| 勒索软件对应检测名 |
勒索软件变种 |
文件及扩展名 |
| Ransom_Waltrix |
CryptXXX V1 |
.crypt |
| Ransom_Waltrix |
CryptXXX V2 |
.crypt |
| Ransom_Waltrix |
CryptXXX V3 |
.crypt |
| Ransom_Waltrix |
CryptXXX V3.X |
.cryp1 or .crypz or 5 hex characters (eg. 6A45D) |
| Ransom_Waltrix |
CryptXXX V4 & V5 |
{MD5 Hash}.5 hexadecimal characters |
| Ransom_CRYPTESLA |
Teslacrypt V1 |
.ECC or. EZZ |
| Ransom_CRYPTESLA |
Teslacrypt V2 |
.vvv or .ccc or .aaa or .abc or .xyz or .zzz |
| Ransom_CRYPTESLA |
Teslacrypt V3 |
.XXX or .TTT or .MP3 or .MICRO |
| Ransom_CRYPTESLA |
Teslacrypt V4 |
File name and extension are unchanged |
| Ransom_SNSLocker |
SNSLocker |
.RSNSlocked |
| Ransom_AUTOLOCKY |
AutoLocky |
.locky |
| Ransom_BADBLOCK |
BadBlock |
File name and extension are unchanged |
| Ransom_Democry |
777 |
._<date-time>_$kaligula.caesar@aol.com$.777 |
| Ransom_XORIST |
Xorist |
.xorist or random extension |
| Ransom_XORBAT |
XORBAT |
.crypted |
| Ransom_CERBER |
CERBER |
{random file name}.cerber |
| Ransom_STAMPADO |
Stampado |
.locked |
| JS_NEMUCOD |
Nemucod |
.crypted |
| RANSOM_CRYPCHIM |
Chimera |
.crypt |
| RANSOM_MIRCOP |
MirCop (Crypt888) |
Lock.{Original file name} |
| Ransom_LECTOOL |
LeChiffre |
.LeChiffre |
| Ransom_JIGSAW |
Jigsaw |
{Original file name}.random extension |
| Ransom_PURGE.A |
Globe / Purge V1, V2, V3 |
V1: {Original file name}.purge
V2: {Original file name}.{email address + random characters}
V3: extension not fixed or file name encrypted |
| Ransom_DXXD |
DXXD |
.dxxd |
| Ransom_XPAN |
TeamXRat/Xpan V2 (New) |
. ____xratteamLucked |
