FAQ

Which ransomwares are detected? This service currently detects 935 different ransomwares. Here is a complete, dynamic list of what is currently detected: $$$ Ransomware, 010001, 0kilobypt, 24H Ransomware, 4rw5w, 5ss5c, 777, 7ev3n, 7h9r, 7zipper, 8lock8, AAC, ABCLocker, ACCDFISA v2.0, AdamLocker, Adhubllka, AES_KEY_GEN_ASSIST, AES-Matrix, AES-NI, AES256-06, AESMew, Afrodita, AgeLocker, Ako / MedusaReborn, Al-Namrood, Al-Namrood 2.0, Alcatraz, Alfa, Allcry, Alma Locker, Alpha, AMBA, Amnesia, Amnesia2, Anatova, AnDROid, AngryDuck, Annabelle 2.1, AnteFrigus, Anubi, Anubis, AnubisCrypt, Apocalypse, Apocalypse (New Variant), ApocalypseVM, ApolloLocker, AresCrypt, Argus, Aris Locker, Armage, ArmaLocky, Arsium, ASN1 Encoder, Ataware, Atchbo, Aurora, AutoLocky, AutoWannaCryV2, Avaddon, AVCrypt, Avest, AWT, AxCrypter, aZaZeL, B2DR, BadBlock, BadEncript, BadRabbit, Bam!, BananaCrypt, BandarChor, Banks1, BarakaTeam, Bart, Bart v2.0, Basilisque Locker, BB Ransomware, BeijingCrypt, BetaSup, BigBobRoss, BigLock, Bisquilla, BitCrypt, BitCrypt 2.0, BitCryptor, BitKangoroo, Bitpaymer / DoppelPaymer, BitPyLock, Bitshifter, BitStak, BKRansomware, Black Claw, Black Feather, Black Shades, BlackHeart, BlackKingdom, Blackout, BlackRuby, Blind, Blind 2, Blocatto, BlockFile12, Blooper, Blue Blackmail, BoooamCrypt, Booyah, BrainCrypt, Brazilian Ransomware, Brick, BrickR, BTCamant, BTCWare, BTCWare Aleta, BTCWare Gryphon, BTCWare Master, BTCWare PayDay, Bubble, Bucbi, Bud, Bug, BugWare, BuyUnlockCode, c0hen Locker, Cancer, Cassetto, Cerber, Cerber 2.0, Cerber 3.0, Cerber 4.0 / 5.0, CerberTear, CheckMail7, Chekyshka, ChernoLocker, Chimera, ChinaJm, ChinaYunLong, ChineseRarypt, CHIP, ClicoCrypter, Clop, Clouded, CmdRansomware, CobraLocker, CockBlocker, Coin Locker, CoinVault, Comrade Circle, Conciousness, Conficker, Conti, CoronaVirus, CorruptCrypt, Cossy, Coverton, Cr1ptT0r Ransomware, CradleCore, CreamPie, Creeper, Cripton, Cripton7zp, Cry128, Cry36, Cry9, Cryakl, CryCryptor, CryFile, CryLocker, CrypMic, CrypMic, Crypren, Crypt0, Crypt0L0cker, Crypt0r, Crypt12, Crypt32, Crypt38, CryptConsole, CryptConsole3, CryptFuck, CryptGh0st, CryptInfinite, CryptoDarkRubix, CryptoDefense, CryptoDevil, CryptoFinancial, CryptoFortress, CryptoGod, CryptoHasYou, CryptoHitman, CryptoJacky, CryptoJoker, CryptoLocker3, CryptoLockerEU, CryptoLocky, CryptoLuck, CryptoMix, CryptoMix Revenge, CryptoMix Wallet, CryptON, Crypton, CryptoPatronum, CryptoPokemon, CryptorBit, CryptoRoger, CryptoShield, CryptoShocker, CryptoTorLocker, CryptoViki, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0, CryptoWire, CryptXXX, CryptXXX 2.0, CryptXXX 3.0, CryptXXX 4.0, CryPy, CrySiS, Crystal, CSP Ransomware, CTB-Faker, CTB-Locker, Cuba, CXK-NMSL, Cyborg, Cyrat, D00mEd, Dablio, Damage, DarkoderCryptor, DarkSide, DataKeeper, DavesSmith / Balaclava, Dcrtr, DCry, DCry 2.0, Deadly, DeathHiddenTear, DeathHiddenTear v2, DeathNote, DeathOfShadow, DeathRansom, Decr1pt, DecryptIomega, DecYourData, DEDCryptor, Defender, Defray, Defray777, DeriaLock, Desync, Dharma (.cezar Family), Dharma (.dharma Family), Dharma (.onion Family), Dharma (.wallet Family), Digisom, DilmaLocker, DirtyDecrypt, Dishwasher, District, DMA Locker, DMA Locker 3.0, DMA Locker 4.0, DMALocker Imposter, DoggeWiper, Domino, Done, DoNotChange, Donut, DoubleLocker, DriedSister, DryCry, DualShot, Dviide, DVPN, DXXD, DynA-Crypt, eBayWall, eCh0raix / QNAPCrypt, ECLR Ransomware, EdgeLocker, EduCrypt, EggLocker, Egregor, El Polocker, Enc1, EnCrypt, EncryptedBatch, EncrypTile, EncryptoJJS, Encryptor RaaS, Enigma, Enjey Crypter, EnkripsiPC, EOEO, Erebus, Erica Ransomware, Eris, Estemani, Eternal, Everbe, Everbe 2.0, Everbe 3.0, Evil, Executioner, ExecutionerPlus, Exocrypt XTC, Exorcist Ransomware, Exotic, Extortion Scam, Extractor, Fabiansomware, Fadesoft, Fantom, FartPlz, FCPRansomware, FCrypt, FCT, FenixLocker, FenixLocker 2.0, Fenrir, FilesLocker, FindZip, FireCrypt, Flatcher3, FLKR, FlowEncrypt, Flyper, FonixCrypter, FreeMe, FrozrLock, FRSRansomware, FS0ciety, FTCode, FuckSociety, FunFact, FuxSocy Encryptor, Galacti-Crypter, GandCrab, GandCrab v4.0 / v5.0, GandCrab2, GarrantyDecrypt, GC47, Geneve, Gerber, GermanWiper, GetCrypt, GhostCrypt, GhostHammer, Gibberish, Gibon, Gladius, Globe, Globe (Broken), Globe3, GlobeImposter, GlobeImposter 2.0, GoCryptoLocker, Godra, GOG, GoGoogle, GoGoogle 2.0, Golden Axe, GoldenEye, Gomasom, Good, GoRansom, Gorgon, Gotcha, GPAA, GPCode, GPGQwerty, GusCrypter, GX40, HadesLocker, Hakbit, Halloware, HappyDayzz, hc6, hc7, HDDCryptor, HDMR, HE-HELP, Heimdall, HellsRansomware, Help50, HelpDCFile, Herbst, Hermes, Hermes 2.0, Hermes 2.1, Hermes837, Heropoint, Hi Buddy!, HiddenTear, HildaCrypt, HKCrypt, HollyCrypt, HolyCrypt, HPE iLO Ransomware, HR, Hucky, Hydra, HydraCrypt, IEncrypt, IFN643, ILElection2020, Ims00ry, ImSorry, Incanto, InducVirus, InfiniteTear, InfinityLock, InfoDot, InsaneCrypt, iRansom, Iron, Ishtar, Israbye, iTunesDecrypt, JabaCrypter, Jack.Pot, Jaff, Jager, JapanLocker, JavaLocker, JeepersCrypt, Jemd, Jigsaw, JNEC.a, JobCrypter, JoeGo Ransomware, JosepCrypt, JSWorm, JSWorm 2.0, JSWorm 4.0, JuicyLemon, JungleSec, Kaenlupuf, Kali, Karma, Karmen, Karo, Kasiski, Katyusha, KawaiiLocker, KCW, Kee Ransomware, KeRanger, Kerkoporta, KesLan, KeyBTC, KEYHolder, KillerLocker, KillRabbit, KimcilWare, Kirk, KokoKrypt, Kolobo, Kostya, Kozy.Jozy, Kraken, Kraken Cryptor, KratosCrypt, Krider, Kriptovor, KryptoLocker, Kupidon, L33TAF Locker, Ladon, Lalabitch, LambdaLocker, LeakThemAll, LeChiffre, LightningCrypt, Lilocked, Lime, Litra, LittleFinger, LLTP, LMAOxUS, Lock2017, Lock2Bits, Lock93, LockBit, LockBox, LockCrypt, LockCrypt 2.0, Locked-In, LockedByte, LockeR, LockerGoga, LockLock, LockMe, Lockout, LockTaiwan, Locky, LolKek, LongTermMemoryLoss, LonleyCrypt, LooCipher, Lortok, Lost_Files, LoveServer, LowLevel04, Lucky, MadBit, MAFIA, MafiaWare, Magic, Magniber, Major, Makop, Maktub Locker, MalwareTech's CTF, MaMoCrypter, Maoloa, Mapo, Marduk, Marlboro, MarraCrypt, MarsJoke, Matrix, MauriGo, MaxiCrypt, Maykolin, Maysomware, Maze Ransomware, MCrypt2018, MedusaLocker, MegaCortex, MegaLocker, Mespinoza, Meteoritan, Mew767, Mikoyan, MindSystem, Minotaur, MirCop, MireWare, Mischa, MMM, MNS CryptoLocker, Mobef, MongoLock, Montserrat, MoonCrypter, MorrisBatchCrypt, MOTD, MountLocket, MoWare, MRCR1, MrDec, Muhstik, Mystic, n1n1n1, NanoLocker, NCrypt, Nefilim, NegozI, Nemty, Nemty 2.x, Nemty Special Edition, Nemucod, Nemucod-7z, Nemucod-AES, NETCrypton, Netix, Netwalker (Mailto), NewHT, NextCry, Nhtnwcuf, NM4, NMoreira, NMoreira 2.0, Noblis, Nomikon, NonRansomware, NotAHero, Nozelesn, NSB Ransomware, Nuke, NullByte, NxRansomware, Nyton, ODCODC, OhNo!, OmniSphere, OnyxLocker, OoPS, OopsLocker, OpenToYou, OpJerusalem, Ordinypt, Ouroboros v6, OutCrypt, OzozaLocker, PadCrypt, Panther, Paradise, Paradise .NET, Paradise B29, Paymen45, PayPalGenerator2019, PaySafeGen, PClock, PClock (Updated), PEC 2017, Pendor, Petna, PewCrypt, PGPSnippet, PhantomChina, Philadelphia, Phobos, PhoneNumber, Pickles, PL Ransomware, Plague17, Planetary Ransomware, PoisonFang, Pojie, PonyFinal, PopCornTime, Potato, PowerLocky, PowerShell Locker, PowerWare, PPDDDP, Pr0tector, Predator, PrincessLocker, PrincessLocker 2.0, PrincessLocker Evolution, Project23, Project34, Project57, ProLock, Protected Ransomware, PshCrypt, PUBG Ransomware, PureLocker, PwndLocker, PyCL, PyCL, PyL33T, PyLocky, qkG, QP Ransomware, QuakeWay, Quimera Crypter, QwertyCrypt, Qweuirtksd, R980, RAA-SEP, RabbitFox, RabbitWare, RackCrypt, Radamant, Radamant v2.1, Radiation, RagnarLocker, RagnarLocker 2.0, Ragnarok, Random6, RandomLocker, RandomRansom, Ranion, RanRan, RanRans, Rans0mLocked, RansomCuck, RansomEXX, Ransomnix, RansomPlus, Ransomwared, RansomWarrior, Rapid, Rapid 2.0 / 3.0, RaRansomware, RarVault, Razy, RedBoot, RedEye, RedRum / Tycoon 1.0, REKTLocker, Rektware, Relock, RemindMe, RenLocker, RensenWare, RetMyData, REvil / Sodinokibi, Reyptson, Rhino, RNS, RobbinHood, Roga, Rokku, Rontok, RoshaLock, RotorCrypt, Roza, RSA-NI, RSA2048Pro, RSAUtil, Ruby, Russenger, Russian EDA2, Ryuk, SAD, SadComputer, Sadogo, SADStory, Sage 2.0, Salsa, SamSam, Sanction, Sanctions, Satan, Satana, SatanCryptor, Saturn, SaveTheQueen, Scarab, ScareCrow, SD 1.1, Sekhmet, Seon, Sepsis, SerbRansom, Serpent, SFile, ShellLocker, Shifr, Shigo, ShinigamiLocker, ShinoLocker, ShivaGood, ShkolotaCrypt, Shrug, Shrug2, Shujin, Shutdown57, SifreCozucu, Sifreli, Sigma, Sigrun, SilentDeath, SilentSpring, Silvertor, Simple_Encoder, SintaLocker, Skull Ransomware, SkyFile, SkyStars, Smaug, Smrss32, Snake (Ekans), SnakeLocker, Snatch, SNSLocker, SoFucked, Solider, Solo Ransomware, Somik1, Spartacus, SpartCrypt, Spectre, Spider, Spora, Sport, SQ_, Stampado, Stinger, STOP (Djvu), STOP / KEYPASS, StorageCrypter, Storm, Striked, Stroman, Stupid Ransomware, Styx, Such_Crypt, SunCrypt, SuperB, SuperCrypt, Surprise, SynAck, SyncCrypt, Syrk, SYSDOWN, SystemCrypter, SZFLocker, T1Happy, TapPiF, Team XRat, Telecrypt, TellYouThePass, Termite, TeslaCrypt 0.x, TeslaCrypt 2.x, TeslaCrypt 3.0, TeslaCrypt 4.0, Teslarvng, TeslaWare, TFlower, Thanatos, Thanos, The DMR, TheDarkEncryptor, THIEFQuest, THT Ransomware, ThunderX, tk, Tongda, Torchwood, TotalWipeOut, TowerWeb, ToxCrypt, Trojan.Encoder.6491, Troldesh / Shade, Tron, TrueCrypter, TrumpLocker, TurkStatik, Tycoon 2.0 / 3.0, UCCU, UIWIX, Ukash, UmbreCrypt, UnblockUPC, Ungluk, Unit09, Unknown Crypted, Unknown Lock, Unknown XTBL, Unlock26, Unlock92, Unlock92 2.0, Unlock92 Zipper, UnluckyWare, Useless Disk, UselessFiles, UserFilesLocker, USR0, Uyari, V8Locker, Vapor v1, Vash-Sorena, VaultCrypt, vCrypt, VCrypt, Vega / Jamper / Buran, Velso, Vendetta, VenisRansomware, VenusLocker, VHD Ransomware, ViACrypt, VindowsLocker, VisionCrypt, VMola, VoidCrypt, Vortex, Vurten, VxLock, Waffle, Waiting, Waldo, WannaCash, WannaCash 2.0, WannaCry, WannaCry.NET, WannaCryFake, WannaCryOnClick, WannaDie, WannaPeace, WannaRen, WannaScream, WannaSmile, WannaSpam, WastedBit, WastedLocker, Wesker, WhatAFuck, WhiteRose, WildFire Locker, WininiCrypt, Winnix Cryptor, WinRarer, WonderCrypter, Wooly, Wulfric, X Locker 5.0, XCry, XCrypt, XData, XerXes, XiaoBa, XiaoBa 2.0, XMRLocker, Xorist, Xort, XRTN, XTP Locker 5.0, XYZWare, Yatron, Yogynicof, YouAreFucked, YourRansom, Yyto, Z3, ZariqaCrypt, zCrypt, Zekwacrypt, Zenis, Zeoticus, Zeoticus 2.0, Zeppelin, ZeroCrypt, ZeroFucks, Zeronine, Zeropadypt, Zeropadypt NextGen / Ouroboros, ZeroRansom, Zilla, ZimbraCryptor, ZinoCrypt, ZipLocker, Zipper, Zoldon, Zorab, ZQ, Zyklon

Can you decrypt my data? No. This service is strictly for identifying what ransomware may have encrypted your files. It will attempt to point you in the right direction, and let you know if there is a known way of decrypting your files. Otherwise, there is no automated recovery attempts, as each case is different.

Is my data confidential? Any uploaded files are immediately analysed against the database of signatures. If results are found, they are immedietely deleted. If no results are found, the uploaded files may be shared with trusted malware analysts to help with future detections, or identifying a new ransomware.



Data is uploaded to the server over SSL, meaning the connection can not be intercepted by a third-party.



With that said, I cannot guarantee files are kept 100% confidential. The data is temporarily stored on a shared host, and I am not responsible for anything done otherwise with this data. Any email addresses or BitCoin addresses found in files uploaded to ID Ransomware may be stored and shared with trusted third parties or law enforcement. No personally identifiable data is stored.

What if I have multiple results? Many ransomware have similar "signatures" in common, such as sharing the same extension on files. This makes it difficult to be 100% certain in some cases. Results are ordered by how many matches there are to prove it may be a particular ransomware.

Can I upload a sample of the malware or suspicious files? No. This service will only assess the ransom note, and encrypted files to determine the ransomware. For static or behavioural analysis, you can submit files to VirusTotal or HybridAnalysis.