Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat. The purpose of this eBook is to educate the reader about ransomware attacks.
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Any legit software/apps that uses the ransomware extensions
Posted on 2016-09-14
I plan to use tool to prevent following file extensions from being created but concerned
that it may impact legit software/apps. Anyone know if there's any adverse impact.
We have implemented things that cause big disruptions which we now need to be careful.
Don't have a complete list of software we use but offhand, we hv MS Office Suite (incl Outlook),
a few users use media player/access Youtube (so not sure if preventing .mp3 from being
created will be an issue) & Adobe reader, archiving tools (winzip), various McAfee security
agents/tools in our PCs, DLP, Acronis, Checkpoint disk encryption, 2FA softwares.
Mostly on WIn 7 but may have some going to Win 10.
Below is the list of extensions :
.locky
.micro
.zepto
.axx
.cerber
.ecc
.crypt
.ezz
.r5a
.exx
.ccc
.crypz
.cryptowall
.enciphered
.cryptolocker
.mp3
.cryp1
.cerber2
.breaking_bad
.lol!
.crypted
.encrypted
.locked
.xxx
.LeChiffre
.rrk
.cerber3
.enigma
.ttt
.coverton
.crjoker
.encrypt
.good
.zcrypt
.wflx
.crinf
.keybtc@inbox
.surprise
.aaa
.ha3
.zyklon
.abc
.zzz
.EnCiPhErEd
.pdcr
.PoAr2w
.enc
.kkk
.xyz
.windows10
.pzdc
.odcodc
.payms
.crptrgr
.czvxce
.magic
.darkness
.kraken
.p5tkjw
.legion
.bin
.rdm
.fun
.bitstak
.73i87A
.kernel_time
.kernel_compl
.btc
.rokku
.SecureCrypte
.kernel_pid
.payrms
.kratos
.CCCRRRPPP
.kimcilware
.vvv
.paymst
.herbst
.pays
.rekt
.venusf
.paym
.paymts
.szf
.info
.fantom
.paymrss
.padcrypt
.razy
.purge
.a5zfn
.cry
that it may impact legit software/apps. Anyone know if there's any adverse impact.
We have implemented things that cause big disruptions which we now need to be careful.
Don't have a complete list of software we use but offhand, we hv MS Office Suite (incl Outlook),
a few users use media player/access Youtube (so not sure if preventing .mp3 from being
created will be an issue) & Adobe reader, archiving tools (winzip), various McAfee security
agents/tools in our PCs, DLP, Acronis, Checkpoint disk encryption, 2FA softwares.
Mostly on WIn 7 but may have some going to Win 10.
Below is the list of extensions :
.locky
.micro
.zepto
.axx
.cerber
.ecc
.crypt
.ezz
.r5a
.exx
.ccc
.crypz
.cryptowall
.enciphered
.cryptolocker
.mp3
.cryp1
.cerber2
.breaking_bad
.lol!
.crypted
.encrypted
.locked
.xxx
.LeChiffre
.rrk
.cerber3
.enigma
.ttt
.coverton
.crjoker
.encrypt
.good
.zcrypt
.wflx
.crinf
.keybtc@inbox
.surprise
.aaa
.ha3
.zyklon
.abc
.zzz
.EnCiPhErEd
.pdcr
.PoAr2w
.enc
.kkk
.xyz
.windows10
.pzdc
.odcodc
.payms
.crptrgr
.czvxce
.magic
.darkness
.kraken
.p5tkjw
.legion
.bin
.rdm
.fun
.bitstak
.73i87A
.kernel_time
.kernel_compl
.btc
.rokku
.SecureCrypte
.kernel_pid
.payrms
.kratos
.CCCRRRPPP
.kimcilware
.vvv
.paymst
.herbst
.pays
.rekt
.venusf
.paym
.paymts
.szf
.info
.fantom
.paymrss
.padcrypt
.razy
.purge
.a5zfn
.cry
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2
2
- +2
7 Comments
Active today
.bin
.mp3
These 2 stand out as obvious legitimate file extensions.
This site has a big list of file extensions: http://filext.com/alphalist.php?extstart=^A
http://filext.com/file-extension/locky
http://filext.com/file-extension/micro
http://filext.com/file-extension/zepto
http://filext.com/file-extension/axx
http://filext.com/file-extension/cerber
http://filext.com/file-extension/ecc
http://filext.com/file-extension/crypt
http://filext.com/file-extension/ezz
http://filext.com/file-extension/r5a
http://filext.com/file-extension/exx
http://filext.com/file-extension/ccc
http://filext.com/file-extension/crypz
http://filext.com/file-extension/cryptowall
http://filext.com/file-extension/enciphered
http://filext.com/file-extension/cryptolocker
http://filext.com/file-extension/mp3
http://filext.com/file-extension/cryp1
http://filext.com/file-extension/cerber2
http://filext.com/file-extension/breaking_bad
http://filext.com/file-extension/lol!
http://filext.com/file-extension/crypted
http://filext.com/file-extension/encrypted
http://filext.com/file-extension/locked
http://filext.com/file-extension/xxx
http://filext.com/file-extension/LeChiffre
http://filext.com/file-extension/rrk
http://filext.com/file-extension/cerber3
http://filext.com/file-extension/enigma
http://filext.com/file-extension/ttt
http://filext.com/file-extension/coverton
http://filext.com/file-extension/crjoker
http://filext.com/file-extension/encrypt
http://filext.com/file-extension/good
http://filext.com/file-extension/zcrypt
http://filext.com/file-extension/wflx
http://filext.com/file-extension/crinf
http://filext.com/file-extension/keybtc@inbox
http://filext.com/file-extension/surprise
http://filext.com/file-extension/aaa
http://filext.com/file-extension/ha3
http://filext.com/file-extension/zyklon
http://filext.com/file-extension/abc
http://filext.com/file-extension/zzz
http://filext.com/file-extension/EnCiPhErEd
http://filext.com/file-extension/pdcr
http://filext.com/file-extension/PoAr2w
http://filext.com/file-extension/enc
http://filext.com/file-extension/kkk
http://filext.com/file-extension/xyz
http://filext.com/file-extension/windows10
http://filext.com/file-extension/pzdc
http://filext.com/file-extension/odcodc
http://filext.com/file-extension/payms
http://filext.com/file-extension/crptrgr
http://filext.com/file-extension/czvxce
http://filext.com/file-extension/magic
http://filext.com/file-extension/darkness
http://filext.com/file-extension/kraken
http://filext.com/file-extension/p5tkjw
http://filext.com/file-extension/legion
http://filext.com/file-extension/bin
http://filext.com/file-extension/rdm
http://filext.com/file-extension/fun
http://filext.com/file-extension/bitstak
http://filext.com/file-extension/73i87A
http://filext.com/file-extension/kernel_time
http://filext.com/file-extension/kernel_compl
http://filext.com/file-extension/btc
http://filext.com/file-extension/rokku
http://filext.com/file-extension/SecureCrypte
http://filext.com/file-extension/kernel_pid
http://filext.com/file-extension/payrms
http://filext.com/file-extension/kratos
http://filext.com/file-extension/CCCRRRPPP
http://filext.com/file-extension/kimcilware
http://filext.com/file-extension/vvv
http://filext.com/file-extension/paymst
http://filext.com/file-extension/herbst
http://filext.com/file-extension/pays
http://filext.com/file-extension/rekt
http://filext.com/file-extension/venusf
http://filext.com/file-extension/paym
http://filext.com/file-extension/paymts
http://filext.com/file-extension/szf
http://filext.com/file-extension/info
http://filext.com/file-extension/fantom
http://filext.com/file-extension/paymrss
http://filext.com/file-extension/padcrypt
http://filext.com/file-extension/razy
http://filext.com/file-extension/purge
http://filext.com/file-extension/a5zfn
http://filext.com/file-extension/cry
.mp3
These 2 stand out as obvious legitimate file extensions.
This site has a big list of file extensions: http://filext.com/alphalist.php?extstart=^A
http://filext.com/file-extension/locky
http://filext.com/file-extension/micro
http://filext.com/file-extension/zepto
http://filext.com/file-extension/axx
http://filext.com/file-extension/cerber
http://filext.com/file-extension/ecc
http://filext.com/file-extension/crypt
http://filext.com/file-extension/ezz
http://filext.com/file-extension/r5a
http://filext.com/file-extension/exx
http://filext.com/file-extension/ccc
http://filext.com/file-extension/crypz
http://filext.com/file-extension/cryptowall
http://filext.com/file-extension/enciphered
http://filext.com/file-extension/cryptolocker
http://filext.com/file-extension/mp3
http://filext.com/file-extension/cryp1
http://filext.com/file-extension/cerber2
http://filext.com/file-extension/breaking_bad
http://filext.com/file-extension/lol!
http://filext.com/file-extension/crypted
http://filext.com/file-extension/encrypted
http://filext.com/file-extension/locked
http://filext.com/file-extension/xxx
http://filext.com/file-extension/LeChiffre
http://filext.com/file-extension/rrk
http://filext.com/file-extension/cerber3
http://filext.com/file-extension/enigma
http://filext.com/file-extension/ttt
http://filext.com/file-extension/coverton
http://filext.com/file-extension/crjoker
http://filext.com/file-extension/encrypt
http://filext.com/file-extension/good
http://filext.com/file-extension/zcrypt
http://filext.com/file-extension/wflx
http://filext.com/file-extension/crinf
http://filext.com/file-extension/keybtc@inbox
http://filext.com/file-extension/surprise
http://filext.com/file-extension/aaa
http://filext.com/file-extension/ha3
http://filext.com/file-extension/zyklon
http://filext.com/file-extension/abc
http://filext.com/file-extension/zzz
http://filext.com/file-extension/EnCiPhErEd
http://filext.com/file-extension/pdcr
http://filext.com/file-extension/PoAr2w
http://filext.com/file-extension/enc
http://filext.com/file-extension/kkk
http://filext.com/file-extension/xyz
http://filext.com/file-extension/windows10
http://filext.com/file-extension/pzdc
http://filext.com/file-extension/odcodc
http://filext.com/file-extension/payms
http://filext.com/file-extension/crptrgr
http://filext.com/file-extension/czvxce
http://filext.com/file-extension/magic
http://filext.com/file-extension/darkness
http://filext.com/file-extension/kraken
http://filext.com/file-extension/p5tkjw
http://filext.com/file-extension/legion
http://filext.com/file-extension/bin
http://filext.com/file-extension/rdm
http://filext.com/file-extension/fun
http://filext.com/file-extension/bitstak
http://filext.com/file-extension/73i87A
http://filext.com/file-extension/kernel_time
http://filext.com/file-extension/kernel_compl
http://filext.com/file-extension/btc
http://filext.com/file-extension/rokku
http://filext.com/file-extension/SecureCrypte
http://filext.com/file-extension/kernel_pid
http://filext.com/file-extension/payrms
http://filext.com/file-extension/kratos
http://filext.com/file-extension/CCCRRRPPP
http://filext.com/file-extension/kimcilware
http://filext.com/file-extension/vvv
http://filext.com/file-extension/paymst
http://filext.com/file-extension/herbst
http://filext.com/file-extension/pays
http://filext.com/file-extension/rekt
http://filext.com/file-extension/venusf
http://filext.com/file-extension/paym
http://filext.com/file-extension/paymts
http://filext.com/file-extension/szf
http://filext.com/file-extension/info
http://filext.com/file-extension/fantom
http://filext.com/file-extension/paymrss
http://filext.com/file-extension/padcrypt
http://filext.com/file-extension/razy
http://filext.com/file-extension/purge
http://filext.com/file-extension/a5zfn
http://filext.com/file-extension/cry
Active today
hmm, you should test it or look at the actual code.
Cause when you block file creation based on that extension, then you may end without any files after a ransom ware attack.
Cause I would expect that the original file is either deleted before the encrypted file is saved or the original file is overwritten and then renamed.
So in the end, I don't think that this will increase security.
Cause when you block file creation based on that extension, then you may end without any files after a ransom ware attack.
Cause I would expect that the original file is either deleted before the encrypted file is saved or the original file is overwritten and then renamed.
So in the end, I don't think that this will increase security.
Active today
you probably can check this out which they are saying the same strategy and they stated some that may not be in your list for e.g.
http://www.bleepingcomputer.com/forums/t/606360/a-complete-list-of-ransomware-file-ext-and-readme-file-name/extensions/
.R16M01D05, .xrtn, .unbrecrypt_ID_*, .CTBL, .CTBL2, .HA3, .0x0, .bleep, .1999, .bleep, .hydracrypt_ID_*, .keybtc@inbox_com, .POSHKODER, .frtrss, .crjockerBut I am thinking you want to consider even restricting certain filename - those ransom notes though there can be false positive too, may be worth to test in staging
HELP_TO_SAVE_FILES.txt, BitCryptorFileList.txt, BUYUNLOCKCODE, YOUR_FILES_ARE_ENCRYPTED.Hhttp://www.bleepingcomputer.com/forums/t/589811/updated-list-of-ransomware-file-names-and-TML, Coin.Locker.txt, DECRYPT_INSTRUCTIONS.HTML, ReadDecryptFilesHere.txt, HOW_DECRYPT.TXT, READ IF YOU WANT YOUR FILES BACK.HTML, GetYouFiles.txt, HOW TO DECRYPT FILES.HTML, DECRYPT_INSTRUCTION.TXT, HELP_DECRYPT.TXT, HELP_YOURFILES.HTML, HowDecrypt.gif, Decrypt All Files *.bmp, cryptinfo.txt, DECRYPT_Readme.TXT.ReadMe, qwer.html, qwer2.html, Hellothere.txt, FILESAREGONE.TXT, HOW TO DECRYPT FILES.TXT, DECRYPT_Readme.TXT.ReadMe, README_DECRYPT_HYDRA_ID_*. txt, DECRYPT_YOUR_FILES.HTML, KryptoLocker_README.txt, _Locky_recover_instruction s.txt, DECRYPT_Readme.TXT.ReadMe, ATTENTION.RTF, how to get data.txt, IMPORTANT READ ME.txt, UnblockFiles.vbs, YOUR_FILES.url, exit.hhr.obleep, HOW_TO_DECRYPT.HTML, HOW-TO-DECRYPT-FILES.HTML, HELP_TO_SAVE_FILES.txt, HELP_TO_SAVE_FILES.txt, HELP_TO_SAVE_FILES.txt, _H_e_l_p_RECOVER_INSTRUCTI ONS+*.txt, DECRYPT_INSTRUCTIONS.HTML, README_DECRYPT_UMBRE_ID_*. txt, Help_Decrypt.txt, CryptLogFile.txt
http://www.bleepingcomputer.com/forums/t/606360/a-complete-list-of-ransomware-file-ext-and-readme-file-name/extensions/
Active 2 days ago
Thanks for the list of extensions: quite a thorough list which contains for
both Windows & Apple (& possibly other platforms?)
We've tested (been thru) it once with one ransomware & it helped: this feature of preventing
files of certain names/extension from being created is offered by a leading
security product so I guess they must have researched it.
both Windows & Apple (& possibly other platforms?)
We've tested (been thru) it once with one ransomware & it helped: this feature of preventing
files of certain names/extension from being created is offered by a leading
security product so I guess they must have researched it.
Active today
With blacklist of file and its metadata and whitelisting of apps will reduce the exposure collectively. Also do the necessary filtering and scanning of the USB drives, email etc. The decoy has been mentioned before like TrapX CryptoTrap in case you are interested (pdf) http://deceive.trapx.com/rs/929-JEW-675/images/Product_Brief_TrapX_CryptoTrap.pdf
Featured Post
Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
A look at what happened in the Verizon cloud breach.
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you!
In this Micro Tutorial, you'll learn yo…
- Microsoft Applications
- Windows 10
- Windows OS
- Fonts Typography
- Windows 7, Microsoft Word
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month5 days, 18 hours left to enroll
627 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.