Sangfor EDR official website inquiry
(1) Check the ransomware family through the EDR official website, the official website address is as follows: Sangfor EDR
(2) Enter the encrypted suffix in the search box to search (Note: Some families with random suffixes cannot be searched by this method), such as POSEIDON666:
(3) Or query through the hacker mailbox, such as [email protected]:
(4) You can also search for relevant information by family name. If there is a decryption tool, you can download it:
Inquiry method of third-party organization
In addition to the Sangfor EDR official website to query the ransomware, you can also try a third-party organization to query the ransomware family. At present, these two foreign websites also have related services.
Home | The No More Ransom Project
search engine query
Use search engines to search for related ransomware features, and the results are usually highly informative. Try to use Google as a search engine.
Search encrypted suffixes:
Search ransom information:
It should be noted that the same ransomware virus may have different family names, such as the last item in the above search results. After clicking, you can see that REvil and Sodinokibi are different names for the same ransomware virus.
Features of ransomware families that must be remembered
The suffixes of ransomware viruses are constantly changing, and many families even use random suffixes, but usually generate an html/txt/hta file to guide victims to pay the ransom. Different families have different ransom information txt content structures. The same family is almost the same, so you need to remember the characteristics of some common ransomware families.
The ransom information of some common ransomware is as follows:
GlobeImposter ransomware
CrySiS ransomware
Phobos ransomware (Crysis family variant)
Sodinokibi ransomware (random suffix)
Ryuk ransomware
