Do you need help in detecting which ransomware family has infected your computer and locked your files?

Apr 11, 2016 17:05 GMT  ·  By

A new website that launched in the past weeks is now making the life of ransomware victims a lot easier by allowing them to identify which ransomware variant infected their computers and if there's a way to recover the files without paying.

Called ID Ransomware, the website has been put together by Michael Gillespie, a regular collaborator to Bleeping Computer's support forum where most of today's ransomware victims go for help. Michael is also one of the people that helped crack the CryptoHost (Manamecrypt) ransomware.

To use the ID Ransomware website, users will need two things. First is the ransom note file, which can take different forms, from HTML to text files, and then they'll need one of the files encrypted by the ransomware.

Users have to select and upload both files in the two form fields on the ID Ransomware website, and hit the "Upload" button. This starts an analysis of the two files, and after a few seconds/minutes (depending on server load), the website will tell you which ransomware variant has locked your computer, like in the image below.

As the service's motto goes, "Knowing is half the battle!"

Depending on the ransomware type that has been detected, lucky users will receive a link where they can download a decrypter that will help them unlock their files.

Not-so-lucky users will be redirected to a Bleeping Computer forum support thread, while also being asked to back up their encrypted data, in the hope they can recover their files in the future if a decrypter ever becomes available.

At the time of writing, the ID Ransomware service supports the following 51 ransomware variants: 7ev3n, Booyah, Brazilian Ransomware, BuyUnlockCode, Cerber, CoinVault, Coverton, Crypt0L0cker, CryptoFortress, CryptoHasYou, CryptoJoker, CryptoTorLocker, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0, CrySiS, CTB-Locker, DMA Locker, ECLR Ransomware, EnCiPhErEd, Hi Buddy!, HOW TO DECRYPT FILES, HydraCrypt, Jigsaw, JobCrypter, KeRanger, LeChiffre, Locky, Lortok, Magic, Maktub Locker, MireWare, NanoLocker, Nemucod, OMG! Ransomcrypt, PadCrypt, PClock, PowerWare, Radamant, Rokku, Samas, Sanction, Shade, SuperCrypt, Surprise, TeslaCrypt 0.x, TeslaCrypt 2.x, TeslaCrypt 3.0, TeslaCrypt 4.0, UmbreCrypt, Unknown, VaultCrypt.

ID Ransomware service detecting the Locky ransomware variant
ID Ransomware service detecting the Locky ransomware variant

ID Ransomware detections (5 Images)

ID Ransomware service detecting the EnCiPhErEd ransomware variant
ID Ransomware service detecting the Locky ransomware variantID Ransomware service detecting the Maktub Locker ransomware variant
+2more