代号 | 文件特征 | 通知文件 |
CryptXXX V1, V2, V3*, V4, V5 | {原文件名}+后缀:.crypt;.cryp1; .crypz 或 5位十六进制字符 | {de_crypt_readme.html}; {@README.HTML}; {!12位字符.html}; {!Recovery_12位字符.html} |
GANDCRAB V5.0.4 | {原文件名}.KRAB 后缀, V5 版本病毒更新为随机字符后缀。 | {KRAB-DECRYPT.txt}; {随机字符-DECRYPT.txt} |
Crysis | {原文件名}.ID-<8字符>.<Email>.+后缀:Adobe;Bkpx;Tron;Bgtx;Combo;Gamma;Block;Bip;Arrow;Cesar;Arena | {FILES ENCRYPTED.txt }; {data files encrypted.txt}; {info.html} |
GlobeImposter 3.0 | {原文件名}.+后缀:Aloco;Bigbig;Walker; China4444 ;Help4444;Rat4444;Ox4444; Tiger4444;Rabbit4444 ;Dragon4444;all4444;
Snake4444;Horse4444;Goat4444;Pig4444 Monkey4444;Rooster4444;Dog4444; | {how_to_back_files.html}; {HOW_TO_BACK_FILES.txt} |
CryptON | {原文件名}.<ID>.<email>.x3m; {原文件名}.<ID>.+后缀: Nemesis;x3m-pro;x3m;Mf8y3 | {DECRYPT-MY-FILES.txt}; {HOW TO DECRYPT FILES.html} |
Sicck,Lucky,Satan, dbger | [sicck@protonmail.com].{原文件名}.sicck; [lucky@protonmail.com].{原文件名}.lucky; [dbger@protonmail.com].{原文件名}.dbger; [satan_pro@mail.ru].{原文件名}.satan | {How_to_decrypt_files.txt} |
Locky | {32位字符}.+后缀: locky;odin;osiris;thor;zepto;aesir;zzzz;loptr | {HELP_instructions.html}; {HOWDO_text.html};{WHAT_is.html} |
CERBER,CRBR | {10位字符.4位后缀字符} 例:"8b5Sx2+15n.be6a" | {README.hta}; {HELP_DECRYPT_.hta}; {HOW_TO_DECRYPT_.hta}; {HELP_HELP_HELP.hta}; {READ_THIS_FILE.hta} |
*.HRM,*.Rapid,*.Master, *.Lock | *.HRM,*.Rapid,*.Master,*.Lock | ——————————————— |