Avatar of sunhux
sunhux
 asked on

Any legit software/apps that uses the ransomware extensions

I plan to use tool to prevent following file extensions from being created but concerned
that it may impact legit software/apps.  Anyone know if there's any adverse impact.
We have implemented things that cause big disruptions which we now need to be careful.

Don't have a complete list of software we use but offhand, we hv MS Office Suite (incl Outlook),
a few users use media player/access Youtube (so not sure if preventing .mp3 from being
created will be an issue) & Adobe reader, archiving tools (winzip), various McAfee security
agents/tools in our PCs, DLP, Acronis, Checkpoint disk encryption, 2FA softwares.

Mostly on WIn 7 but may have some going to Win 10.

Below is the list of extensions :
.locky
.micro
.zepto
.axx
.cerber
.ecc
.crypt
.ezz
.r5a
.exx
.ccc
.crypz
.cryptowall
.enciphered
.cryptolocker
.mp3
.cryp1
.cerber2
.breaking_bad
.lol!
.crypted
.encrypted
.locked
.xxx
.LeChiffre
.rrk
.cerber3
.enigma
.ttt
.coverton
.crjoker
.encrypt
.good
.zcrypt
.wflx
.crinf
.keybtc@inbox
.surprise
.aaa
.ha3
.zyklon
.abc
.zzz
.EnCiPhErEd
.pdcr
.PoAr2w
.enc
.kkk
.xyz
.windows10
.pzdc
.odcodc
.payms
.crptrgr
.czvxce
.magic
.darkness
.kraken
.p5tkjw
.legion
.bin
.rdm
.fun
.bitstak
.73i87A
.kernel_time
.kernel_compl
.btc
.rokku
.SecureCrypte
.kernel_pid
.payrms
.kratos
.CCCRRRPPP
.kimcilware
.vvv
.paymst
.herbst
.pays
.rekt
.venusf
.paym
.paymts
.szf
.info
.fantom
.paymrss
.padcrypt
.razy
.purge
.a5zfn
.cry
Anti-Virus AppsSecurityWindows OSAcronis

Avatar of undefined
Last Comment
ste5an

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Aard Vark

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
ste5an

hmm, you should test it or look at the actual code.

Cause when you block file creation based on that extension, then you may end without any files after a ransom ware attack.
Cause I would expect that the original file is either deleted before the encrypted file is saved or the original file is overwritten and then renamed.

So in the end, I don't think that this will increase security.
SOLUTION
btan

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
sunhux

ASKER
Thanks for the list of extensions: quite a thorough list which contains for
both Windows & Apple (& possibly other platforms?)

We've tested (been thru) it once with one ransomware & it helped: this feature of preventing
files of certain names/extension from being created is offered by a leading
security product so I guess they must have researched it.
SOLUTION
btan

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Sameh Gomaa

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
ste5an

Does this help preventing the encryption and/or deletion of the original files?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy