ID Ransomware - Identify What Ransomware Encrypted Your Files

Zylok Locker???

May be Zyklon Locker???

Zylok Locker???

May be Zyklon Locker???

Yes, my typo from memory.

OK. Thanks for answer.

Hello, I'm trying to identified the encryptation method used on one infected file with locky virus, and the website: https://id-ransomware.malwarehunterteam.com/identify.php have a Error 524 Time A timeout occurred. Anyone knows if the site is down temporarily or permanent? Thank you! 

I was messing with a poor-man's cron job that went awry on me, lol. It should be up; should have only affected a few people for a short amount of time.

*Edit: might be still wrestling with it... if anyone gets a timeout error, it is definitely temporary, sorry.

Edited by Demonslay335, 28 May 2016 - 09:21 AM.

Hello,

it was a very useful website to recognize which ransomware infect the computer....if it will not go online, please post any other alternatives!!

Many thanks!!

Hello,

it was a very useful website to recognize which ransomware infect the computer....if it will not go online, please post any other alternatives!!

Many thanks!!

To my knowledge no such thing exists online or offline - thus why I made the site.

I've got the issues resolved now.

Edited by CharlyG, 28 May 2016 - 11:12 AM.

PLEASE HELP MY FILES   

At elhack4, have you tried to follw the links from https://id-ransomware.malwarehunterteam.com/index.php service?

For each identified data you will find a link directiing you to the correct forum topic.

This tiopic is to inform the creatorof id-ransomware and creator of this thopi (read post one) about issues.

If your data above are important to you and have privat info, you have now give with knowledge to decrypt three of your files.

That is not very smart, so follow the links, and read the topic you will be posting to, to see if there is any way to save the data, then you may ask the topic for help, if you need anything.

Regards

Mind if I submit a few corrections for the French translation of the website?

Sure, feel free to PM me any potential corrections. As a courtesy to my original translators, I will typically run it by them before implementing any changes to the public site.

 

ID Ransomware
 

 
 
ID Ransomware (beta) is a website I have created where a victim can identify what ransomware encrypted their files.
 
All too often after a ransomware attack, the first question is, "what encrypted my files?", followed by "can I decrypt my data?". This web service aims to help answer those questions, and guide a victim to the correct information relating to their infection.
 
By simply uploading a ransom note, and/or an encrypted file (preferably both for best results), the site will use several techniques to help identify what ransomware may have encrypted the files. This includes assessing the ransom note name, file name patterns of the encrypted file, and in some cases, even byte patterns in the encrypted file itself.
 
When the ransomware(s) has been identified, a clean-cut answer will be displayed on the current known status of decrypting the data, along with a link to more information on the particular ransomware.
 
Naturally, there are cases where multiple ransomwares could be detected, as some ransomware share signs. It is best to review the provided links for more information on manually determining which is the real infector. It is also possible there could be dual-infections. There is also the chance that no ransomware will be identified. Some ransomware show few, or very complicated signs, and cannot be determined simply from the ransom note and encrypted sample.
 
A current list of ransomware that are supported is displayed on the front page, with newest additions in bold (all will be bold at launch here naturally).
 
I will be continuously trying to keep the database as accurate as possible when new developments are found, and when new ransomware are discovered. I also have plans for new detection techniques in the future.
 
This project is technically in beta, so let me know if there are any bugs, or if you believe detection was not accurate for a case. I can be reached on this forum, and my Twitter handle is at the bottom of the page.
 
In a way, I see this as a spiritual successor of Nathan's IDTool, so I thank him for the inspiration.
 
The website is accessible at the following link: https://id-ransomware.malwarehunterteam.com/
 
Special thanks to @malwrhunterteam for usage of their sub-domain.
 
Currently Identified Ransomware - 03/25/16

• 7ev3n
• BuyUnlockCode
• Cerber
• Coverton
• Crypt0L0cker
• CryptoFortress
• CryptoHasYou
• CryptoJoker
• CryptoWall 2.0
• CryptoWall 3.0
• CryptoWall 4.0
• DMA Locker
• ECLR Ransomware
• EnCiPhErEd
• HOW TO DECRYPT FILES
• HydraCrypt
• KeRanger
• LeChiffre
• Locky
• Magic
• MakTub Locker
• NanoLocker
• Nemucod
• PadCrypt
• PClock
• PowerWare
• Radamant
• Sanction
• Shade
• SuperCrypt
• Surprise
• TeslaCrypt 0.x
• TeslaCrypt 2.x
• TeslaCrypt 3.0
• TeslaCrypt 4.0
• UmbreCrypt

 

Sir, what about the .cryp1 as cryptorbit? is it similar to ultracrypt?