Uno de los ransomware que más están dando dolor de cabeza a los usuarios y sus dispositivos son los CryptoLocker.
Desde el área de recuperación de datos de OnRetrieval hemos detectado un aumento de los servicios solicitados debido a este tipo de ransomware, el CryptoLocker. Un virus que se distribuye de varias maneras, principalmente como un archivo adjunto en un mail. El objetivo de los distribuidores (ciberdelincuentes) de este tipo de malware, es la extorsión al usuario, generalmente cobrando un rescate o recompensa en bitcoin por los datos robados.
El modus operandi de los extorsionistas está muy estudiado para que sea el propio usuario el que lo ejecute, generalmente a través de un correo que lleva adjunto un ZIP con contraseña, o bien, mediante un ejecutable cualquiera que descarga el propio usuario.
Además del CryptoLocker, el TeslaCrypt, el Wallet, el Cerber o el Dharma, son los siguientes ransomware más comunes. Desde el Laboratorio de OnRetrieval, trabajamos continuamente con las herramientas más innovadoras del mercado para conseguir desencrpitar este tipo de virus.
Consejos a seguir antes este tipo de problemas:
1.- No pagar bajo ningún caso el rescate solicitado por el ciberdelincuente
2.- Tomar nota del aviso de rescate, es posible que de ahí se pueda sacar información para la detección del ransomware
3.- Apagar el equipo inmediatamente
4.- Desconectar internet
5.- Llamar a empresas como OnRetrieval, expertos en resolver todo tipo de ransomware. Teléfono gratuito: 900.900.381 – sac@onretrieval.com
A continuación un listado de los ransomware y sus extensiones, con lo que trabajamos en la actualidad desde nuestro Laboratorio de Recuperación de Datos, con resultados exitosos en la mayoría de los casos.
| Ransomware | Extensión |
| 777 | 777 |
| 7ev3n | .R4A .R5A |
| 7h9r | .7h9r |
| 8lock8 | .8lock8 |
| AiraCrop | ._AiraCropEncrypted |
| Al-Namrood | .unavailable .disappeared |
| Alcatraz Locker | .Alcatraz |
| ALFA Ransomware | .bin |
| Alma Ransomware | random |
| Alpha Ransomware | .encrypt |
| Alphabet | |
| AMBA | .amba |
| Angela Merkel | .angelamerkel |
| Angry Duck | .adk |
| Anony | |
| Anubis | .coded |
| Apocalypse | .encrypted .SecureCrypted .FuckYourData .unavailable .bleepYourFiles .Where_my_files.txt |
| ApocalypseVM | .encrypted .locked |
| ASN1 | |
| AutoLocky | .locky |
| Aw3s0m3Sc0t7 | .enc |
| BadBlock | |
| BadEncript | .bript |
| BaksoCrypt | .adr |
| Bandarchor | .id-1235240425_help@decryptservice.info |
| BarRax | .BarRax |
| Bart | .bart.zip .bart .perl |
| BitCryptor | .clf |
| BitStak | .bitstak |
| BlackShades Crypter | .Silent |
| Blocatto | .blocatto |
| Booyah | |
| Brazilian | .lock |
| Brazilian Globe | |
| BrLock | |
| Browlock | |
| Bucbi | |
| BuyUnlockCode | |
| Central Security Treatment Organization | .cry |
| Cerber | .cerber .cerber2 .cerber3 |
| CerberTear | |
| Chimera | .crypt 4 random characters, e.g., .PzZs, .MKJL |
| CHIP | .CHIP .DALE |
| Click Me Game | |
| Clock | |
| CloudSword | |
| Cockblocker | .hannah |
| CoinVault | .clf |
| Coverton | .coverton .enigma .czvxce |
| Cryaki | .{CRYPTENDBLACKDC} |
| Crybola | |
| CryFile | .criptiko .criptoko .criptokod .cripttt .aga |
| CryLocker | .cry |
| CrypMIC | |
| Crypren | .ENCRYPTED |
| Crypt38 | .crypt38 |
| CryptConsole | random |
| Cryptear | |
| Crypter | |
| CryptFIle2 | .scl |
| CryptInfinite | .crinf |
| CryptoBit | |
| CryptoBlock | |
| CryptoDefense | |
| CryptoFinancial | |
| CryptoFortress | .frtrss |
| CryptoGraphic Locker | .clf |
| CryptoHost | |
| CryptoJacky | |
| CryptoJoker | .crjoker |
| CryptoLocker | .encrypted .ENC |
| CryptoLocker 1.0.0 | |
| CryptoLocker 5.1 | |
| CryptoLuck / YafunnLocker | .[victim_id]_luck |
| CryptoMix | .code .scl .rmd .lesli .rdmk .CRYPTOSHIELD .CRYPTOSHIEL |
| CryptON | _crypt .id-_locked .id-_locked_by_krec .id-_locked_by_perfect .id-_x3m .id-_r9oj .id-_garryweber@protonmail.ch .id-_steaveiwalker@india.com_ .id-_julia.crown@india.com_ .id-_tom.cruz@india.com_ .id-_CarlosBoltehero@india.com_ .id-_maria.lopez1@india.com_ |
| CryptoRansomeware | |
| Cryptorium | .ENC |
| CryptoRoger | .crptrgr |
| CryptoShadow | .doomed |
| CryptoShield | .CRYPTOSHIELD |
| CryptoShocker | .locked |
| CryptoTorLocker2015 | .CryptoTorLocker2015! |
| CryptoTrooper | |
| CryptoWall 1 | |
| CryptoWall 2 | |
| CryptoWall 3 | |
| CryptoWall 4 | |
| CryptoWire | |
| CryptXXX | .crypt |
| CryptXXX 2.0 | .crypt |
| CryptXXX 3.0 | .crypt .cryp1 .crypz .cryptz random |
| CryptXXX 3.1 | .cryp1 |
| CryPy | .cry |
| CTB-Faker | |
| CTB-Locker | .ctbl |
| CTB-Locker WEB | |
| CuteRansomware | .已加密 .encrypted |
| Cyber SpLiTTer Vbs | |
| Damage | .damage |
| Dharma | .dharma .wallet .zzzzz |
| Deadly for a Good Purpose | |
| Death Bitches | .locked |
| DeCrypt Protect | .html |
| DEDCryptor | .ded |
| Demo | .encrypted |
| Depsex | .Locked-by-Mafia |
| DeriaLock | .deria |
| DetoxCrypto | |
| Digisom | |
| DirtyDecrypt | |
| DMALocker | |
| DMALocker 3.0 | |
| DNRansomware | .fucked |
| Domino | .domino |
| Donald Trump | .ENCRYPTED |
| DummyLocker | .dCrypt |
| DXXD | .dxxd |
| DynA-Crypt | .crypt |
| EDA2 / HiddenTear | .locked |
| EdgeLocker | .edgel |
| EduCrypt | .isis .locked |
| El-Polocker | .ha3 |
| Encoder.xxxx | |
| encryptoJJS | .enc |
| Enigma | .enigma .1txt |
| Enjey | |
| EnkripsiPC | .fucked |
| Erebus | |
| Evil | .file0locked .evillock |
| Exotic | .exotic |
| FabSysCrypto | |
| Fadesoft | |
| Fairware | |
| Fakben | .locked |
| FakeGlobe | .crypt |
| FakeCryptoLocker | .cryptolocker |
| Fantom | .fantom .comrade |
| FenixLocker | .FenixIloveyou!! |
| FileLocker | .ENCR |
| FireCrypt | .firecrypt |
| Flyper | .locked |
| Fonco | |
| FortuneCookie | |
| Free-Freedom | .madebyadam |
| FSociety | .fs0ciety .dll |
| Fury | |
| GhostCrypt | .Z81928819 |
| Gingerbread | |
| Globe v1 | .purge |
| Globe v2 | .lovewindows .openforyou@india.com |
| Globe v3 | .[random].blt .[random].encrypted .[random].raid10 .[mia.kokers@aol.com] .[random].globe .unlockvt@india.com .rescuers@india.com.3392cYAn548QZeUf.lock .locked .decrypt2017 .hnumkhotep |
| GNL Locker | .locked |
| GOG | .L0CKED |
| Gomasom | .crypt |
| Goopic | |
| Gopher | |
| Gremit | .rnsmwr |
| Guster | .locked |
| Hacked | .versiegelt .encrypted .payrmts .locked .Locked |
| Harasom | .html |
| HDDCryptor | |
| Heimdall | |
| Help_dcfile | .XXX |
| Herbst | .herbst |
| Hermes | |
| Hi Buddy! | .cry |
| Hitler | |
| HolyCrypt | (encrypted) |
| HTCryptor | |
| Hucky | .locky |
| HydraCrypt | |
| IFN643 | |
| iLock | .crime |
| iLockLight | .crime |
| International Police Association | |
| iRansom | .Locked |
| Jack.Pot | |
| JagerDecryptor | !ENC |
| JapanLocker | |
| Jeiphoos | |
| Jhon Woddy | .killedXXX |
| Jigsaw | .btc .kkk .fun .gws .porno .payransom .payms .paymst .AFD .paybtcs .epic .xyz .encrypted .hush .paytounlock .uk-dealer@sigaint.org .gefickt .nemo-hacks.at.sigaint.org |
| Job Crypter | .locked .css |
| JohnyCryptor | |
| Kaandsona | .kencf |
| Kangaroo | .crypted_file |
| Karma | .karma |
| Karmen | .grt |
| Kasiski | [KASISKI] |
| KawaiiLocker | |
| KeRanger | .encrypted |
| KeyBTC | keybtc@inbox_com |
| KEYHolder | |
| KillDisk | |
| KillerLocker | .rip |
| KimcilWare | .kimcilware .locked |
| Kirk | .kirked |
| Koolova | |
| Korean | .암호화됨 |
| Kostya | .kostya |
| Kozy.Jozy | .31392E30362E32303136_[ID-KEY]_LSBJ1 |
| Kraken | .kraken |
| KratosCrypt | .kratos |
| KRider | .kr3 |
| KryptoLocker | |
| LambdaLocker | .lambda_l0cked |
| LeChiffre | .LeChiffre |
| Linux.Encoder | |
| Locked-In | |
| Locker | |
| LockLock | .locklock |
| Locky | .locky .zepto .odin .shit .thor .aesir .zzzzz .osiris |
| Lock93 | .lock93 |
| Lomix | |
| Lortok | .crime |
| LowLevel04 | oor. |
| M4N1F3STO | |
| Mabouia | |
| Magic | .magic |
| MaktubLocker | |
| Marlboro | .oops |
| MarsJoke | .a19 .ap19 |
| MasterBuster | |
| Matrix | |
| Merry X-Mas! | .PEGS1 .MRCR1 .RARE1 .MERRY .RMCM1 |
| MIRCOP | Lock. |
| MireWare | .fucked .fuck |
| Mischa | |
| MM Locker | .locked |
| Mobef | .KEYZ .KEYH0LES |
| MSN CryptoLocker | |
| n1n1n1 | |
| N-Splitter | .кибер разветвитель |
| Nagini | |
| NanoLocker | |
| Nemucod | .crypted |
| Netix | |
| Nhtnwcuf | |
| NMoreira | .maktub .__AiraCropEncrypted! |
| NoobCrypt | |
| Nuke | .nuclear55 |
| Nullbyte | _nullbyte |
| Ocelot | |
| ODCODC | .odcodc |
| Offline ransomware | .cbf |
| OMG! Ransomware | .LOL! .OMG! |
| Onyx | |
| Operation Global III | .EXE |
| Owl | dummy_file.encrypted |
| OzozaLocker | .Locked |
| PadCrypt | .padcrypt |
| Padlock Screenlocker | |
| Patcher | .crypt |
| PayDay | .sexy |
| PayDOS | |
| Paysafecard Generator 2016 | .cry_ |
| PClock | |
| Petya | |
| Philadelphia | .locked |
| Phoenix | .R.i.P |
| Pickles | .EnCrYpTeD |
| PizzaCrypts | .id-[victim_id]-maestro@pizzacrypts.info |
| PokemonGO | .locked |
| Popcorn Time | .filock |
| Polyglot | |
| Potato | .potato |
| PowerWare | .locky |
| PowerWorm | |
| Princess Locker | |
| PRISM | |
| ProposalCrypt | .crypted |
| Ps2exe | |
| PyL33T | .d4nk |
| R980 | .crypt |
| RAA encryptor | .locked |
| Radamant | .RDM .RRK .RAD .RADAMANT |
| Rakhni | .locked .kraken .darkness .nochance .oshit .oplata@qq_com .relock@qq_com .crypto .helpdecrypt@ukr.net .pizda@qq_com .dyatel@qq_com _ryp .nalog@qq_com .chifrator@qq_com .gruzin@qq_com .troyancoder@qq_com .encrypted .cry .AES256 .enc .hb15 |
| Ramsomeer | |
| Ranion | |
| Rannoh | |
| RanRan | .zXz |
| Ransoc | |
| Ransom32 | |
| RansomLock | |
| RansomPlus | .encrypted |
| RarVault | |
| Razy | .razy .fear |
| Rector | .vscrypt .infected .bloc .korrektor |
| Red Alert | |
| RektLocker | .rekt |
| RemindMe | .remind .crashed |
| Rokku | .rokku |
| Runsomewere | |
| RussianRoulette | |
| Sage 2.0 | .sage |
| Sage 2.2 | .sage |
| Samas-Samsam | .encryptedAES .encryptedRSA .encedRSA .justbtcwillhelpyou .btcbtcbtc .btc-help-you .only-we_can-help_you .iwanthelpuuu .notfoundrans .encmywork .VforVendetta .theworldisyours .Whereisyourfiles .helpmeencedfiles .powerfulldecrypt .noproblemwedecfiles .weareyourfriends .otherinformation .letmetrydecfiles .encryptedyourfiles .weencedufiles |
| Sanction | .sanction |
| Sardoninir | .enc |
| Satan | .stn |
| Satana | Sarah_G@ausi.com___ |
| Scraper | |
| SerbRansom | .velikasrbija |
| Serpent | .serpent |
| Serpico | |
| Shark | .locked |
| ShellLocker | .L0cked |
| ShinoLocker | .shino |
| Shujin | |
| Simple_Encoder | .~ |
| SkidLocker / Pompous | .locked |
| SkyName | |
| Smash! | |
| Smrss32 | .encrypted |
| SNSLocker | .RSNSlocked .RSplited |
| Spora | |
| Sport | .sport |
| Stampado | .locked |
| Strictor | .locked |
| Surprise | .surprise .tzu |
| Survey | |
| SynoLocker | |
| SZFLocker | .szf |
| TeamXrat | .___xratteamLucked |
| TeleCrypt | .xcri |
| TeslaCrypt 0.x – 2.2.0 | .vvv .ecc .exx .ezz .abc .aaa .zzz .xyz |
| TeslaCrypt 3.0+ | .micro .xxx .ttt .mp3 |
| TeslaCrypt 4.1A | |
| TeslaCrypt 4.2 | |
| Thanksgiving | |
| Threat Finder | |
| TorrentLocker | .Encrypted .enc |
| TowerWeb | |
| Toxcrypt | .toxcrypt |
| Trojan | .braincrypt |
| Troldesh | .breaking_bad .better_call_saul .xtbl .da_vinci_code .windows10 .no_more_ransom |
| TrueCrypter | .enc |
| Trump Locker | .TheTrumpLockerf .TheTrumpLockerfp |
| Turkish | .sifreli |
| Turkish (Fake CTB-Locker) | .encrypted |
| Turkish Ransom | .locked |
| UltraLocker | |
| UmbreCrypt | |
| UnblockUPC | |
| Ungluk | .H3LL .0x0 .1999 |
| Unlock26 | .locked-[XXX] |
| Unlock92 | .CRRRT .CCCRRRPPP |
| Vanguard | |
| VapeLauncher | |
| VaultCrypt | .vault .xort .trun |
| VBRANSOM 7 | .VBRANSOM |
| VenisRansomware | |
| VenusLocker | .Venusf .Venusp |
| Vindows Locker | .vindows |
| Virlock | .exe |
| Virus-Encoder | .CrySiS .xtbl .crypt .DHARMA |
| Vortex | .aes |
| vxLock | .vxLock |
| Wcry | .wcry |
| WildFire Locker | .wflx |
| Winnix Cryptor | .wnx |
| XCrypt | |
| Xorist | .EnCiPhErEd .73i87A .p5tkjw .PoAr2w .fileiscryptedhard .encoderpass .zc3791 .antihacker2017 |
| XRTN | .xrtn |
| XYZWare | |
| You Have Been Hacked!!! | .Locked |
| YourRansom | .yourransom |
| Zcrypt | .zcrypt |
| Zeta | .code .scl .rmd |
| Zimbra | .crypto |
| Zlader / Russian | .vault |
| zScreenLocker | |
| Zyka | .locked |
| Zyklon |
Evita este tipo de incidentes protegiendo tu red con nuestros servicios de Ciberseguridad.
OnRetrieval, especialistas en Recuperación de Datos, Informática Forense y Ciberseguridad.
Comentario (1)
José María Castillo / 13 diciembre, 2017
Buenos días:
Tengo varios archivos encriptados por Synolocker.
Les agradecería me indicaran el coste de recuperación de los mismos y la garantía de éxito.
Saludos.