asked on
Any legit software/apps that uses the ransomware extensions
I plan to use tool to prevent following file extensions from being created but concerned
that it may impact legit software/apps. Anyone know if there's any adverse impact.
We have implemented things that cause big disruptions which we now need to be careful.
Don't have a complete list of software we use but offhand, we hv MS Office Suite (incl Outlook),
a few users use media player/access Youtube (so not sure if preventing .mp3 from being
created will be an issue) & Adobe reader, archiving tools (winzip), various McAfee security
agents/tools in our PCs, DLP, Acronis, Checkpoint disk encryption, 2FA softwares.
Mostly on WIn 7 but may have some going to Win 10.
Below is the list of extensions :
.locky
.micro
.zepto
.axx
.cerber
.ecc
.crypt
.ezz
.r5a
.exx
.ccc
.crypz
.cryptowall
.enciphered
.cryptolocker
.mp3
.cryp1
.cerber2
.breaking_bad
.lol!
.crypted
.encrypted
.locked
.xxx
.LeChiffre
.rrk
.cerber3
.enigma
.ttt
.coverton
.crjoker
.encrypt
.good
.zcrypt
.wflx
.crinf
.keybtc@inbox
.surprise
.aaa
.ha3
.zyklon
.abc
.zzz
.EnCiPhErEd
.pdcr
.PoAr2w
.enc
.kkk
.xyz
.windows10
.pzdc
.odcodc
.payms
.crptrgr
.czvxce
.magic
.darkness
.kraken
.p5tkjw
.legion
.bin
.rdm
.fun
.bitstak
.73i87A
.kernel_time
.kernel_compl
.btc
.rokku
.SecureCrypte
.kernel_pid
.payrms
.kratos
.CCCRRRPPP
.kimcilware
.vvv
.paymst
.herbst
.pays
.rekt
.venusf
.paym
.paymts
.szf
.info
.fantom
.paymrss
.padcrypt
.razy
.purge
.a5zfn
.cry
that it may impact legit software/apps. Anyone know if there's any adverse impact.
We have implemented things that cause big disruptions which we now need to be careful.
Don't have a complete list of software we use but offhand, we hv MS Office Suite (incl Outlook),
a few users use media player/access Youtube (so not sure if preventing .mp3 from being
created will be an issue) & Adobe reader, archiving tools (winzip), various McAfee security
agents/tools in our PCs, DLP, Acronis, Checkpoint disk encryption, 2FA softwares.
Mostly on WIn 7 but may have some going to Win 10.
Below is the list of extensions :
.locky
.micro
.zepto
.axx
.cerber
.ecc
.crypt
.ezz
.r5a
.exx
.ccc
.crypz
.cryptowall
.enciphered
.cryptolocker
.mp3
.cryp1
.cerber2
.breaking_bad
.lol!
.crypted
.encrypted
.locked
.xxx
.LeChiffre
.rrk
.cerber3
.enigma
.ttt
.coverton
.crjoker
.encrypt
.good
.zcrypt
.wflx
.crinf
.keybtc@inbox
.surprise
.aaa
.ha3
.zyklon
.abc
.zzz
.EnCiPhErEd
.pdcr
.PoAr2w
.enc
.kkk
.xyz
.windows10
.pzdc
.odcodc
.payms
.crptrgr
.czvxce
.magic
.darkness
.kraken
.p5tkjw
.legion
.bin
.rdm
.fun
.bitstak
.73i87A
.kernel_time
.kernel_compl
.btc
.rokku
.SecureCrypte
.kernel_pid
.payrms
.kratos
.CCCRRRPPP
.kimcilware
.vvv
.paymst
.herbst
.pays
.rekt
.venusf
.paym
.paymts
.szf
.info
.fantom
.paymrss
.padcrypt
.razy
.purge
.a5zfn
.cry
Anti-Virus AppsSecurityWindows OSAcronis
Last Comment
ste5an
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks for the list of extensions: quite a thorough list which contains for
both Windows & Apple (& possibly other platforms?)
We've tested (been thru) it once with one ransomware & it helped: this feature of preventing
files of certain names/extension from being created is offered by a leading
security product so I guess they must have researched it.
both Windows & Apple (& possibly other platforms?)
We've tested (been thru) it once with one ransomware & it helped: this feature of preventing
files of certain names/extension from being created is offered by a leading
security product so I guess they must have researched it.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Does this help preventing the encryption and/or deletion of the original files?
Cause when you block file creation based on that extension, then you may end without any files after a ransom ware attack.
Cause I would expect that the original file is either deleted before the encrypted file is saved or the original file is overwritten and then renamed.
So in the end, I don't think that this will increase security.