keyword search for cryptolocker-like encrypted files
Posted on 2015-01-05
Recently we were hit by cryptolocker and were able to recover all our files from backups. Now I periodically search our network file shares for keyword: decrypt
I do this to make sure there are no more cryptolocker-encrypted files on the network, since when cryptolocker encrypts files, it creates a decryptinstructions.txt (or something like that) file in every folder it infects.
But now I want to broaden my search and look for some other possible programs of the same type (or the results of those programs).
What else can I search for besides the keyword "decrypt" to look for tell-tale signs that a folder has been hit by other-than-cryptolocker programs that do the same type of thing (encrypt files for ransom).
Is there a website that lists variants and specifically lists what to look for in a file system.
And yes, I do have AV software... we had it when we originally got hit with cryptolocker.
Anyway, thanks for any help anyone can come up with on this subject.