Michael Gillespie, a coder that has created a password generator for unlocking the files stashed in a password-protected archive by the CryptoHost ransomware, has also created ID Ransomware, a free online tool for victims to identify with which particular ransomware they’ve been hit.
The service detects and identifies 52 different ransomware types based on the ransom note displayed and/or on a file that has been encrypted. The victims must simply upload the files to the site and wait for the answer.
If it recognizes the ransomware, and the ransomware is decryptable, the user will be directed towards a decryption tool:
If there is no known way of decrypting the data at that time, he or she will be will be advised to backup the encrypted files in the hope that a decryption method will be discovered/created in the future, and pointed to a forum support thread for the malware in question.
List of identified ransomware
The list of ransomware that the tool currently identifies is as follows: 7ev3n, Booyah, Brazilian Ransomware, BuyUnlockCode, Cerber, CoinVault, Coverton, Crypt0L0cker, CryptoFortress, CryptoHasYou, CryptoJoker, CryptoTorLocker, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0, CrySiS, CTB-Locker, DMA Locker, ECLR Ransomware, EnCiPhErEd, Hi Buddy!, HOW TO DECRYPT FILES, HydraCrypt, Jigsaw, JobCrypter, KeRanger, LeChiffre, Locky, Lortok, Magic, Maktub Locker, MireWare, NanoLocker, Nemucod, OMG! Ransomcrypt, PadCrypt, PClock, PowerWare, Radamant, Rokku, Samas, Sanction, Shade, SuperCrypt, Surprise, TeslaCrypt 0.x, TeslaCrypt 2.x, TeslaCrypt 3.0, TeslaCrypt 4.0, UmbreCrypt, Unknown, VaultCrypt.