Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.
Knowing is half the battle!
Which ransomwares are detected?
This service currently detects 640 different ransomwares. Here is a complete, dynamic list of what is currently detected:24H Ransomware, 4rw5w, 777, 7ev3n, 7h9r, 7zipper, 8lock8, AAC, ABCLocker, ACCDFISA v2.0, AdamLocker, AES_KEY_GEN_ASSIST, AES-Matrix, AES-NI, AES256-06, Al-Namrood, Al-Namrood 2.0, Alcatraz, Alfa, Allcry, Alma Locker, Alpha, AMBA, Amnesia, Amnesia2, AnDROid, AngryDuck, Anubi, Anubis, Apocalypse, Apocalypse (New Variant), ApocalypseVM, ApolloLocker, AresCrypt, Armage, ArmaLocky, ASN1 Encoder, Atchbo, Aurora, AutoLocky, AutoWannaCryV2, AVCrypt, AxCrypter, aZaZeL, B2DR, BadBlock, BadEncript, BadRabbit, Bam!, BananaCrypt, BandarChor, Bart, Bart v2.0, BitCrypt, BitCrypt 2.0, BitCryptor, BitKangoroo, Bitpaymer, Bitshifter, BitStak, BKRansomware, Black Feather, Black Shades, Blackout, BlackRuby, Blind, Blind 2, Blocatto, BlockFile12, Blooper, Blue Blackmail, Booyah, BrainCrypt, Brazilian Ransomware, BrickR, BTCamant, BTCWare, BTCWare Aleta, BTCWare Gryphon, BTCWare Master, BTCWare PayDay, Bubble, Bucbi, Bud, BugWare, BuyUnlockCode, Cancer, Cassetto, Cerber, Cerber 2.0, Cerber 3.0, Cerber 4.0 / 5.0, CerberTear, Chimera, ChinaYunLong, CHIP, ClicoCrypter, Clouded, CockBlocker, Coin Locker, CoinVault, Comrade Circle, Conficker, CorruptCrypt, Coverton, CradleCore, CreamPie, Creeper, Cripton, Cry128, Cry36, Cry9, Cryakl, CryFile, CryLocker, CrypMic, CrypMic, Crypren, Crypt0, Crypt0L0cker, Crypt12, Crypt38, CryptConsole, CryptConsole3, CryptFuck, CryptGh0st, CryptInfinite, CryptoDefense, CryptoDevil, CryptoFinancial, CryptoFortress, CryptoGod, CryptoHasYou, CryptoHitman, CryptoJacky, CryptoJoker, CryptoLocker3, CryptoLockerEU, CryptoLuck, CryptoMix, CryptoMix Revenge, CryptoMix Wallet, CryptON, Crypton, CryptorBit, CryptoRoger, CryptoShield, CryptoShocker, CryptoTorLocker, CryptoViki, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0, CryptoWire, CryptXXX, CryptXXX 2.0, CryptXXX 3.0, CryptXXX 4.0, CryPy, CrySiS, Crystal, CTB-Faker, CTB-Locker, Damage, DarkoderCryptor, DataKeeper, Dcrtr, DCry, DCry 2.0, Deadly, DeathNote, DEDCryptor, Defender, Defray, DeriaLock, Dharma (.cezar Family), Dharma (.dharma Family), Dharma (.onion Family), Dharma (.wallet Family), Digisom, DilmaLocker, DirtyDecrypt, District, DMA Locker, DMA Locker 3.0, DMA Locker 4.0, DMALocker Imposter, Domino, Done, DoNotChange, Donut, DoubleLocker, DriedSister, DryCry, Dviide, DXXD, DynA-Crypt, eBayWall, ECLR Ransomware, EdgeLocker, EduCrypt, EggLocker, El Polocker, EnCrypt, EncrypTile, EncryptoJJS, Encryptor RaaS, Enigma, Enjey Crypter, EnkripsiPC, EOEO, Erebus, Eternal, Everbe, Everbe 2.0, Evil, Executioner, ExecutionerPlus, Exocrypt XTC, Exotic, Extractor, Fabiansomware, Fadesoft, Fantom, FartPlz, FCPRansomware, FenixLocker, Fenrir, FindZip, FireCrypt, Flatcher3, FLKR, Flyper, FrozrLock, FRSRansomware, FS0ciety, FuckSociety, FunFact, GandCrab, GandCrab v4.0 / v5.0, GandCrab2, GarrantyDecrypt, GC47, GhostCrypt, Gibon, Globe, Globe (Broken), Globe3, GlobeImposter, GlobeImposter 2.0, Godra, GOG, GoldenEye, Gomasom, GPAA, GPCode, GPGQwerty, GX40, Hacked, HadesLocker, Halloware, HappyDayzz, hc6, hc7, HDDCryptor, Heimdall, HellsRansomware, Help50, HelpDCFile, Herbst, Hermes, Hermes 2.0, Hermes 2.1, Heropoint, Hi Buddy!, HiddenTear, HollyCrypt, HolyCrypt, HPE iLO Ransomware, Hucky, HydraCrypt, IFN643, ImSorry, Incanto, InfiniteTear, InfinityLock, InsaneCrypt, iRansom, Iron, Ishtar, Israbye, JabaCrypter, Jack.Pot, Jaff, Jager, JapanLocker, JeepersCrypt, Jigsaw, JobCrypter, JosepCrypt, JuicyLemon, JungleSec, Kaenlupuf, Karma, Karmen, Karo, Kasiski, Katyusha, KawaiiLocker, KCW, Kee Ransomware, KeRanger, Kerkoporta, KeyBTC, KEYHolder, KillerLocker, KillRabbit, KimcilWare, Kirk, Kolobo, Kostya, Kozy.Jozy, Kraken, Kraken Cryptor, KratosCrypt, Krider, Kriptovor, KryptoLocker, L33TAF Locker, Ladon, Lalabitch, LambdaLocker, LeChiffre, LightningCrypt, Lime, LittleFinger, LLTP, LMAOxUS, Lock2017, Lock93, LockBox, LockCrypt, LockCrypt 2.0, Locked_File, Locked-In, LockedByte, LockeR, LockLock, LockMe, Lockout, Locky, LongTermMemoryLoss, Lortok, LoveServer, LowLevel04, MadBit, MAFIA, MafiaWare, Magic, Magniber, Maktub Locker, MalwareTech's CTF, Marlboro, MarsJoke, Matrix, MauriGo, MaxiCrypt, Maykolin, Maysomware, Meteoritan, Mikoyan, Minotaur, MirCop, MireWare, Mischa, MMM, MNS CryptoLocker, Mobef, MoonCrypter, MOTD, MoWare, MRCR1, MrDec, Mystic, n1n1n1, NanoLocker, NCrypt, NegozI, Nemucod, Nemucod-7z, Nemucod-AES, NETCrypton, Netix, NewHT, Nhtnwcuf, NM4, NMoreira, NMoreira 2.0, Noblis, NotAHero, Nozelesn, NSB Ransomware, Nuke, NullByte, NxRansomware, ODCODC, OhNo!, OoPS, OopsLocker, OpenToYou, Ordinypt, OzozaLocker, PadCrypt, Paradise, Paradise B29, PayDay, PaySafeGen, PClock, PClock (Updated), PEC 2017, Pendor, Petna, PGPSnippet, Philadelphia, Phobos, Pickles, PoisonFang, PopCornTime, Potato, PowerLocky, PowerShell Locker, PowerWare, Pr0tector, Predator, PrincessLocker, PrincessLocker 2.0, PrincessLocker Evolution, Project34, Protected Ransomware, PshCrypt, PUBG Ransomware, PyCL, PyL33T, PyLocky, qkG, QuakeWay, QwertyCrypt, Qweuirtksd, R980, RAA-SEP, RackCrypt, Radamant, Radamant v2.1, Radiation, Random6, RandomLocker, Ranion, RanRan, RanRans, Rans0mLocked, RansomCuck, Ransomnix, RansomPlus, RansomWarrior, Rapid, Rapid 2.0 / 3.0, RaRansomware, RarVault, Razy, RedBoot, RedEye, REKTLocker, Rektware, RemindMe, RenLocker, RensenWare, Reyptson, Roga, Rokku, RoshaLock, RotorCrypt, Roza, RSA-NI, RSA2048Pro, RSAUtil, Ruby, Russenger, Russian EDA2, Ryuk, SAD, SADStory, Sage 2.0, Salsa, SamSam, Sanction, Sanctions, Satan, Satana, Saturn, Scarab, Sepsis, SerbRansom, Serpent, ShellLocker, Shifr, Shigo, ShinigamiLocker, ShinoLocker, ShivaGood, Shrug, Shujin, Shutdown57, Sifreli, Sigma, Sigrun, SilentSpring, Simple_Encoder, SintaLocker, Skull Ransomware, SkyFile, Smrss32, SnakeLocker, SNSLocker, SoFucked, Spartacus, Spectre, Spider, Spora, Sport, SQ_, Stampado, Stinger, STOP, StorageCrypter, Storm, Striked, Stroman, Stupid Ransomware, Styx, SuperB, SuperCrypt, Surprise, SynAck, SyncCrypt, SYSDOWN, SZFLocker, Team XRat, Telecrypt, Termite, TeslaCrypt 0.x, TeslaCrypt 2.x, TeslaCrypt 3.0, TeslaCrypt 4.0, TeslaWare, Thanatos, TheDarkEncryptor, tk, Torchwood, TotalWipeOut, TowerWeb, ToxCrypt, Trojan.Encoder.6491, Troldesh / Shade, Tron, TrueCrypter, TrumpLocker, UCCU, UIWIX, Ukash, UmbreCrypt, UnblockUPC, Ungluk, Unknown Crypted, Unknown Lock, Unknown XTBL, Unlock26, Unlock92, Unlock92 2.0, Unlock92 Zipper, Useless Disk, UselessFiles, UserFilesLocker, USR0, Uyari, V8Locker, VaultCrypt, vCrypt, Velso, VenisRansomware, VenusLocker, ViACrypt, VindowsLocker, VisionCrypt, VMola, Vortex, Vurten, VxLock, Waffle, WannaCash, WannaCry, WannaCry.NET, WannaCryOnClick, WannaDie, WannaPeace, WannaSmile, WannaSpam, WhatAFuck, WhiteRose, WildFire Locker, WininiCrypt, Winnix Cryptor, WinRarer, WonderCrypter, Wooly, X Locker 5.0, XCrypt, XData, XiaoBa, XiaoBa 2.0, Xorist, Xort, XRTN, XTP Locker 5.0, XYZWare, YouAreFucked, YourRansom, Yyto, ZariqaCrypt, zCrypt, Zekwacrypt, Zenis, ZeroCrypt, ZeroRansom, Zilla, ZimbraCryptor, ZinoCrypt, ZipLocker, Zipper, Zoldon, Zyklon
Can you decrypt my data?
No. This service is strictly for identifying what ransomware may have encrypted your files. It will attempt to point you in the right direction, and let you know if there is a known way of decrypting your files. Otherwise, there is no automated recovery attempts, as each case is different.
Is my data confidential?
Any uploaded files are immediately analysed against the database of signatures. If results are found, they are immedietely deleted. If no results are found, the uploaded files may be shared with trusted malware analysts to help with future detections, or identifying a new ransomware.
Data is uploaded to the server over SSL, meaning the connection can not be intercepted by a third-party.
With that said, I cannot guarantee files are kept 100% confidential. The data is temporarily stored on a shared host, and I am not responsible for anything done otherwise with this data.
Any email addresses or BitCoin addresses found in files uploaded to ID Ransomware may be stored and shared with trusted third parties or law enforcement. No personally identifiable data is stored.
What if I have multiple results?
Many ransomware have similar "signatures" in common, such as sharing the same extension on files. This makes it difficult to be 100% certain in some cases. Results are ordered by how many matches there are to prove it may be a particular ransomware.
Can I upload a sample of the malware or suspicious files?
Can I Donate?
ID Ransomware is, and always will be, a free service to the public. It is currently a personal project that I have created to help guide victims to reliable information on a ransomware that may have infected their system. Other than direct development and signature additions to the website itself, it is an overall community effort.
I do not ask for any money for my services. I do, however, highly recommend investing in a proper backup to prevent you from becoming a victim in the future - ransomware is not the only cause of data loss! There are several easy and affordable cloud services available that offer great precautions against a ransomware attack, among other disasters.
However, if I or this website have helped you, and you really do wish to give back, feel free to toss a dollar or two my way to help with hosting costs.