"ID Ransomware" Website Helps Identify Ransomware Infections

[Exterminator]

Content source

http://news.softpedia.com/news/id-ransomware-website-helps-identify-ransomware-infections-502814.shtml

A new website that launched in the past weeks is now making the life of ransomware victims a lot easier by allowing them to identify which ransomware variant infected their computers and if there's a way to recover the files without paying.

Called ID Ransomware, the website has been put together by Michael Gillespie, a regular collaborator to Bleeping Computer's support forum where most of today's ransomware victims go for help. Michael is also one of the people that helped crack the CryptoHost (Manamecrypt) ransomware.

To use the ID Ransomware website, users will need two things. First is the ransom note file, which can take different forms, from HTML to text files, and then they'll need one of the files encrypted by the ransomware.

Users have to select and upload both files in the two form fields on the ID Ransomware website, and hit the "Upload" button. This starts an analysis of the two files, and after a few seconds/minutes (depending on server load), the website will tell you which ransomware variant has locked your computer, like in the image below.

As the service's motto goes, "Knowing is half the battle!"
Depending on the ransomware type that has been detected, lucky users will receive a link where they can download a decrypter that will help them unlock their files.

Not-so-lucky users will be redirected to a Bleeping Computer forum support thread, while also being asked to back up their encrypted data, in the hope they can recover their files in the future if a decrypter ever becomes available.

At the time of writing, the ID Ransomware service supports the following 51 ransomware variants: 7ev3n, Booyah, Brazilian Ransomware, BuyUnlockCode, Cerber, CoinVault, Coverton, Crypt0L0cker, CryptoFortress, CryptoHasYou, CryptoJoker, CryptoTorLocker, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0, CrySiS, CTB-Locker, DMA Locker, ECLR Ransomware, EnCiPhErEd, Hi Buddy!, HOW TO DECRYPT FILES, HydraCrypt, Jigsaw, JobCrypter, KeRanger, LeChiffre, Locky, Lortok, Magic, Maktub Locker, MireWare, NanoLocker, Nemucod, OMG! Ransomcrypt, PadCrypt, PClock, PowerWare, Radamant, Rokku, Samas, Sanction, Shade, SuperCrypt, Surprise, TeslaCrypt 0.x, TeslaCrypt 2.x, TeslaCrypt 3.0, TeslaCrypt 4.0, UmbreCrypt, Unknown, VaultCrypt.

 

[upnorth]

That url should be a Sticky.

 

[Der.Reisende]

A new website that launched in the past weeks is now making the life of ransomware victims a lot easier by allowing them to identify which ransomware variant infected their computers and if there's a way to recover the files without paying.

Called ID Ransomware, the website has been put together by Michael Gillespie, a regular collaborator to Bleeping Computer's support forum where most of today's ransomware victims go for help. Michael is also one of the people that helped crack the CryptoHost (Manamecrypt) ransomware.

To use the ID Ransomware website, users will need two things. First is the ransom note file, which can take different forms, from HTML to text files, and then they'll need one of the files encrypted by the ransomware.

Users have to select and upload both files in the two form fields on the ID Ransomware website, and hit the "Upload" button. This starts an analysis of the two files, and after a few seconds/minutes (depending on server load), the website will tell you which ransomware variant has locked your computer, like in the image below.

Awesome, thanks for sharing @exterminator20 Agree @upnorth, worthy find

 

[jamescv7]

Quick access why? Because many steps that are release are preliminary that even though working however very complex on the process which is time consuming for decrypting the files.