File extension

Ransomware .locked file extension with restore-files.txt ransom note

The locked (.LOCKED) the extension is no longer generic because it is used by several types of ransomware known to include CryptoShocker, File-Locker, LockeR, LockerGoga, Locked (L0cked), Scarab, DEcovid19, Hakbit (Thanos), DCRTR-WDM, Mespinoza (Pysa), SambaCry (StorageCrypt), AESMewLocker, Aurora, Crypter, Cring (Crypt3r, Ghost, Phantom), GoodMorning, Tellyouthepass, Bitpaymer, Jigsaw, Stampado, ViluciWare, Philapdelphia, Forma, Fantom, BankAccountSummary, RAA-SEP, Uyari, PokemonLearT (GNearT), LockerGo, Hidden , ApocalypseVM, KimcilWare Ransomware, Message of Death, FirstRansomware, Zyka, C / C ++ Ransomware (version of Globe) and some variants of Amnesia and Globe 3. The .locked extension is also used by many other unidentified ransomware.

Can you provide (copy and paste) the ransom note content in your next answer?

Try to submit (download) sample encrypted files, ransom notes and all contact email addresses provided by malware developer to Ransomware ID (IDR) for identification aid and confirmation of infection. Ransomware ID can identify ransomware that adds a prefix instead of an extension and more precisely identifies ransomware by file markers if applicable. Download the two encrypted files and ransom notes as well as any e-mail addresses provided, give a more positive match with the identification and help to avoid false detections. Please provide a link to ID Ransomware results.

Yes Ransomware ID can’t identify infection, you can post the SHA1 holster it gives you in your next answer for Demonslay335 (Michael Gillespie) to manually inspect files and look for possible file markers.

Please Download the original ransom note and samples of encrypted files (various formats – doc, png, jpg) AND its original file (unencrypted) for comparison with the following third party file hosting service and provide a link or send a PM with a link to Amigo-A (Andrew Ivanov) so that he can inspect them and possibly confirm the infection (and / or add to his database).

Leave a Reply

Your email address will not be published.