Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.

Knowing is half the battle!
GI Joe

FAQ

Which ransomwares are detected?

This service currently detects 156 different ransomwares. Here is a complete, dynamic list of what is currently detected:

777, 7ev3n, 7h9r, 8lock8, ACCDFISA v2.0, Alfa, Alma Locker, Alpha, AMBA, Apocalypse, Apocalypse (Unavailable), ApocalypseVM, AutoLocky, AxCrypter, BadBlock, Bandarchor, BankAccountSummary, Bart, BitCrypt, BitCrypt 2.0, BitCryptor, BitMessage, BitStak, Black Shades, Blocatto, Booyah, Brazilian Ransomware, Bucbi, BuyUnlockCode, Cerber, Cerber 2.0, Chimera, Coin Locker, CoinVault, Coverton, Cryakl, CryFile, CrypMic, Crypren, Crypt0L0cker, Crypt38, CryptInfinite, CryptoDefense, CryptoFinancial, CryptoFortress, CryptoHasYou, CryptoHitman, CryptoJoker, CryptoMix, CryptorBit, CryptoRoger, CryptoShocker, CryptoTorLocker, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0, CryptXXX, CryptXXX 2.0, CryptXXX 3.0, CryptXXX 4.0, CrySiS, CTB-Faker, CTB-Locker, DEDCryptor, DirtyDecrypt, DMA Locker, DMA Locker 3.0, DMA Locker 4.0, ECLR Ransomware, EduCrypt, El Polocker, Encryptor RaaS, Enigma, GhostCrypt, Globe, Gomasom, Herbst, Hi Buddy!, HolyCrypt, HydraCrypt, Jager, Jigsaw, JobCrypter, JuicyLemon, KeRanger, KEYHolder, KimcilWare, Kozy.Jozy, KratosCrypt, Kriptovor, KryptoLocker, LeChiffre, Locky, Lortok, Magic, Maktub Locker, MirCop, MireWare, Mischa, Mobef, NanoLocker, NegozI, Nemucod, Nemucod-7z, ODCODC, OMG! Ransomcrypt, PadCrypt, PayForNature, PClock, PowerLocky, PowerWare, Protected Ransomware, R980, RAA-SEP, Radamant, Radamant v2.1, Razy, REKTLocker, RemindMe, Rokku, Russian EDA2, SamSam, Sanction, Satana, ShinoLocker, Shujin, Simple_Encoder, Smrss32, SNSLocker, Sport, SuperCrypt, Surprise, SZFLocker, TeslaCrypt 0.x, TeslaCrypt 2.x, TeslaCrypt 3.0, TeslaCrypt 4.0, TowerWeb, ToxCrypt, Troldesh, TrueCrypter, UCCU, UmbreCrypt, Unlock92, Unlock92 2.0, Uyari, VaultCrypt, VenusLocker, WildFire Locker, WonderCrypter, Xorist, Xort, XRTN, zCrypt, ZimbraCryptor, Zyklon
Can you decrypt my data?

No. This service is strictly for identifying what ransomware may have encrypted your files. It will attempt to point you in the right direction, and let you know if there is a known way of decrypting your files. Otherwise, there is no automated recovery attempts, as each case is different.

Is my data confidential?

Any uploaded files are immediately analysed against the database of signatures. If results are found, they are immedietely deleted. If no results are found, the uploaded files may be shared with trusted malware analysts to help with future detections, or identifying a new ransomware.

Data is uploaded to the server over SSL, meaning the connection can not be intercepted by a third-party.

With that said, I cannot guarantee files are kept 100% confidential. The data is temporarily stored on a shared host, and I am not responsible for anything done otherwise with this data.

What if I have multiple results?

Many ransomware have similar "signatures" in common, such as sharing the same extension on files. This makes it difficult to be 100% certain in some cases. Results are ordered by how many matches there are to prove it may be a particular ransomware.

Can I upload a sample of the malware or suspicious files?

No. This service will only assess the ransom note, and encrypted files to determine the ransomware. For static or behavioural analysis, you can submit files to VirusTotal or Malwr.

Can I Donate?

ID Ransomware is, and always will be, a free service to the public. It is currently a personal project that I have created to help guide victims to reliable information on a ransomware that may have infected their system. Other than direct development and signature additions to the website itself, it is an overall community effort.

I do not ask for any money for my services. I do, however, highly recommend investing in a proper backup to prevent you from becoming a victim in the future - ransomware is not the only cause of data loss! There are several easy and affordable cloud services available that offer great precautions against a ransomware attack, among other disasters.

However, if I or this website have helped you, and you really do wish to give back, feel free to toss a dollar or two my way to help with hosting costs.

source: https://id-ransomware.malwarehunterteam.com/