Category Archives: Ransomware

Ransomware Windows OS exploit FIX

This is an urgent notice about new Ransomware Windows OS exploit.
New ransomware appeared on the Internet which abuses Windows 7/Win server 2008/2012 exploit in the SMBv1 service. A lot of desktop computers and servers over the world are being infected at the moment.
Therefor we would like to remind you to run the latest Windows updates and disable the SMBv1 service within PowerShell:
Set-SmbServerConfiguration -EnableSMB1Protocol $false
Set-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters” SMB1 -Type DWORD -Value 0 -Force
This should protect you against this malicious software.
What is Ransomware?
Ransomware is a very dangerous type of malware that stops you from using your PC. It holds your PC or files for “ransom”.
There are different types of ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something like pay money (a “ransom”) to get access to your PC or files
They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.
Ransomware can:
Prevent you from accessing Windows.
Encrypt files so you can’t use them.
Stop certain apps from running (like your web browser).

Please be aware of using your Windows computers.

Domains linked to #WannaCry

Domains linked to #WannaCry
Reverse Whois results for BotnetSinkhole@gmail.com
==============
There are 33 domains that matched this search query.
These are listed below:
Domain Name Creation Date   Registrar
agrdwrtj.us 20170422  NAMECHEAP, INC.
bctxawdt.us 20170420  NAMECHEAP, INC.
cokfqwjmferc.us 20170426  NAMECHEAP, INC.
cxbenjiikmhjcerbj.us    20170426  NAMECHEAP, INC.
depuisgef.us    20170502  NAMECHEAP, INC.
edoknehyvbl.us  20170426  NAMECHEAP, INC.
enyeikruptiukjorq.com   20170427  NAMECHEAP INC.
frullndjtkojlu.us   20170510  NAMECHEAP, INC.
gcidpiuvamynj.us    20170426  NAMECHEAP, INC.
gxrytjoclpvv.us 20170510  NAMECHEAP, INC.
hanoluexjqcf.us 20170429  NAMECHEAP, INC.
iarirjjrnuornts.us  20170508  NAMECHEAP, INC.
ifbjoosjqhaeqjjwaerri.us    20170420  NAMECHEAP, INC.
iouenviwrc.us   20170502  NAMECHEAP, INC.
kuuelejkfwk.us  20170508  NAMECHEAP, INC.
lkbsxkitgxttgaobxu.us   20170422  NAMECHEAP, INC.
nnnlafqfnrbynwor.us 20170502  NAMECHEAP, INC.
ns768.com   20170429  NAMECHEAP INC.
ofdwcjnko.us    20170429  NAMECHEAP, INC.
peuwdchnvn.us   20170510  NAMECHEAP, INC.
pvbeqjbqrslnkmashlsxb.us    20170429  NAMECHEAP, INC.
pxyhybnyv.us    20170422  NAMECHEAP, INC.
qkkftmpy.us 20170508  NAMECHEAP, INC.
rkhlkmpfpoqxmlqmkf.us   20170422  NAMECHEAP, INC.
ryitsfeogisr.us 20170502  NAMECHEAP, INC.
srwcjdfrtnhnjekjerl.us  20170422  NAMECHEAP, INC.
thstlufnunxaksr.us  20170420  NAMECHEAP, INC.
udrgtaxgdyv.us  20170508  NAMECHEAP, INC.
w5q7spejg96n.com    20170414  NAMECHEAP INC.
xmqlcikldft.us  20170510  NAMECHEAP, INC.
yobvyjmjbsgdfqnh.us 20170420  NAMECHEAP, INC.
yrwgugricfklb.us    20170508  NAMECHEAP, INC.
ywpvqhlqnssecpdemq.us   20170510  NAMECHEAP, INC.

ID Ransomware

Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.

 

Which ransomwares are detected?

This service currently detects 68 different ransomwares. Here is a complete, dynamic list of what is currently detected:

7ev3n, Alpha, AutoLocky, BitMessage, Booyah, Brazilian Ransomware, BuyUnlockCode, Cerber, Chimera, CoinVault, Coverton, Crypt0L0cker, CryptoDefense, CryptoFortress, CryptoHasYou, CryptoJoker, CryptoMix, CryptoTorLocker, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0, CryptXXX, CrySiS, CTB-Locker, DMA Locker, DMA Locker 3.0, ECLR Ransomware, EnCiPhErEd, Enigma, Hi Buddy!, HOW TO DECRYPT FILES, HydraCrypt, Jigsaw, JobCrypter, KeRanger, KEYHolder, KimcilWare, KryptoLocker, LeChiffre, Locky, Lortok, Magic, Maktub Locker, MireWare, Mobef, NanoLocker, Nemucod, OMG! Ransomcrypt, PadCrypt, PClock, PowerWare, Radamant, Radamant v2.1, RemindMe, Rokku, Samas, Sanction, Shade, SuperCrypt, Surprise, TeslaCrypt 0.x, TeslaCrypt 2.x, TeslaCrypt 3.0, TeslaCrypt 4.0, TrueCrypter, UmbreCrypt, VaultCrypt, WonderCrypter

 

 

Get it HERE—>https://id-ransomware.malwarehunterteam.com/