[QUOTE]
santy написал:
Цитата RP55 RP55 написал:Список: Инструменты дешифрования и т.д. https://www.comss.ru/page.php?id=4120 >>>>Первоначально рекомендуется использовать инструмент Crypto Sheriff, который позволяет определить ваш тип шифровальщика и проверить, существует ли для него декриптор. [/QUOTE]
имхо,
вводная статья в тему работы с дешифраторами, но содержит ряд методических неточностей и ошибок:
1. сервис Crypto Sheriff крайне неточен при детектировании вариантов шифраторов.
вот пример:
[QUOTE]Hello everyone.
I work with IT here in Brazil. One customer that call me only when needed had a very hard time this last week. I tried to identify the ransomware that got him, but the id.ransonware website and the nomoreransom.org said that he got 2 different types.
The id.ransomware said that the Dharma (.cezar family) was the infection (and there is no decryptor), but the nomoreransom.org said that the CryptXXX v1 was the infection and there is two decrytptors capable of decrypting it.
The company is about to close because of this. They were recovering from the economic recession that we had here in Brazil, but the extortionists are asking for U$5000,00 for the keys and the decrypt tool.
i tried to download the tools that nomoreransom indicated, but no effect. The Kaspersky tool was incapable of decrypt and the thendmicro tool, once I selected the "I Don´t know the ransomwarename" it says that it is Crisis. But it has no effect too.[/QUOTE]
https://www.bleepingcomputer.com/forums/t/688347/idransomware-and-nomoreransomorg-idetifies-different-ransonware/#entry4636396
неверное детектирование на Crypto Sheriff привело к неверному решению.
[QUOTE]The files are infected with the .adobe extension and the note says:
FILES ENCRYPTED.TXT
"all your data has been locked us
You want to return?
write email
[email protected]"[/QUOTE]
если бы база определений в Crypto Sheriff регулярно обновлялась, думаю не составило бы труда определить что это Crysis, а не CryptXXX v1
2.
[QUOTE]Crypto Sheriff обработает эту информацию с помощью собственной базы данных и определит, существует ли готовое решение. Если инструменты не обнаружены, не стоит отчаиваться. [B]Одни из декрипторов все-равно может сработать, хотя вам придется загрузить и протестировать все доступные инструменты[/B]. Это медленный и трудоемкий процесс, но это дешевле, чем платить выкуп злоумышленникам.[/QUOTE]
в таком случае есть большой риск повредить зашифрованные документы и окончательно утратить возможность их восстановления.
если пытаться дешифровать всем подряд.
как минимум, необходимо тестировать дешифраторы на копиях зашифрованных документов.
[URL=https://id-ransomware.malwarehunterteam.com/index.php][B]На ID Ransomware[/B][/URL] более точный подход:
[QUOTE][B]Можно расшифровать мои данные?[/B]
Нет.
Данный сервис только для определения вымогателя, зашифровавшего файлы.
Мы хотим указать правильное направление, чтобы вы знали, есть ли способ расшифровки файлов.
Способа восстановления может и не быть, т.к. каждый случай индивидуален.
[/QUOTE]
[B]Какие вымогатели идентифицируются?[/B]
[QUOTE]Наш сервис идентифицирует 661 вымогателя(ей). Вот пополняемый список того, что уже определяется:
010001, 24H Ransomware, 4rw5w, 777, 7ev3n, 7h9r, 7zipper, 8lock8, AAC, ABCLocker, ACCDFISA v2.0, AdamLocker, AES_KEY_GEN_ASSIST, AES-Matrix, AES-NI, AES256-06, Al-Namrood, Al-Namrood 2.0, Alcatraz, Alfa, Allcry, Alma Locker, Alpha, AMBA, Amnesia, Amnesia2, AnDROid, AngryDuck, Anubi, Anubis, Apocalypse, Apocalypse (New Variant), ApocalypseVM, ApolloLocker, AresCrypt, Argus, Armage, ArmaLocky, ASN1 Encoder, Atchbo, Aurora, AutoLocky, AutoWannaCryV2, AVCrypt, AxCrypter, aZaZeL, B2DR, BadBlock, BadEncript, BadRabbit, Bam!, BananaCrypt, BandarChor, Bart, Bart v2.0, BitCrypt, BitCrypt 2.0, BitCryptor, BitKangoroo, Bitpaymer, Bitshifter, BitStak, BKRansomware, Black Feather, Black Shades, BlackHeart, Blackout, BlackRuby, Blind, Blind 2, Blocatto, BlockFile12, Blooper, Blue Blackmail, Booyah, BrainCrypt, Brazilian Ransomware, BrickR, BTCamant, BTCWare, BTCWare Aleta, BTCWare Gryphon, BTCWare Master, BTCWare PayDay, Bubble, Bucbi, Bud, BugWare, BuyUnlockCode, Cancer, Cassetto, Cerber, Cerber 2.0, Cerber 3.0, Cerber 4.0 / 5.0, CerberTear, Chimera, ChinaYunLong, CHIP, ClicoCrypter, Clouded, CmdRansomware, CockBlocker, Coin Locker, CoinVault, Comrade Circle, Conficker, CorruptCrypt, Coverton, CradleCore, CreamPie, Creeper, Cripton, Cry128, Cry36, Cry9, Cryakl, CryFile, CryLocker, CrypMic, CrypMic, Crypren, Crypt0, Crypt0L0cker, Crypt12, Crypt38, CryptConsole, CryptConsole3, CryptFuck, CryptGh0st, CryptInfinite, CryptoDefense, CryptoDevil, CryptoFinancial, CryptoFortress, CryptoGod, CryptoHasYou, CryptoHitman, CryptoJacky, CryptoJoker, CryptoLocker3, CryptoLockerEU, CryptoLuck, CryptoMix, CryptoMix Revenge, CryptoMix Wallet, CryptON, Crypton, CryptorBit, CryptoRoger, CryptoShield, CryptoShocker, CryptoTorLocker, CryptoViki, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0, CryptoWire, CryptXXX, CryptXXX 2.0, CryptXXX 3.0, CryptXXX 4.0, CryPy, CrySiS, Crystal, CTB-Faker, CTB-Locker, Dablio, Damage, DarkoderCryptor, DataKeeper, Dcrtr, DCry, DCry 2.0, Deadly, DeathNote, DEDCryptor, Defender, Defray, DeriaLock, Dharma (.cezar Family), Dharma (.dharma Family), Dharma (.onion Family), Dharma (.wallet Family), Digisom, DilmaLocker, DirtyDecrypt, District, Djvu, DMA Locker, DMA Locker 3.0, DMA Locker 4.0, DMALocker Imposter, Domino, Done, DoNotChange, Donut, DoubleLocker, DriedSister, DryCry, Dviide, DXXD, DynA-Crypt, eBayWall, ECLR Ransomware, EdgeLocker, EduCrypt, EggLocker, El Polocker, EnCrypt, EncrypTile, EncryptoJJS, Encryptor RaaS, Enigma, Enjey Crypter, EnkripsiPC, EOEO, Erebus, Eternal, Everbe, Everbe 2.0, Evil, Executioner, ExecutionerPlus, Exocrypt XTC, Exotic, Extortion Scam, Extractor, Fabiansomware, Fadesoft, Fantom, FartPlz, FCPRansomware, FenixLocker, Fenrir, FilesLocker, FindZip, FireCrypt, Flatcher3, FLKR, Flyper, FrozrLock, FRSRansomware, FS0ciety, FuckSociety, FunFact, GandCrab, GandCrab v4.0 / v5.0, GandCrab2, GarrantyDecrypt, GC47, Gerber, GhostCrypt, GhostHammer, Gibon, Globe, Globe (Broken), Globe3, GlobeImposter, GlobeImposter 2.0, Godra, GOG, GoldenEye, Gomasom, GPAA, GPCode, GPGQwerty, GusCrypter, GX40, Hacked, HadesLocker, Halloware, HappyDayzz, hc6, hc7, HDDCryptor, Heimdall, HellsRansomware, Help50, HelpDCFile, Herbst, Hermes, Hermes 2.0, Hermes 2.1, Heropoint, Hi Buddy!, HiddenTear, HollyCrypt, HolyCrypt, HPE iLO Ransomware, Hucky, HydraCrypt, IEncrypt, IFN643, ImSorry, Incanto, InducVirus, InfiniteTear, InfinityLock, InsaneCrypt, iRansom, Iron, Ishtar, Israbye, JabaCrypter, Jack.Pot, Jaff, Jager, JapanLocker, JeepersCrypt, Jigsaw, JobCrypter, JosepCrypt, JuicyLemon, JungleSec, Kaenlupuf, Kali, Karma, Karmen, Karo, Kasiski, Katyusha, KawaiiLocker, KCW, Kee Ransomware, KeRanger, Kerkoporta, KeyBTC, KEYHolder, KillerLocker, KillRabbit, KimcilWare, Kirk, Kolobo, Kostya, Kozy.Jozy, Kraken, Kraken Cryptor, KratosCrypt, Krider, Kriptovor, KryptoLocker, L33TAF Locker, Ladon, Lalabitch, LambdaLocker, LeChiffre, LightningCrypt, Lime, LittleFinger, LLTP, LMAOxUS, Lock2017, Lock93, LockBox, LockCrypt, LockCrypt 2.0, Locked_File, Locked-In, LockedByte, LockeR, LockLock, LockMe, Lockout, Locky, LongTermMemoryLoss, Lortok, LoveServer, LowLevel04, Lucky, MadBit, MAFIA, MafiaWare, Magic, Magniber, Maktub Locker, MalwareTech's CTF, Marlboro, MarsJoke, Matrix, MauriGo, MaxiCrypt, Maykolin, Maysomware, MCrypt2018, Meteoritan, Mikoyan, Minotaur, MirCop, MireWare, Mischa, MMM, MNS CryptoLocker, Mobef, MoonCrypter, MOTD, MoWare, MRCR1, MrDec, Mystic, n1n1n1, NanoLocker, NCrypt, NegozI, Nemucod, Nemucod-7z, Nemucod-AES, NETCrypton, Netix, NewHT, Nhtnwcuf, NM4, NMoreira, NMoreira 2.0, Noblis, NotAHero, Nozelesn, NSB Ransomware, Nuke, NullByte, NxRansomware, ODCODC, OhNo!, OoPS, OopsLocker, OpenToYou, Ordinypt, OzozaLocker, PadCrypt, Paradise, Paradise B29, PayDay, PaySafeGen, PClock, PClock (Updated), PEC 2017, Pendor, Petna, PGPSnippet, Philadelphia, Phobos, Pickles, PoisonFang, PopCornTime, Potato, PowerLocky, PowerShell Locker, PowerWare, Pr0tector, Predator, PrincessLocker, PrincessLocker 2.0, PrincessLocker Evolution, Project34, Protected Ransomware, PshCrypt, PUBG Ransomware, PyCL, PyCL, PyL33T, PyLocky, qkG, QuakeWay, QwertyCrypt, Qweuirtksd, R980, RAA-SEP, RackCrypt, Radamant, Radamant v2.1, Radiation, Random6, RandomLocker, Ranion, RanRan, RanRans, Rans0mLocked, RansomCuck, Ransomnix, RansomPlus, RansomWarrior, Rapid, Rapid 2.0 / 3.0, RaRansomware, RarVault, Razy, RedBoot, RedEye, REKTLocker, Rektware, RemindMe, RenLocker, RensenWare, Reyptson, Roga, Rokku, RoshaLock, RotorCrypt, Roza, RSA-NI, RSA2048Pro, RSAUtil, Ruby, Russenger, Russian EDA2, Ryuk, SAD, SADStory, Sage 2.0, Salsa, SamSam, Sanction, Sanctions, Satan, Satana, Saturn, Scarab, Sepsis, SerbRansom, Serpent, ShellLocker, Shifr, Shigo, ShinigamiLocker, ShinoLocker, ShivaGood, Shrug, Shujin, Shutdown57, Sifreli, Sigma, Sigrun, SilentSpring, Simple_Encoder, SintaLocker, Skull Ransomware, SkyFile, Smrss32, SnakeLocker, SNSLocker, SoFucked, Solo Ransomware, Spartacus, Spectre, Spider, Spora, Sport, SQ_, Stampado, Stinger, STOP, StorageCrypter, Storm, Striked, Stroman, Stupid Ransomware, Styx, SuperB, SuperCrypt, Surprise, SynAck, SyncCrypt, SYSDOWN, SZFLocker, Team XRat, Telecrypt, Termite, TeslaCrypt 0.x, TeslaCrypt 2.x, TeslaCrypt 3.0, TeslaCrypt 4.0, TeslaWare, Thanatos, TheDarkEncryptor, THT Ransomware, tk, Torchwood, TotalWipeOut, TowerWeb, ToxCrypt, Trojan.Encoder.6491, Troldesh / Shade, Tron, TrueCrypter, TrumpLocker, UCCU, UIWIX, Ukash, UmbreCrypt, UnblockUPC, Ungluk, Unknown Crypted, Unknown Lock, Unknown XTBL, Unlock26, Unlock92, Unlock92 2.0, Unlock92 Zipper, Useless Disk, UselessFiles, UserFilesLocker, USR0, Uyari, V8Locker, Vapor v1, VaultCrypt, vCrypt, Velso, Vendetta, VenisRansomware, VenusLocker, ViACrypt, VindowsLocker, VisionCrypt, VMola, Vortex, Vurten, VxLock, Waffle, WannaCash, WannaCry, WannaCry.NET, WannaCryOnClick, WannaDie, WannaPeace, WannaSmile, WannaSpam, WhatAFuck, WhiteRose, WildFire Locker, WininiCrypt, Winnix Cryptor, WinRarer, WonderCrypter, Wooly, X Locker 5.0, XCrypt, XData, XiaoBa, XiaoBa 2.0, Xorist, Xort, XRTN, XTP Locker 5.0, XYZWare, YouAreFucked, YourRansom, Yyto, ZariqaCrypt, zCrypt, Zekwacrypt, Zenis, ZeroCrypt, ZeroRansom, Zilla, ZimbraCryptor, ZinoCrypt, ZipLocker, Zipper, Zoldon, Zyklon [/QUOTE]
