ID Ransomware you have been hit with

[Batu69]

ID Ransomware is a new online service that allows you to upload ransom notes or encrypted file samples to identify the ransomware used to attack you.

So-called ransomware is an ever growing and evolving threat that is attacking computer systems to either hold files hostage by encrypting them, or locks access to the computer instead.

 

Most request Bitcoin payments promising that files or the system will be unlocked once the payment has been received. This alone can be problematic as users who are affected by a successful ransomware attack may not know how to obtain the Bitcoin needed to make the payment.

 

What many users affected by ransomware don't know is that decryption or removal tools are available for certain kinds of ransomware which allow them to regain access to encrypted files or a locked computer without paying the ransom.

 

For that however, it is necessary to identify the ransomware first which can be a challenge in itself.

ID Ransomware

 

ID Ransomware is a free Internet service that assists you in the ransomware identification process.

The service provides you with three options: upload the ransom note, which can be in different formats such as a plain text document, HTML file or bmp image, upload a file that has been encrypted by the ransomware, or upload both the note and a sample file.

 

ID Ransomware analyzes the upload, regardless of whether it is a note or a sample encrypted file, and lists information afterwards. This can range from proper identification of the ransomware used in the attack and instructions on how to get rid of it, over multiple results if characteristics are used by more than one ransomware strain, or a simple message stating that the sample could not be identified at all.

 

If the latter is the case, ID Ransomware suggests to create a full backup of the affected files or the entire systems for a chance to decrypt the data at a later point in time once the ransomware has been identified and decryption tools or instructions released.

 

ID Ransomware detects 52 different ransomwares currently including Jigsaw, Locky, Rokku, VaultCrypt, Brazilian Ransomware, CryptoWall, or TeslaCrypt.

According to the service's FAQ, data uploaded to the service is checked against the signature database. If results are found, the uploaded data is deleted and results are displayed to the user.

 

If no results are found, the sample may be shared with "trusted malware analysts" to help identify the ransomware.

 

Closing Words

 

ID Ransomware can be a useful service for victims of ransomware attacks as it may help them identify the type of ransomware they have been hit with. While there is no guarantee that an uploaded sample can be identified correctly, it will speed up the process of getting back full access to files or the computer if it does.

 

The service is useful as it stands, but future usefulness depends on the constant updating of the signature database with new ransomware identifiers.

 

Article source

[straycat19]

For the time being I am telling my personnel to stay away from ID Ransomware and to spread the word to others.  Anything that is so totally anonymous that there is no identity of a real person publicly associated with the site makes the security officer in me more than just suspicious.  Being suspicious isn't paranoid, it is what has kept me from being hacked, jacked, exploited, swatted, or whatever other bad things happen to people who are too trusting.