勒索软件对应检测名 |
勒索软件变种 |
文件及扩展名 |
Ransom_Waltrix |
CryptXXX V1 |
.crypt |
Ransom_Waltrix |
CryptXXX V2 |
.crypt |
Ransom_Waltrix |
CryptXXX V3 |
.crypt |
Ransom_Waltrix |
CryptXXX V3.X |
.cryp1 or .crypz or 5 hex characters (eg. 6A45D) |
Ransom_Waltrix |
CryptXXX V4 & V5 |
{MD5 Hash}.5 hexadecimal characters |
Ransom_CRYPTESLA |
Teslacrypt V1 |
.ECC or. EZZ |
Ransom_CRYPTESLA |
Teslacrypt V2 |
.vvv or .ccc or .aaa or .abc or .xyz or .zzz |
Ransom_CRYPTESLA |
Teslacrypt V3 |
.XXX or .TTT or .MP3 or .MICRO |
Ransom_CRYPTESLA |
Teslacrypt V4 |
File name and extension are unchanged |
Ransom_SNSLocker |
SNSLocker |
.RSNSlocked |
Ransom_AUTOLOCKY |
AutoLocky |
.locky |
Ransom_BADBLOCK |
BadBlock |
File name and extension are unchanged |
Ransom_Democry |
777 |
._<date-time>_$kaligula.caesar@aol.com$.777 |
Ransom_XORIST |
Xorist |
.xorist or random extension |
Ransom_XORBAT |
XORBAT |
.crypted |
Ransom_CERBER |
CERBER |
{random file name}.cerber |
Ransom_STAMPADO |
Stampado |
.locked |
JS_NEMUCOD |
Nemucod |
.crypted |
RANSOM_CRYPCHIM |
Chimera |
.crypt |
RANSOM_MIRCOP |
MirCop (Crypt888) |
Lock.{Original file name} |
Ransom_LECTOOL |
LeChiffre |
.LeChiffre |
Ransom_JIGSAW |
Jigsaw |
{Original file name}.random extension |
Ransom_PURGE.A |
Globe / Purge V1, V2, V3 |
V1: {Original file name}.purge
V2: {Original file name}.{email address + random characters}
V3: extension not fixed or file name encrypted |
Ransom_DXXD |
DXXD |
.dxxd |
Ransom_XPAN |
TeamXRat/Xpan V2 (New) |
. ____xratteamLucked |