Alphabetical List of Ransomware Variants and their extensions


First, a disclaimer.  I am not in any way linked to the publications or software listed herein.  That being said I also am going to attempt to keep this as up-to-date as possible.  But, given the nature of the ransomware epidemic, it is unlikely that I will be able to keep this page as up to date as I would like, it is not my full time job.  There is a site that purports to have a complete list of malware (spyware,viruses, adware) and ransomware at http://www.exterminate-it.com/malpedia/ransomware-category.  I cannot vouch for the veracity of this site.  If you want in-depth instructions I would recommend http://www.bleepingcomputer.com/.  For in depth help I recommend Experts-Exchange.com (this is a pay site, and I am partial to it as I am one of the “experts” who specializes in AV/AM/AntiRansomware and Ransomware variants).

My suggestion, if you are in the process of dealing with a ransomware infection is to first Identify which variant you are dealing with – if you need help you should check here first and then return to this page. If you are have identified the variant and are looking for a decryptor, many variants have decryptors and a list can be found at the Nomoreransom project page and on my own list of decryptors from various sites found here.  There is also a list of file extensions as well as a tool to block ransomware on your server  (windows 2008 or better) located here.

The following are the ransomware variants of which I am aware.  In the list below, I have begun to include links by the encrypted extension as well (denoted by the ” – extension” after the extension letters). Therefore, you may click on a link, say aaa – extension, and it will take you to a page with links about Alphacrypt.  Many variants are named for the extension they append to files.  So 8lock8 is listed once, even though it’s extension is “.8lock8.” Most variants have more than one possible extension. For instance, the variant known as dharma might have the “.dharma” extension or the “.wallet” extension among many others.  If you come across a ransomware variant not listed here, please contact me with a link to an explanation of the Ransomware in question.

 

A B C D E F G H I J K L M N O P R S T U V W X Y Z 0 1 2 .