I have a client who was recently victimized by CTBLocker. The ransomware has been removed, and most of the files have been recovered. However, the C: drive is now very full of files created by the malware, and these files all have randomly-generated file extensions.
These are encrypted files which may be able to be recovered in the future, so we need to copy them off the C: drive and store them in a secure offline backup location until decryption becomes available, as it did for previous versions of this malware.
The only thing these files have in common is that their extensions are usually greater than 3 characters in length. If possible, I need the Explorer search expression that will return all files with a longer extension than 3 characters. I tried ext:???? with no luck. Any help?