Email: esmeraldaencryption@mail.ru
5108 You will have to order the Unlock-Password and the Esmeralda Decryption Software. All the instructions will be sent to you by email.
5109 https://2.bp.blogspot.com/-vaWu8OjSiXE/WBzkLBdB8DI/AAAAAAAAB_Y/k8vvtYEIdTkFJhruRJ6qDNAujAn4Ph-xACLcB/s1600/esmeralda-lock_2.png
5110 Source:
5111 https://id-ransomware.blogspot.co.il/2016/10/esmeralda-ransomware.html
5112 https://www.bleepingcomputer.com/forums/t/630835/esmeralda-ransomware/
5113
5114
5115
5116
5117Name:
5118 EncrypTile
5119 Ransomware
5120 Month Detected: October 2016
5121 Decrypt Key: not yet
5122 Extension Ending: Â .
5123 encrypted
5124 Encryption: AES
5125 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5126 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5127 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5128 ..
5129 Note:
5130 https://2.bp.blogspot.com/-_jxt6kCRnwM/WBNf7mi92nI/AAAAAAAAB0g/homx8Ly379oUKAOIhZU6MxCiWX1gA_TkACLcB/s1600/wallp.jpg
5131 Source:
5132 https://id-ransomware.blogspot.co.il/2016/10/encryptile-ransomware.html
5133
5134
5135
5136
5137Name:
5138 Fileice
5139 Ransomware
5140 Survey Ransomware
5141 Month Detected: October 2016
5142 Decrypt Key: not yet
5143 Extension Ending: Â .
5144 encrypted
5145 Encryption: AES
5146 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5147 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5148 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5149 ..
5150 Sample of how the hacker tricks the user using the survey method.
5151 https://1.bp.blogspot.com/-72ECd1vsUdE/WBMSzPQEgzI/AAAAAAAABzA/i8V-Kg8Gstcn_7-YZK__PDC2VgafWcfDgCLcB/s1600/survey-screen.png
5152 The hacker
5153 definatly
5154 has a sense of humor:
5155 https://1.bp.blogspot.com/-2AlvtcvdyUY/WBMVptG_V5I/AAAAAAAABzc/1KvAMeDmY2w9BN9vkqZO8LWkBu7T9mvDACLcB/s1600/ThxForYurTyme.JPG
5156 Note:
5157 https://3.bp.blogspot.com/-GAPCc3ITdQY/WBMTmJ4NaRI/AAAAAAAABzM/XPbPZvZ8vbUrOWxtwPmfHFJiNT_2gfaOgCLcB/s1600/fileice-source.png
5158 Source:
5159 https://id-ransomware.blogspot.co.il/2016/10/fileice-ransomware-survey.html
5160 More info in English:
5161 https://www.bleepingcomputer.com/news/security/in-dev-ransomware-forces-you-do-to-survey-before-unlocking-computer/
5162
5163
5164
5165
5166Name:
5167 CryptoWire
5168 Ransomeware
5169 Month Detected: October 2016
5170 Decrypt Key: not yet
5171 Extension Ending: Â .
5172 encrypted
5173 Encryption: AES
5174 -256
5175 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5176 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5177 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5178 ..
5179 Note:
5180 https://4.bp.blogspot.com/-vIMgkn8WVJM/WBJAxkbya7I/AAAAAAAABys/tCpaTOxfGDw8A611gudDh46mhZT70dURwCLcB/s1600/lock-screen.jpg
5181 https://1.bp.blogspot.com/-b0QiEQec0Pg/WBMf2HG6hjI/AAAAAAAABz8/BtN2-INZ2KQ4W2_iPqvDZTtlA0Aq_4gVACLcB/s1600/Screenshot_2.jpg
5182 Source:
5183 https://id-ransomware.blogspot.co.il/2016/10/cryptowire-ransomware.html
5184
5185
5186
5187
5188Name:
5189 Hucky
5190 Ransomware or
5191 Hungarian
5192 Locky
5193 Ransomware
5194 Month Detected: October 2016
5195 Decrypt Key: not yet
5196 Extension Ending: Â .
5197 locky
5198 Encryption: AES-128+RSA
5199 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5200 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5201 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5202 ..
5203 Note:
5204 https://1.bp.blogspot.com/-lLZZBScC27U/WBmkDQzl9FI/AAAAAAAAB5Y/gozOy17Yv0EWNCQVSOXn-PkTccYZuMmPQCLcB/s1600/note-bmp_2.png
5205 !!! IMPORTANT
5206 INFORMATION !!!!
5207 All files are encrypted using RSA-3072 and AES128 encryption.
5208 You can learn more about RSA and AES ciphers here:
5209 Https://hu.wikipedia.org/wiki/RSA-eljárás
5210 Https://hu.wikipedia.org/wiki/Advanced_Encryption_Standard
5211 To return files, you need to get a secret key and decryption program.
5212 To get the key, please follow these steps:
5213 1. Send an identification code to the email address locky@mail2tor.com!
5214 If you want, send a 1 MB file for decryption.
5215 In order to prove that we can recover data.
5216 (Please, email must contain only the identification code, as well as the attachment)
5217 3. Please note, check the mail, we will send you an email within 24 hours!
5218 You will receive a decrypted file and decryption program in the attachment.
5219 Follow the instructions in the email.
5220 !!! Your identification
5221 code !!!
5222 Source:
5223 https://id-ransomware.blogspot.co.il/2016/10/hucky-ransomware-hungarian-locky.html
5224
5225
5226
5227
5228Name:
5229 Winnix
5230 Cryptor
5231 Ransomware
5232 Month Detected: October 2016
5233 Decrypt Key: not yet
5234 Extension Ending: Â .
5235 wnx
5236 Encryption:
5237 AES
5238 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5239 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5240 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5241 ..
5242 Note:
5243 Your files are encrypted!
5244 Your files have been safely encrypted on this PC: photos, documents, databases, etc. Encryption was produced using a unique public key generated for this computer. To decrypt files you need to obtain the private key.
5245 The only way to get the private key is to pay 4 BTC. You saved it on qualified system administrator who could make your network safe and secure.
5246 In order to decrypt the files send your
5247 bitcoins
5248 to the following address:
5249 13gYXFxpzm7hAd4esdnJGt9JvYqyD1Y6by
5250 After you complete your payment, send an email to 6214ssxpvo@sigaint.org with YOUR ID as subject (ID is in the end of the file) and you'll receive private key, needed software and step by step guide in 1 business day.
5251 Offer is valid for 5 business days (expiration date is in the end of the file). AFTER TIME IS UP, PRICE DOUBLES.
5252 No discounts, no other payment methods.
5253 How to buy
5254 bitcoins
5255 ?
5256 1. Create a
5257 Bitcoin
5258 Wallet (we recommend Blockchain.info)
5259 2. Buy necessary amount of
5260 Bitcoins
5261 Do not forget about the transaction commission in the
5262 Bitcoin
5263 network (= 0.0005).
5264 Here are our recommendations:
5265 LocalBitcoins.com – the fastest and easiest way to buy and sell
5266 Bitcoins
5267 ;
5268 CoinCafe.com – the simplest and fastest way to buy, sell and use
5269 Bitcoins
5270 ;
5271 BTCDirect.eu – the best for Europe;
5272 CEX.IO – Visa / MasterCard;
5273 CoinMama.com – Visa / MasterCard;
5274 HowToBuyBitcoins.info – discover quickly how to buy and sell
5275 bitcoins
5276 in your local currency.
5277 More questions?
5278 Send an email to 6214ssxpvo@sigaint.org
5279 ID: ***
5280 EXP DATE: Sept. 12 2016
5281 Winnix
5282 Cryptor
5283 Team
5284 Source:
5285 https://id-ransomware.blogspot.co.il/2016/10/winnix-cryptor-ransomware.html
5286
5287
5288
5289
5290Name:
5291 AngryDuck
5292 Ransomware
5293 Month Detected: October 2016
5294 Decrypt Key: not yet
5295 Extension Ending: Â .
5296 adk
5297 Encryption: AES
5298 -512
5299 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5300 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5301 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5302 ..
5303 Note:
5304 https://3.bp.blogspot.com/-k3s85Fx9N_E/WBIfuUNTMmI/AAAAAAAAByM/rQ10tKuXTlEJfLTOoBwJPo7rhhaiK2OoQCLcB/s1600/screen-lock.jpg
5305 ANGRY DUCK!
5306 All your important files have been encrypted using very string cryptography (AES-512
5307 With
5308 RSA-64 FIPS grade encryption).
5309 To recover your files, send 10 BTC to my private wallet
5310 DON'T MESS WITH THE DUCKS!!!
5311 Source:
5312 https://id-ransomware.blogspot.co.il/2016/10/angryduck-ransomware.html
5313
5314
5315
5316
5317Name:
5318 Lock93 Ransomware
5319 Month Detected: October 2016
5320 Decrypt Key: not yet
5321 Extension Ending: Â .
5322 lock93
5323 Encryption: AES-512
5324 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5325 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5326 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5327 ..
5328 Note:
5329 https://3.bp.blogspot.com/-WuD2qaaNIb0/WA4_g_FnIfI/AAAAAAAABx4/pn6VNqMXMzI_ryvKUruY3ctYtzomT1I4gCLcB/s1600/note3.jpg
5330 https://1.bp.blogspot.com/-S6M83oFxSdM/WA4_ak9WATI/AAAAAAAABx0/3FL3q21FdxMQvAgrr2FORQIaNtq2-P2jACLcB/s1600/note2.jpg
5331 Source:
5332 https://id-ransomware.blogspot.co.il/2016/10/lock93-ransomware.html
5333
5334
5335
5336
5337Name:
5338 ASN1 Encoder Ransomware
5339 Month Detected: October 2016
5340 Decrypt Key: not yet
5341 To delete the shadow files:
5342 vssadmin.exe
5343 delete
5344 shadows /all /quiet
5345 Extension Ending: Â
5346 Encryption: AES-512
5347 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5348 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5349 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5350 ..
5351 Note:
5352 https://2.bp.blogspot.com/-5gZpxeEWqZg/WBeNnEP9GzI/AAAAAAAAB4g/ELCCp88whLMI6CzpGTjlxbmXBMFIKhwtwCLcB/s1600/onion-site.JPG
5353 Source:
5354 https://id-ransomware.blogspot.co.il/2016/10/asn1-encoder-ransomware.html
5355
5356
5357
5358
5359Name:
5360 Click Me Ransomware
5361 Month Detected: October 2016
5362 Decrypt Key: not yet
5363 Extension Ending: Â .hacked
5364 Encryption: AES
5365 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5366 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5367 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5368 ..
5369 The hacker tries to get the user to play a game and when the user clicks the button
5370 , there is no game, just 20 pictures in a .gif below:
5371 https://3.bp.blogspot.com/-1zgO3-bBazs/WAkPYqXuayI/AAAAAAAABxI/DO3vycRW-TozneSfRTdeKyXGNEtJSMehgCLcB/s1600/all-images.gif
5372 Note:
5373 All right my dear brother!!!
5374 Enough free playing. Your files have been encrypted. Pay so much this much money so I can send you the password for your files.
5375 I can be paid this much too cause I am very kind.
5376 So move on I didn't raise the price.
5377 Source:
5378 https://id-ransomware.blogspot.co.il/2016/10/click-me-ransomware.html
5379
5380
5381
5382
5383Name:
5384 AiraCrop
5385 Ransomware
5386 Month Detected: October 2016
5387 Decrypt Key:
5388 https://decrypter.emsisoft.com/nmoreira
5389 Extension Ending: Â .hacked
5390 Encryption:
5391 AES-256 &
5392 RSA-2048
5393 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5394 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5395 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5396 ..
5397 Note:
5398 https://2.bp.blogspot.com/-4HNc9S8SY4I/WBMkpdKyDsI/AAAAAAAAB0I/udESgro7YB4pF98Dv2KrrecyymFGsvV2QCLcB/s1600/note.JPG
5399 Source:
5400 https://id-ransomware.blogspot.co.il/2016/10/airacrop-ransomware.html
5401
5402
5403
5404
5405Name:
5406 JapanLocker
5407 RansomwareÂ
5408 &
5409 SHC Ransomware,Â
5410 SHCLocker
5411 Month Detected: October 2016
5412 Decrypt Key:
5413 https://github.com/fortiguard-lion/schRansomwareDecryptor/blob/master/schRansomwarev1_decryptor.php
5414 Extension Ending: Â
5415 #LOCK#
5416 Encryption: AES-256 & RSA-2048
5417 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5418 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5419 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5420 ..
5421 Note:
5422 https://2.bp.blogspot.com/-sdlDK4OIuPA/WAehWZYHaMI/AAAAAAAABvc/TcAcLG2lw10aOFY3FbP1A5EuLjL6LR62ACLcB/s1600/note.jpg
5423 Source:
5424 https://id-ransomware.blogspot.co.il/2016/10/japanlocker-ransomware.html
5425 https://www.cyber.nj.gov/threat-profiles/ransomware-variants/japanlocker
5426
5427
5428
5429
5430Name:
5431 Anubis Ransomware
5432 Month Detected: October 2016
5433 Decrypt Key:
5434 not yet
5435 Extension Ending: Â
5436 .coded
5437 Encryption:
5438 AES
5439 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5440 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5441 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5442 ..
5443 Note:
5444 https://4.bp.blogspot.com/-0YMsPH5WuTk/WAepI4BnqZI/AAAAAAAABv0/yXt4tdrmmAIf-N9KUmehY6mK1kTV-eFFQCLcB/s1600/note-wal2.jpg
5445 Source:
5446 https://id-ransomware.blogspot.co.il/2016/10/anubis-ransomware.html
5447
5448
5449
5450
5451Name:
5452 XTPLocker
5453 5.0 Ransomware
5454 Month Detected: October 2016
5455 Decrypt Key: not yet
5456 Extension Ending: Â
5457 n/a
5458 Encryption: AES
5459 -256
5460 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5461 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5462 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5463 ..
5464 Note:
5465 Attention
5466 ! !
5467 !
5468 All of your copies of your system have been permanently deleted and the data on all partitions and workstations have been encrypted!
5469 Stay calm.
5470 You can recover all your data by making a payment of 2 BTC (1200 USD) in
5471 Bitcoin
5472 currency to receive a decryption key.
5473 To purchase
5474 Bitcions
5475 you can use www.coinbase.com
5476 After buying BTC send the equivalent of 2 BTC (1200 USD) to our BTC
5477 adress
5478 :
5479 16jX5RbF2pEcLYHPukazWhDCkxXTs7ZCxB
5480 After payment contact us to receive your decryption key. In mail
5481 title write
5482 your unique ID: {custom id visually resembling a MAC address}
5483 Our e-mail:
5484 crypt302@gmx.com
5485 Source:
5486 https://id-ransomware.blogspot.co.il/2016/10/xtplocker-ransomware.html
5487
5488
5489
5490
5491Name:
5492 Exotic Ransomware
5493 Month Detected: October 2016
5494 Decrypt Key: not yet
5495 Extension Ending: Â
5496 .exotic
5497 Encryption: AES
5498 -128
5499 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5500 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5501 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5502 ..
5503 Note:
5504 https://4.bp.blogspot.com/-WJYR7LkWHWY/WAaCYScljOI/AAAAAAAABuo/j18AGhzv7WUPb2r4HWkYm4TPgYw9S5PUwCLcB/s1600/note1-1.jpg
5505 https://4.bp.blogspot.com/-2QxJ3KCRimI/WAaCcWcE2uI/AAAAAAAABus/9SGRY5iQT-ITfG_JrY7mn6-PUpQrSKg7gCLcB/s1600/note1-2.jpg
5506 https://3.bp.blogspot.com/-SMXOoWiGkxw/WAaGOMdecrI/AAAAAAAABu8/S-YjlWlPKbItSN_fe8030tMDHWzouHsIgCLcB/s1600/note2.jpg
5507 Source:
5508 https://www.bleepingcomputer.com/news/security/eviltwins-exotic-ransomware-targets-executable-files/
5509 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-14-2016-exotic-lockydump-comrade-and-more/
5510 https://www.cyber.nj.gov/threat-profiles/ransomware-variants/exotic-ransomware
5511 https://id-ransomware.blogspot.co.il/2016/10/exotic-ransomware.html
5512
5513
5514
5515
5516Name:
5517 APT Ransomware v.2
5518 Month Detected: October 2016
5519 Decrypt Key: not yet
5520 Extension Ending: Â
5521 .
5522 dll
5523 Encryption: AES-128
5524 About: This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5525 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5526 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5527 ..
5528 NO POINT TO PAY THE RANSOM, THE FILES ARE COMPLETELY DE
5529 STROYED
5530 Note:
5531 https://2.bp.blogspot.com/-VTUhk_Py2FA/WAVCO1Yn69I/AAAAAAAABuI/N71wo2ViOE0UjrIdbeulBRTJukHtA2TdACLcB/s1600/ransom-note.jpg
5532 Source:
5533 https://id-ransomware.blogspot.co.il/2016/10/apt-ransomware-2.html
5534
5535
5536
5537
5538Name:
5539 Windows_Security
5540 Ransonware
5541 Â
5542 or
5543 WS Go
5544 Ransonware
5545 , Trojan.Encoder.6491
5546 Month Detected: October 2016
5547 Decrypt Key: not yet
5548 Extension Ending: Â
5549 .
5550 enc
5551 Encryption: AES
5552 -256
5553 About:
5554 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5555 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5556 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5557 ..
5558 Note:
5559 https://2.bp.blogspot.com/-NfRePJbfjbY/WAe5LHFsWaI/AAAAAAAABwE/1Pk116TDqAYEDYvnu2vzim1l-H5seW9mQCLcB/s1600/note.png
5560 Source:
5561 https://id-ransomware.blogspot.co.il/2016/10/ws-go-ransonware.html
5562 https://www.cyber.nj.gov/threat-profiles/ransomware-variants/apt-ransomware-v2
5563
5564
5565
5566
5567Name:
5568 NCrypt
5569 Ransomware
5570 Month Detected: October 2016
5571 Decrypt Key: not yet
5572 Extension Ending:
5573 .NCRYPTÂ
5574 or
5575 Â
5576 .
5577 ncrypt
5578 .
5579 Encryption: AES
5580 About:
5581 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5582 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5583 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5584 ..
5585 Note:
5586 https://2.bp.blogspot.com/-k7T79DnBk8w/WBc67QXyjWI/AAAAAAAAB3w/QbA-E9lYdSMOg3PcG9Vz8fTc_OhmACObACLcB/s1600/note-html.jpg
5587 Source:
5588 https://id-ransomware.blogspot.co.il/2016/10/ncrypt-ransomware.html
5589
5590
5591
5592
5593Name:
5594 Venis
5595 Ransomware
5596 Month Detected: October 2016
5597 Decrypt Key: not yet
5598 Extension Ending: .
5599 venis
5600 Encryption: AES
5601 -2048
5602 About:
5603 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5604 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5605 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5606 ..
5607 Note:
5608 https://3.bp.blogspot.com/-IFEOWjw-aaQ/WAXTu9oEN4I/AAAAAAAABuY/APqBiaHn3pAX8404Noyuj7tnFJDf2m_XACLcB/s1600/note1.jpg
5609 Source:
5610 https://id-ransomware.blogspot.co.il/2016/10/venis-ransomware.html
5611
5612
5613
5614
5615Name:
5616 Enigma 2 Ransomware
5617 Month Detected: October 2016
5618 Decrypt Key: not yet
5619 Extension Ending: .1txt
5620 Encryption: AES
5621 -128
5622 About:
5623 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5624 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5625 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5626 ..
5627 Note:
5628 We encrypt important files on your computer: documents, databases, photos, videos and keys.
5629 Files encryption algorithm AES 128 (https://ru.wikipedia.org/wiki/Advanced_Encryption_Standard) with a private key that only we know.
5630 Encrypted files have .1txt extension. It decrypts files without the private key IMPOSSIBLE.
5631 If you want to get the files back:
5632 1) Install the Tor Browser http://www.torproject.org/
5633 2) Locate the desktop key to access E_N_I_G_M_A.RSA site (password is encrypted in the key of your files)
5634 3) Go to the website http://kf2uimw5omtgveu6.onion/ into a torus-browser and log in using E_N_I_G_M_A.RSA
5635 4) Follow the instructions on the website and download the decoder
5636 C:\Documents and Settings\
5637 ÐдминиÑтратор
5638 \
5639 Рабочий
5640 Ñтол
5641 \E_N_I_G_M_
5642 A.RSA -
5643 The path to the key file on the desktop
5644 C:\DOCUME~1\9335~1\LOCALS~1\Temp\E_N_I_G_M_A.RSA - The path to the key file in TMP directory
5645 Source:
5646 https://id-ransomware.blogspot.co.il/2016/10/enigma-2-ransomware.html
5647
5648
5649
5650
5651Name:
5652 Deadly RansomwareÂ
5653 or
5654 Deadly for a Good Purpose Ransomware
5655 Month Detected: October 2016
5656 Decrypt Key: not yet
5657 Extension Ending
5658 : .
5659 Encryption: AES
5660 -256
5661 About:
5662 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5663 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5664 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5665 ..
5666 Note:
5667 https://4.bp.blogspot.com/-XZiiaCYM9Bk/WAUsUkrCJEI/AAAAAAAABtk/z-sMHflz3Q8_aWc-K9PD0N5TGkSGwwQnACLcB/s1600/note-html.jpg
5668 Source:
5669 https://id-ransomware.blogspot.co.il/2016/10/deadly-ransomware.html
5670
5671
5672
5673
5674Name:
5675 Comrade Circle Ransomware
5676 Month Detected: October 2016
5677 Decrypt Key: not yet
5678 Extension Ending: .
5679 comrade
5680 Encryption: AES-256
5681 About:
5682 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5683 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5684 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5685 ..
5686 Note:
5687 https://3.bp.blogspot.com/-MmzOC__9qPA/V__t2kNX-SI/AAAAAAAABrc/t8ypPa1jCIUbPfvR7UGbdGzdvKrbAv_DgCLcB/s1600/wallpaper.jpg
5688 https://4.bp.blogspot.com/-hRoC-UFr-7o/V__tAEFuZWI/AAAAAAAABrQ/xDawlulx8Bg4uEtX4bU2ezPMY-x6iFiuQCLcB/s1600/note-1ch.JPG
5689 https://4.bp.blogspot.com/-PdYtm6sRHAI/WAEngHQBg_I/AAAAAAAABsA/nh8m7__b0wgviTEBahyNYK4HFhF1v7rOQCLcB/s1600/icon-stalin-2.jpg
5690 Source:
5691 https://id-ransomware.blogspot.co.il/2016/10/comrade-circle-ransomware.html
5692
5693
5694
5695
5696Name:
5697 Globe2Â Ransomware
5698 Month Detected: October 2016
5699 Decrypt Key: not yet
5700 Extension Ending:
5701 .
5702 raid10 Â -
5703 Â .[random].raid10
5704 .
5705 blt
5706 -
5707 .[random].
5708 blt
5709 .globe -
5710 .[random].globe
5711 .encrypted -Â .[random].encrypted
5712 .mia.kokers@aol.com -Â .[mia.kokers@aol.com]
5713 Encryption: AES-256
5714 About:
5715 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5716 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5717 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5718 ..
5719 Note:
5720 https://3.bp.blogspot.com/-MYI30xhrcZU/V_qcDyASJsI/AAAAAAAABpU/Pej5jDk_baYBByLx1cXwFL8LBiT8Vj3xgCLcB/s1600/note22.jpg
5721 Source:
5722 https://id-ransomware.blogspot.co.il/2016/10/globe2-ransomware.html
5723
5724
5725
5726
5727Name:
5728 Kostya
5729 Ransomware
5730 https://2.bp.blogspot.com/-4YmIkWfYfRA/V_lAALhfSvI/AAAAAAAABpE/Dj35aroKXSwbLXrSPqGCzbvhsTNHdsbAgCLcB/s1600/kostya.jpg
5731 Month Detected: October 2016
5732 Decrypt Key: not yet
5733 Extension Ending: .
5734 k0stya
5735 Encryption: AES-256
5736 About:
5737 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments.
5738 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5739 ..
5740 Note:
5741 https://2.bp.blogspot.com/-E_MI2fT33J0/V_k_9Gjkj4I/AAAAAAAABpA/-30UT5HhPAAR9YtVkFwgrYqLIdWPprZ9gCLcB/s1600/lock-screen.jpg
5742 Source:
5743 https://id-ransomware.blogspot.co.il/2016/10/kostya-ransomware.html
5744
5745
5746
5747
5748Name:
5749 Fs0ciety Locker Ransomware
5750 Month Detected: October 2016
5751 Decrypt Key: not yet
5752 Extension Ending: .comrade
5753 Encryption: AES-256 CBC
5754 About:
5755 This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed.
5756 The hacker spread the virus using email spam, fake updates, and harmful attachments.
5757 All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc
5758 ..
5759 Note:
5760 https://4.bp.blogspot.com/-nskzYgbg7Ac/V_jpJ3GApqI/AAAAAAAABos/EbG_-BLDPqA9bRVOWdzHjPnDWFiHYlsJwCLcB/s1600/ransom-note.png
5761 Source:
5762 https://id-ransomware.blogspot.co.il/2016/10/fs0ciety-locker-ransomware.html