Jump to content

a raccoon

Member
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks ShadowPuterDude, Indeed, those are valid concerns and would require fingerprinting the file header or footer for a better ID. Mainly I need to keep an eye out for ransomware encrypted files (fallout) in my archives of billions of files, so these file masks would be a great first step. File type validation is the next step. (which also solves for locating stenographically hidden data) Are you sure the information I'm requesting is not already community shared and GPL licensed, as opposed to propriety? And why all the pearl clutching?
  2. Darn shame, too. Helping people to discover ransomware'd files would certainly drive more users and customers toward your solutions. Enabling technicians to quickly discover that a user has ransomware'd files during their normal course of work would benefit everyone. I look forward to your reconsideration on the matter.
  3. Hello folks, I am looking to compile a list of known file masks to search for ransomware fallout files -- files that were encrypted by ransomware and given a unique filename and extension. Each ransomware strain typically has their own unique template pattern when they rename encrypted files to a new name, for example, *.[*].[*].makop would be a wildcard file mask of the afflicted file_name.txt.[ABC12345].[[email protected]].makop This list to be included as a community bookmark in the popular windows freeware program Everything by VoidTools software to assist users in locating the fallout of ransomware on their computers and networks. This way users can attempt to located affected files, whether they are aware of previous ransomware infection or not. Sometimes ransomware fallout will survive years later inside file backups, archives and even continually shared on networks and file servers. Bonus points. It would be cool if these file masks could be broken up into 2 categories -- randomware strains with known decryption tools, and those without as of today. But this part isn't terribly necessary. Globbing wildcard patterns and/or Regular Expression patterns both welcome.
×
×
  • Create New...