Ransomware, cryptovirussen/cryptoware

Ransomware, crypto virussen en cryptoware, wat wel en niet kan worden teruggehaald.

Een veel gestelde vraag door slachtoffers van cybercrime : Wat kunnen jullie herstellen in het geval van ransomware, crypto virussen en cryptoware?

In het ergste geval rest slechts een zoektocht naar eerder verwijderde bestanden en een zogenoemde “signature search”. Hierbij wordt gekeken of er nog bruikbare data uit de “unallocated area” van de data drager kan worden gehaald. Ook worden de niet geïnfecteerde / versleutelde bestanden verzameld. Het alternatief is betalen en hopen dat de sleutel wordt geleverd.

In andere situaties heeft Kroll Ontrack decrypt software of een decrypt proces. Een overzicht van de mogelijkheden*:

Ransomware Kroll Solution
777 Have decrypt software for this
7ev3n No specific tools, possible undelete/sigsearch
7ev3n-HONE$T No specific tools, possible undelete/sigsearch
8Lock8 Have decrypt process for this
Alpha Have decrypt software for this
Angler No specific tools, possible undelete/sigsearch
Apocalypse Have decrypt software for this
AutoIt - See Rannoh Have decrypt software for this
AutoLocky Have decrypt software for this
AxCrypter No specific tools, possible undelete/sigsearch
BadBlock Have decrypt software for this
BankAccountSummary No specific tools, possible undelete/sigsearch
Bart No specific tools, possible undelete/sigsearch
BitCryptor Have decrypt software for this
BitMessage No specific tools, possible undelete/sigsearch
Black Shades No specific tools, possible undelete/sigsearch
Blocatto No specific tools, possible undelete/sigsearch
Booyah No specific tools, possible undelete/sigsearch
Brazilian Ransomware No specific tools, possible undelete/sigsearch
BuyUnlockCode No specific tools, possible undelete/sigsearch
Cerber No specific tools, possible undelete/sigsearch
Chimera No specific tools, possible undelete/sigsearch
CoinVault Have decrypt software for this
Coverton No specific tools, possible undelete/sigsearch
Cryakl - See Rannoh Have decrypt software for this
Crybola - See Rannoh Have decrypt software for this
CryFile No specific tools, possible undelete/sigsearch
CrypBoss Have decrypt software for this
Crypen No specific tools, possible undelete/sigsearch
Crypt0L0cker No specific tools, possible undelete/sigsearch
Crypt888 Have decrypt software for this
CryptInfinite Have decrypt software for this
CryptoDefense Have decrypt software for this
CryptoFortress No specific tools, possible undelete/sigsearch
CryptoHasYou No specific tools, possible undelete/sigsearch
CryptoHitman No specific tools, possible undelete/sigsearch
CryptoHost Have decrypt process for this
CryptoJoker No specific tools, possible undelete/sigsearch
CryptoLocker No specific tools, possible undelete/sigsearch
CryptMic No specific tools, possible undelete/sigsearch
CryptoMix No specific tools, possible undelete/sigsearch
CryptoRoger No specific tools, possible undelete/sigsearch
CryptoTorLocker No specific tools, possible undelete/sigsearch
CryptoWall No specific tools, possible undelete/sigsearch
CryptoWall 2.0 No specific tools, possible undelete/sigsearch
CryptoWall 3.0 No specific tools, possible undelete/sigsearch
CryptoWall 4.0 No specific tools, possible undelete/sigsearch
CryptXXX  - See Rannoh Have decrypt software for v1 and v2, not v3
CryptXXX 2.0 Have decrypt software for v1 and v2, not v3
CryptXXX 3.0 Have decrypt software for v1 and v2, not v3
CrySiS No specific tools, possible undelete/sigsearch
CTB - Critroni No specific tools, possible undelete/sigsearch
CTB-Faker Have decrypt process for this
CTB-Locker No specific tools, possible undelete/sigsearch
DMA Locker Have decrypt software for this
DMA Locker 2.0 Have decrypt software for this
DMA Locker 3.0 Have decrypt software for this
DMA Locker 4.0 Have decrypt software for this
ECLR Ransomware No specific tools, possible undelete/sigsearch
EduCrypt/EduWare Decrypt password provided by the ransomware
Encryptor RaaS No specific tools, possible undelete/sigsearch
Enigma No specific tools, possible undelete/sigsearch
Fury - See Rannoh Have decrypt software for this
GhostCrypt No specific tools, possible undelete/sigsearch
GNL Locker No specific tools, possible undelete/sigsearch
Goliath No specific tools, possible undelete/sigsearch
Gomasom Have decrypt software for this
Harasom Have decrypt software for this
Herbst No specific tools, possible undelete/sigsearch
Hi Buddy! No specific tools, possible undelete/sigsearch
HydraCrypt Have decrypt software for this
Jigsaw Have decrypt software for this
JobCrypter No specific tools, possible undelete/sigsearch
Jonnycryptor Have decrypt software for this
JuicyLemon No specific tools, possible undelete/sigsearch
KeRanger No specific tools, possible undelete/sigsearch
KeyBTC Have decrypt software for this
KEYHolder No specific tools, possible undelete/sigsearch
KimcilWare No specific tools, possible undelete/sigsearch
Kozy.jozy No specific tools, possible undelete/sigsearch
KratosCrypt Have decrypt process for this
Kriptovo No specific tools, possible undelete/sigsearch
KryptoLocker No specific tools, possible undelete/sigsearch
LeChiffre Have decrypt software for this
Legion Have decrypt software for this
Linux Encoder Have decrypt software for this
Locker Have decrypt software for this
Locky No specific tools, possible undelete/sigsearch
Lortok No specific tools, possible undelete/sigsearch
Magic No specific tools, possible undelete/sigsearch
Maktub No specific tools, possible undelete/sigsearch
Maktub Locker No specific tools, possible undelete/sigsearch
MicroCop Have decrypt process for this
MireWare No specific tools, possible undelete/sigsearch
Mischa No specific tools, possible undelete/sigsearch
Mobef No specific tools, possible undelete/sigsearch
NanoLocker No specific tools, possible undelete/sigsearch
Nemucod Have decrypt software for this
Nemucod-7z No specific tools, possible undelete/sigsearch
ODCODC Have decrypt process for this
OMG! Ransomcrypt No specific tools, possible undelete/sigsearch
PadCrypt No specific tools, possible undelete/sigsearch
PClock Have decrypt software for this
Petya-Mischa Have decrypt process for this
PowerWare No specific tools, possible undelete/sigsearch
Protected Ransomware No specific tools, possible undelete/sigsearch
RAA No specific tools, possible undelete/sigsearch
Radamant Have decrypt software for this
Radamant v2.1 Unknown
Rakhni Have decrypt software for this
Rannoh Family Have decrypt software for this
RemindMe No specific tools, possible undelete/sigsearch
Rokku No specific tools, possible undelete/sigsearch
Russian EDA2 No specific tools, possible undelete/sigsearch
Samas No specific tools, possible undelete/sigsearch
Sanction No specific tools, possible undelete/sigsearch
Santana No specific tools, possible undelete/sigsearch
Shade No specific tools, possible undelete/sigsearch
Shujin No specific tools, possible undelete/sigsearch
SimpleLocker No specific tools, possible undelete/sigsearch
SNSLocker No specific tools, possible undelete/sigsearch
Sport No specific tools, possible undelete/sigsearch
SuperCrypt No specific tools, possible undelete/sigsearch
Surprise No specific tools, possible undelete/sigsearch
SZFLocker Have decrypt software for this
TeslaCrypt 0.x Have decrypt software for this
TeslaCrypt 2.x Have decrypt software for this
TeslaCrypt 3.0 Have decrypt software for this
TeslaCrypt 4.0 Have decrypt software for this
TorLocker Have decrypt software for this
TowerWeb No specific tools, possible undelete/sigsearch
Tox No specific tools, possible undelete/sigsearch
Troldesh No specific tools, possible undelete/sigsearch
TrueCrypter Have decrypt process for this
UmbreCrypt Have decrypt process for this
Unlock92 No specific tools, possible undelete/sigsearch
VaultCrypt Have decrypt process for this
WildFire Locker No specific tools, possible undelete/sigsearch
WonderCrypter Have decrypt process for this
Xorist Have decrypt software for this
Xort No specific tools, possible undelete/sigsearch
Zcrypt No specific tools, possible undelete/sigsearch
Zimbra Have decrypt software for this
Zyklon No specific tools, possible undelete/sigsearch
Zyklon Locker No specific tools, possible undelete/sigsearch
Zepto No specific tools, possible undelete/sigsearch

*Cyber criminelen zitten niet stil de lijst is aan verandering onderhevig.

Met het opzetten van de site ‘nomoreransome.org’ bundelen overheid en ICT-bedrijven hun krachten om ransomware te bestrijden. Het initiatief is gericht op het informeren van consumenten over de gevaren van ransomware. Daarnaast helpt het ook slachtoffers met het bevrijden van hun geblokkeerde computers door het beschikbaar stellen van speciale tools.