Malware detection details and occasional text in parentheses next to extension

[nqekkudo]

Hello,

I'm writing in regard to how the malware detection reports details about suspicious files in the Backup & Replication console.

While most of the alerts are straightforward with the extension and a number, sometimes the extension will include text in parentheses.
What is this text meant to convey? Is it an analysis of the associated potential threat (like the name of Ransomware)? Is it the name of a folder/file?
This kind of message doesn't appear consistently and if the details includes a list of extensions, it usually only shows up for one of the extensions.
The info in the parentheses won't appear in the logs on the veeam server itself, as that just lists the suspicious files.

Here are some examples of what I've seen so far:
*.grt(Karmen HiddenTear): 2
*.encrypted(Various/Donald Trump/KeRanger OS X): 1

I appreciate any insight you can provide.
Many thanks for your time and assistance.

[Gostev]

Hello, these are the names of ransomware strain using such extensions.

[nqekkudo]

Hello, these are the names of ransomware strain using such extensions.

Hello,

Thank you very much for the quick response.

Is there a reason why only some extensions will have an associated ransomware strain and others don't?

[Dima P.]

Hello nqekkudo,

It's stored in the C:\Program Files\Veeam\Backup and Replication\Backup\SuspiciousFiles.xml file. The list is provided to us by the security team, please let us know the extensions in the question and we will investigate if its possible to add the name. Thank you!