Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: Ransomware File Screening List - Windows Server's File Server Resource Manager - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Ransomware File Screening List - Windows Server's File Server Resource Manager
For future and present reference I would like to keep a living file screening list for CryptoLocker, CryptoWall, CryptoTesla and other variants of Ransomware for Windows Server where administrators using File Server Resource Manager FSRM.msc actively monitor network shares and files. I will open this up for comment and will include matches found in common variants. If you have an extension or file name not on this list please list relative information in a reply!

Original ransomware reference copied from Pastebin...
Source: http://pastebin.com/BQV7yr8V
Author: woodburyman
Last Update: August 19th 2015

*.*AES256
*.*cry
*.*crypto
*.*darkness
*.*enc*
*.*kb15
*.*kraken
*.*locked
*.*nochance
*.*oshit
*.*exx
*@gmail_com_*
*@india.com*
*cpyt*
*crypt*
*decipher*
*install_tor*.*
*keemail.me*
*qq_com*
*ukr.net*
*restore_fi*.*
*help_restore*.*
*how_to_recover*.*
*.ecc
*.exx
*.ezz
*.frtrss
*.vault
*want your files back.*
confirmation.key
enc_files.txt
last_chance.txt
message.txt
recovery_file.txt
recovery_key.txt
vault.hta
vault.key
vault.txt
*.aaa

Additional extensions...
Source: http://www.bleepingcomputer.com/forums/t/588135/has-anyone-seen-this-ransomware/
Author: quietman7 (Global Moderator)
Last Update: August 26 2015

*.xyz
*.zzz
*.abc

PLEASE HELP KEEP THIS LIST GOING AND UPDATED!
7s3v3n7

4 Posts
we did see .mp3 ext encrypted file. when ransomware encrypted any MS word file , It ext changed to XYZ.doc.mp3 Anonymous

Sign Up for Free or Log In to start participating in the conversation!