From 379ed61c3437003136d65539976b47ebdb19ceef Mon Sep 17 00:00:00 2001 From: ismasma <43568513+ismasma@users.noreply.github.com> Date: Thu, 14 Mar 2019 17:12:42 +0100 Subject: [PATCH] Add payment method and price --- clusters/ransomware.json | 3005 ++++++++++++++++++++++++++++---------- 1 file changed, 2228 insertions(+), 777 deletions(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 573697f..ba4a83c 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -23,7 +23,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/nhtnwcuf-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "1(300$)" }, "uuid": "81b4e3ac-aa83-4616-9899-8e19ee3bb78b", "value": "Nhtnwcuf Ransomware (Fake)" @@ -42,7 +44,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/cryptojacky-ransomware.html", "https://twitter.com/jiriatvirlab/status/838779371750031360" - ] + ], + "payement method": "Bitcoin", + "price": "250 €" }, "uuid": "a8187609-329a-4de0-bda7-7823314e7db9", "value": "CryptoJacky Ransomware" @@ -57,7 +61,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/kaenlupuf-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "b97f07c4-136a-488a-9fa0-35ab45fbfe36", "value": "Kaenlupuf Ransomware" @@ -77,7 +83,8 @@ "https://id-ransomware.blogspot.co.il/2017/03/enjey-crypter-ransomware.html", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-10th-2017-spora-cerber-and-technical-writeups/", "https://www.bleepingcomputer.com/news/security/embittered-enjey-ransomware-developer-launches-ddos-attack-on-id-ransomware/" - ] + ], + "payement method": "Bitcoin" }, "uuid": "e98e6b50-00fd-484e-a5c1-4b2363579447", "value": "EnjeyCrypter Ransomware" @@ -113,7 +120,9 @@ ], "synonyms": [ "Ŧl๏tєгค гคภร๏๓ฬคгє" - ] + ], + "payement method": "Dollars", + "price": "199" }, "uuid": "04a5889d-b97d-4653-8a0f-d2df85f93430", "value": "Vortex Ransomware" @@ -131,7 +140,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/gc47-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0,0361312 (50$)" }, "uuid": "2069c483-4701-4a3b-bd51-3850c7aa59d2", "value": "GC47 Ransomware" @@ -151,7 +162,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/rozalocker-ransomware.html", "https://twitter.com/jiriatvirlab/status/840863070733885440" - ] + ], + "payement method": "Bitcoin", + "price": "10000 Rubles (135€)" }, "uuid": "f158ea74-c8ba-4e5a-b07f-52bd8fe30888", "value": "RozaLocker Ransomware" @@ -169,7 +182,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/cryptomeister-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.1" }, "uuid": "4c76c845-c5eb-472c-93a1-4178f86c319b", "value": "CryptoMeister Ransomware" @@ -203,7 +218,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/project34-ransomware.html" - ] + ], + "payement method": "MoneyPak", + "price": "300$" }, "uuid": "4af0d2bd-46da-44da-b17e-987f86957c1d", "value": "Project34 Ransomware" @@ -221,7 +238,9 @@ "https://www.bleepingcomputer.com/news/security/petrwrap-ransomware-is-a-petya-offspring-used-in-targeted-attacks/", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-17th-2017-revenge-petrwrap-and-captain-kirk/", "https://securelist.com/blog/research/77762/petrwrap-the-new-petya-based-ransomware-used-in-targeted-attacks/" - ] + ], + "payement method": "Bitcoin", + "price": "300$" }, "uuid": "e11da570-e38d-4290-8a2c-8a31ae832ffb", "value": "PetrWrap Ransomware" @@ -241,7 +260,9 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-17th-2017-revenge-petrwrap-and-captain-kirk/", "https://id-ransomware.blogspot.co.il/2017/03/karmen-ransomware.html", "https://twitter.com/malwrhunterteam/status/841747002438361089" - ] + ], + "payement method": "Bitcoin", + "price": "1.2683" }, "uuid": "da7de60e-0725-498d-9a35-303ddb5bf60a", "value": "Karmen Ransomware" @@ -286,7 +307,9 @@ ], "synonyms": [ "Fake CTB-Locker" - ] + ], + "payement method": "Bitcoin", + "price": "150$" }, "uuid": "a291ac4c-7851-480f-b317-e977a616ac9d", "value": "Turkish FileEncryptor Ransomware" @@ -301,10 +324,14 @@ ".Kirked" ], "ransomnotes": [ - "https://3.bp.blogspot.com/-USLFJX6OMD4/WMwmKIsJnEI/AAAAAAAAETQ/S8uzyHF5mWQZjra6EGBidZ6wqgzrNqIMgCLcB/s1600/full-ransom-note.png", - "!IMPORTANT ! READ CAREFULLY: Your computer has fallen victim to the Kirk malware and important files have been encrypted - locked up so they don't work. This may have broken some software, including games, office suites etc. Here's a list of some the file extensions that were targetted : *** There are an additional 441 file extensions that are targetted\n. They are mostly to do with games. To get your files back, you need to pay. Now. Payments\nrecieved more than 48 hours after the time of infection will be charged double. Further time penalties are listed below. The time of infection has been logged. Any files with the extensions listed above will now have the extra extension '.kirked\n', these files are encrypted using military grade encryption.In the place you ran this program from, you should find a note (named RANSOM_NOTE.txt) similar to this one.\nYou will also find a file named 'pwd' - this is your encrypted password file. Although it was generated by your computer, you have no way of ever decrypting it. This is due to the security of both the way it was generated and the way it was encrypted. Your files were encrypted using this password. SPOCK TO THE RESCUE!\n\"Logic, motherfucker.\" ~ Spock.\nDecrypting your files is easy. Take a deep breath and follow the steps below.1) Make the proper payment. Payments are made in Monero. This is a crypto-currency, like bitcoin. You can buy Monero, and send it, from the same places you can any othercrypto-currency. If you're still unsure, google' bitcoin exchange'. Sign up at one of these exchange sites and send the payment to the address below. Make note of the payment / transaction ID, or make one up if you have the option. Payment Address (Monero Wallet): 3000375 -199390 0 0 4AqSwfTexbNaHcn8giSJw3KPiWYHGBaCF9bdgPxvHbd5A8Q3Fc7n6FQCReEns8uEg8jUo4BeB79rwf4XSfQPVL1SKdVp2jz Prices: Days :Monero: Offer Expires\n 0-2 : 50 : 03/18/17 15:32:14\n 3-7 : 100 : 03/23/17 15:32:14\n 8-14 : 200 : 03/30/17 15:32:14\n 15-30 : 500 : 04/15/17 15:32:14 Note: In 31 days your password decryption key gets permanently deleted. You then have no way to ever retrieve your files. So pay now \n2) Email us Send your pwd file as an email attachment to one of the email addresses below. Include the payment ID from step 1. Active email addresses: kirk.help@scryptmail.com kirk.payments@scryptmail.com \n3) Decrypt your files. You will recieve your decrypted password file and a program called 'Spock'. Download these both to the same place and run Spock. Spock reads in your decrypted password file and uses it to decrypt all of the affected files on your computer. > IMPORTANT ! The password is unique to this infection. Using an old password or one from another machine will result in corrupted files. Corrupted files cannot be retrieved. Don't fuck around. \n4) Breathe. \nLIVE LONG AND PROSPER", + "!IMPORTANT ! READ CAREFULLY: Your computer has fallen victim to the Kirk malware and important files have been encrypted - locked up so they don't work. This may have broken some software, including games, office suites etc. Here's a list of some the file extensions that were targetted : *** There are an additional 441 file extensions that are targetted\n. They are mostly to do with games. To get your files back, you need to pay. Now. Payments\nrecieved more than 48 hours after the time of infection will be charged double. Further time penalties are listed below. The time of infection has been logged. Any files with the extensions listed above will now have the extra extension '.kirked\n', these files are encrypted using military grade encryption.In the place you ran this program from, you should find a note (named RANSOM_NOTE.txt) similar to this one.\nYou will also find a file named 'pwd' - this is your encrypted password file. Although it was generated by your computer, you have no way of ever decrypting it. This is due to the security of both the way it was generated and the way it was encrypted. Your files were encrypted using this password. SPOCK TO THE RESCUE!\n\"Logic, motherfucker.\" ~ Spock.\nDecrypting your files is easy. Take a deep breath and follow the steps below.1) Make the proper payment. Payments are made in Monero. This is a crypto-currency, like bitcoin. You can buy Monero, and send it, from the same places you can any othercrypto-currency. If you're still unsure, google' bitcoin exchange'. Sign up at one of these exchange sites and send the payment to the address below. Make note of the payment / transaction ID, or make one up if you have the option. Payment Address (Monero Wallet): 3000375 -199390 0 0 4AqSwfTexbNaHcn8giSJw3KPiWYHGBaCF9bdgPxvHbd5A8Q3Fc7n6FQCReEns8uEg8jUo4BeB79rwf4XSfQPVL1SKdVp2jz Prices: Days :Monero: Offer Expires\n 0-2 : 50 : 03/18/17 15:32:14\n 3-7 : 100 : 03/23/17 15:32:14\n 8-14 : 200 : 03/30/17 15:32:14\n 15-30 : 500 : 04/15/17 15:32:14 Note: In 31 days your password decryption key gets permanently deleted. You then have no way to ever retrieve your files. So pay now \n2) Email us Send your pwd file as an email attachment to one of the email addresses below. Include the payment ID from step 1. Active email addresses: kirk.help@scryptmail.com kirk.payments@scryptmail.com \n3) Decrypt your files. You will recieve your decrypted password file and a program called 'Spock'. Download these both to the same place and run Spock. Spock reads in your decrypted password file and uses it to decrypt all of the affected files on your computer. > IMPORTANT ! The password is unique to this infection. Using an old password or one from another machine will result in corrupted files. Corrupted files cannot be retrieved. Don't fuck around. \n4) Breathe. \nLIVE LONG AND PROSPER" + ], + "ransomnotes-filenames": [ "RANSOM_NOTE.txt" ], + "ransomnotes-refs": [ + "https://3.bp.blogspot.com/-USLFJX6OMD4/WMwmKIsJnEI/AAAAAAAAETQ/S8uzyHF5mWQZjra6EGBidZ6wqgzrNqIMgCLcB/s1600/full-ransom-note.png" + ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/kirkspock-ransomware.html", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-17th-2017-revenge-petrwrap-and-captain-kirk/", @@ -313,7 +340,9 @@ "http://www.securityweek.com/star-trek-themed-kirk-ransomware-emerges", "https://www.grahamcluley.com/kirk-ransomware-sports-star-trek-themed-decryptor-little-known-crypto-currency/", "https://www.virustotal.com/en/file/39a2201a88f10d81b220c973737f0becedab2e73426ab9923880fb0fb990c5cc/analysis/" - ] + ], + "payement method": "Monero", + "price": "1100 roupies (14€)" }, "uuid": "6e442a2e-97db-4a7b-b4a1-9abb4a7472d8", "value": "Kirk Ransomware & Spock Decryptor" @@ -334,7 +363,8 @@ "https://id-ransomware.blogspot.co.il/2017/03/zinocrypt-ransomware.html", "https://twitter.com/demonslay335?lang=en", "https://twitter.com/malwrhunterteam/status/842781575410597894" - ] + ], + "payement method": "Bitcoin" }, "uuid": "719c8ba7-598e-4511-a851-34e651e301fa", "value": "ZinoCrypt Ransomware" @@ -376,7 +406,9 @@ "https://id-ransomware.blogspot.co.il/2017/03/motd-ransomware.html", "https://www.bleepingcomputer.com/forums/t/642409/motd-of-ransome-hostage/", "https://www.bleepingcomputer.com/forums/t/642409/motd-ransomware-help-support-topics-motdtxt-and-enc-extension/" - ] + ], + "payement method": "Bitcoin", + "price": "2" }, "uuid": "5d1a3631-165c-4091-ba55-ac8da62efadf", "value": "MOTD Ransomware" @@ -396,7 +428,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/cryptodevil-ransomware.html", "https://twitter.com/PolarToffee/status/843527738774507522" - ] + ], + "payement method": "Dollars", + "price": "20 - 100" }, "uuid": "f3ead274-6c98-4532-b922-03d5ce4e7cfc", "value": "CryptoDevil Ransomware" @@ -415,7 +449,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/fabsyscrypto-ransomware.html", "https://twitter.com/struppigel/status/837565766073475072" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "e4d36930-2e00-4583-b5f5-d8f83736d3ce", "value": "FabSysCrypto Ransomware" @@ -448,7 +484,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/redants-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "dd3601f1-df0a-4e67-8a20-82e7ba0ed13c", "value": "RedAnts Ransomware" @@ -463,7 +501,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/consoleapplication1-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "4c3788d6-30a9-4cad-af33-81f9ce3a0d4f", "value": "ConsoleApplication1 Ransomware" @@ -479,7 +519,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/krider-ransomware.html", "https://twitter.com/malwrhunterteam/status/836995570384453632" - ] + ], + "payement method": "no ransom" }, "uuid": "f5ac03f1-4f6e-43aa-836a-cc7ece40aaa7", "value": "KRider Ransomware" @@ -490,7 +531,9 @@ "date": "February 2017", "refs": [ "https://id-ransomware.blogspot.co.il/search?updated-min=2017-01-01T00:00:00-08:00&updated-max=2018-01-01T00:00:00-08:00&max-results=50" - ] + ], + "payement method": "Bitcoin", + "price": "0.5 (300$)" }, "uuid": "44f6d489-f376-4416-9ba4-e153472f75fc", "value": "CYR-Locker Ransomware (FAKE)" @@ -509,7 +552,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/dotransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.1" }, "uuid": "0570e09d-10b9-448c-87fd-c1c4063e6592", "value": "DotRansomware" @@ -530,7 +575,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/unlock26-ransomware.html", "https://www.bleepingcomputer.com/news/security/new-raas-portal-preparing-to-spread-unlock26-ransomware/" - ] + ], + "payement method": "Bitcoin", + "price": "0.01 - 0.06" }, "uuid": "37b9a28d-8554-4233-b130-efad4be97bc0", "value": "Unlock26 Ransomware" @@ -549,7 +596,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/pickles-ransomware.html", "https://twitter.com/JakubKroustek/status/834821166116327425" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "87171865-9fc9-42a9-9bd4-a453f556f20c", "value": "PicklesRansomware" @@ -565,7 +614,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/vanguard-ransomware.html", "https://twitter.com/JAMESWT_MHT/status/834783231476166657" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "6a6eed70-3f90-420b-9e4a-5cce9428dc06", "value": "Vanguard Ransomware" @@ -607,7 +658,9 @@ "https://www.bleepingcomputer.com/news/security/new-trump-locker-ransomware-is-a-fraud-just-venuslocker-in-disguise/", "https://id-ransomware.blogspot.co.il/2017/02/trumplocker.html", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-24th-2017-trump-locker-macos-rw-and-cryptomix/" - ] + ], + "payement method": "Bitcoin", + "price": "1(50 - 165$)" }, "uuid": "63bd845c-94f6-49dc-8f0c-22e6f67820f7", "value": "TrumpLocker Ransomware" @@ -646,7 +699,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/xyzware-ransomware.html", "https://twitter.com/malwrhunterteam/status/833636006721122304" - ] + ], + "payement method": "Bitcoin", + "price": "0.1 - 0.2" }, "uuid": "f0652feb-a104-44e8-91c7-b0435253352b", "value": "XYZWare Ransomware" @@ -664,7 +719,9 @@ ], "refs": [ "https://www.enigmasoftware.com/youarefuckedransomware-removal/" - ] + ], + "payement method": "Bitcoin", + "price": "0.1 (250$)" }, "uuid": "912af0ef-2d78-4a90-a884-41f3c37c723b", "value": "YouAreFucked Ransomware" @@ -681,7 +738,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/cryptconsole-2-ransomware.html", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/" - ] + ], + "payement method": "Bitcoin", + "price": "0.5 - 0.7" }, "uuid": "7343da8f-fe18-46c9-8cda-5b04fb48e97d", "value": "CryptConsole 2.0 Ransomware" @@ -701,7 +760,9 @@ ], "synonyms": [ "BarRaxCrypt Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "c0ee166e-273f-4940-859c-ba6f8666247c", "value": "BarRax Ransomware" @@ -738,7 +799,9 @@ ], "synonyms": [ "CzechoSlovak Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "0.8 - 2" }, "uuid": "c9e29151-7eda-4192-9c34-f9a81b2ef743", "value": "UserFilesLocker Ransomware" @@ -754,7 +817,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017_03_01_archive.html", "https://id-ransomware.blogspot.co.il/2017/03/avastvirusinfo-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "6" }, "uuid": "78649172-cf5b-4e8a-950b-a967ff700acf", "value": "AvastVirusinfo Ransomware" @@ -787,7 +852,9 @@ ], "synonyms": [ "VHDLocker Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "9de7a1f2-cc21-40cf-b44e-c67f0262fbce", "value": "PleaseRead Ransomware" @@ -807,7 +874,9 @@ "https://id-ransomware.blogspot.co.il/2017/02/kasiski-ransomware.html", "https://twitter.com/MarceloRivero/status/832302976744173570", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-17th-2017-live-hermes-reversing-and-scada-poc-ransomware/" - ] + ], + "payement method": "Dollars", + "price": "500" }, "uuid": "59b537dc-3764-42fc-a416-92d2950aaff1", "value": "Kasiski Ransomware" @@ -830,7 +899,9 @@ ], "synonyms": [ "Locky Impersonator Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "26a34763-a70c-4877-b99f-ae39decd2107", "value": "Fake Locky Ransomware" @@ -851,7 +922,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/cryptoshield-2-ransomware.html", "https://www.bleepingcomputer.com/news/security/cryptomix-variant-named-cryptoshield-1-0-ransomware-distributed-by-exploit-kits/" - ] + ], + "payement method": "Email" }, "uuid": "1f915f16-2e2f-4681-a1e8-e146a0a4fcdf", "value": "CryptoShield 1.0 Ransomware" @@ -875,7 +947,8 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-17th-2017-live-hermes-reversing-and-scada-poc-ransomware/", "https://www.bleepingcomputer.com/forums/t/642019/hermes-ransomware-help-support-decrypt-informationhtml/", "https://www.bleepingcomputer.com/news/security/hermes-ransomware-decrypted-in-live-video-by-emsisofts-fabian-wosar/" - ] + ], + "payement method": "Email - Bitcoin" }, "related": [ { @@ -920,7 +993,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/wcry-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.1" }, "uuid": "0983bdda-c637-4ad9-a56f-615b2b052740", "value": "Wcry Ransomware" @@ -937,7 +1012,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/dumb-ransomware.html", "https://twitter.com/bleepincomputer/status/816053140147597312?lang=en" - ] + ], + "payement method": "Bitcoin", + "price": "0,3169" }, "uuid": "27feba66-e9c7-4414-a560-1e5b7da74d08", "value": "DUMB Ransomware" @@ -954,7 +1031,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017_02_01_archive.html", "https://id-ransomware.blogspot.co.il/2017/02/x-files-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0,2" }, "uuid": "c24f48ca-060b-4164-aafe-df7b3f43f40e", "value": "X-Files" @@ -972,7 +1051,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/polski-ransomware.html" - ] + ], + "payement method": "Dollars", + "price": "249" }, "uuid": "b50265ac-ee45-4f5a-aca1-fabe3157fc14", "value": "Polski Ransomware" @@ -993,7 +1074,8 @@ "https://id-ransomware.blogspot.co.il/2017/02/yourransom-ransomware.html", "https://www.bleepingcomputer.com/news/security/yourransom-is-the-latest-in-a-long-line-of-prank-and-educational-ransomware/", "https://twitter.com/_ddoxer/status/827555507741274113" - ] + ], + "payement method": "Email" }, "uuid": "908b914b-6744-4e16-b014-121cf2106b5f", "value": "YourRansom Ransomware" @@ -1009,7 +1091,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/ranion-raas.html", "https://www.bleepingcomputer.com/news/security/ranion-ransomware-as-a-service-available-on-the-dark-web-for-educational-purposes/" - ] + ], + "payement method": "Bitcoin", + "price": "0.6 - 0.95" }, "uuid": "b4de724f-add4-4095-aa5a-e4d039322b59", "value": "Ranion RaasRansomware" @@ -1030,7 +1114,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/polato-ransomware.html" - ] + ], + "payement method": "Email" }, "uuid": "378cb77c-bb89-4d32-bef9-1b132343f3fe", "value": "Potato Ransomware" @@ -1052,7 +1137,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/opentodecrypt-ransomware.html" - ] + ], + "payement method": "Email" }, "uuid": "e290fa29-6fc1-4fb5-ac98-44350e508bc1", "value": "of Ransomware: OpenToYou (Formerly known as OpenToDecrypt)" @@ -1074,7 +1160,9 @@ "http://www.2-spyware.com/remove-ransomplus-ransomware-virus.html", "https://id-ransomware.blogspot.co.il/2017/01/ransomplus-ransomware.html", "https://twitter.com/jiriatvirlab/status/825411602535088129" - ] + ], + "payement method": "Bitcoin", + "price": "0.25" }, "uuid": "c039a50b-f5f9-4ad0-8b66-e1d8cc86717b", "value": "RansomPlus" @@ -1098,7 +1186,9 @@ "https://twitter.com/PolarToffee/status/824705553201057794", "https://twitter.com/demonslay335/status/1004351990493741057", "https://twitter.com/demonslay335/status/1004803373747572736" - ] + ], + "payement method": "Bitcoin", + "price": "0.2" }, "uuid": "42508fd8-3c2d-44b2-9b74-33c5d82b297d", "value": "CryptConsole" @@ -1113,7 +1203,8 @@ "refs": [ "https://www.bleepingcomputer.com/forums/t/638191/zxz-ransomware-support-help-topic-zxz/?hl=%2Bzxz#entry4168310", "https://id-ransomware.blogspot.co.il/2017/01/zxz-ransomware.html" - ] + ], + "payement method": "Email" }, "uuid": "e4932d1c-2f97-474d-957e-c7df87f9591e", "value": "ZXZ Ramsomware" @@ -1145,7 +1236,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/funfact.html", "http://www.enigmasoftware.com/funfactransomware-removal/" - ] + ], + "payement method": "Bitcoin", + "price": "0,65806" }, "uuid": "2bfac605-a2c5-4742-92a2-279a08a4c575", "value": "FunFact Ransomware" @@ -1167,7 +1260,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/06/zekwacrypt-ransomware.html", "http://www.2-spyware.com/remove-zekwacrypt-ransomware-virus.html" - ] + ], + "payement method": "Email" }, "uuid": "89d5a541-ef9a-4b18-ac04-2e1384031a2d", "value": "ZekwaCrypt Ransomware" @@ -1191,7 +1285,9 @@ "http://www.securityweek.com/sage-20-ransomware-demands-2000-ransom", "https://www.bleepingcomputer.com/news/security/sage-2-0-ransomware-gearing-up-for-possible-greater-distribution/", "https://www.govcert.admin.ch/blog/27/sage-2.0-comes-with-ip-generation-algorithm-ipga" - ] + ], + "payement method": "Bitcoin", + "price": "2,15555 (2000$)" }, "uuid": "9174eef3-65f7-4ab5-9b55-b323b36fb962", "value": "Sage 2.0 Ransomware" @@ -1209,7 +1305,8 @@ "https://id-ransomware.blogspot.co.il/2017/01/cloudsword.html", "http://bestsecuritysearch.com/cloudsword-ransomware-virus-removal-steps-protection-updates/", "https://twitter.com/BleepinComputer/status/822653335681593345" - ] + ], + "payement method": "Bitcoin" }, "uuid": "a89e0ae0-e0e2-40c5-83ff-5fd672aaa2a4", "value": "CloudSword Ransomware" @@ -1231,13 +1328,16 @@ ], "synonyms": [ "Fake" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "327eb8b4-5793-42f0-96c0-7f651a0debdc", "value": "DN" }, { - "description": "It’s directed to English speaking users, therefore is able to infect worldwide. Its original name is FileSpy and FileSpy Application. It is spread using email spam, fake updates, infected attachments and so on. It encryps all your files, including: music, MS Office, Open Office, pictures etc..", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. Its original name is FileSpy and FileSpy Application. It is spread using email spam, fake updates, infected attachments and so on. It encryps all your files, including: music, MS Office, + etc..", "meta": { "date": "January 2017", "encryption": "AES", @@ -1250,7 +1350,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/garryweber.html" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "b6e6da33-bf23-4586-81cf-dcfe10e13a81", "value": "GarryWeber Ransomware" @@ -1273,7 +1375,9 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-20th-2017-satan-raas-spora-locky-and-more/", "https://www.bleepingcomputer.com/news/security/new-satan-ransomware-available-through-a-ransomware-as-a-service-/", "https://twitter.com/Xylit0l/status/821757718885236740" - ] + ], + "payement method": "Bitcoin", + "price": "0.1 - your choice" }, "related": [ { @@ -1303,7 +1407,9 @@ ], "synonyms": [ "HavocCrypt Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "150 $" }, "uuid": "c6bef9c8-becb-4bee-bd97-c1c655133396", "value": "Havoc" @@ -1324,7 +1430,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/cryptosweettooth.html", "http://sensorstechforum.com/remove-cryptosweettooth-ransomware-restore-locked-files/" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "ca831782-fcbf-4984-b04e-d79b14e48a71", "value": "CryptoSweetTooth Ransomware" @@ -1348,7 +1456,9 @@ "synonyms": [ "RansomTroll Ransomware", "Käändsõna Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "aed61a0a-dc48-43ac-9c33-27e5a286899e", "value": "Kaandsona Ransomware" @@ -1368,7 +1478,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/lambdalocker.html", "http://cfoc.org/how-to-restore-files-affected-by-the-lambdalocker-ransomware/" - ] + ], + "payement method": "Bitcoin", + "price": "0.5 - 1" }, "uuid": "0d1b35e9-c87a-4972-8c27-a11c13e351d7", "value": "LambdaLocker Ransomware" @@ -1391,7 +1503,8 @@ ], "synonyms": [ "HakunaMatataRansomware" - ] + ], + "payement method": "Website (onion)" }, "uuid": "0645cae2-bda9-4d68-8bc3-c3c1eb9d1801", "value": "NMoreia 2.0 Ransomware" @@ -1413,7 +1526,9 @@ "https://id-ransomware.blogspot.co.il/2017/01/marlboro.html", "https://decrypter.emsisoft.com/marlboro", "https://www.bleepingcomputer.com/news/security/marlboro-ransomware-defeated-in-one-day/" - ] + ], + "payement method": "Bitcoin", + "price": "0.2" }, "uuid": "4ae98da3-c667-4c6e-b0fb-5b52c667637c", "value": "Marlboro Ransomware" @@ -1431,7 +1546,9 @@ "https://id-ransomware.blogspot.co.il/2017/01/spora-ransomware.html", "https://blog.gdatasoftware.com/2017/01/29442-spora-worm-and-ransomware", "http://blog.emsisoft.com/2017/01/10/from-darknet-with-love-meet-spora-ransomware/" - ] + ], + "payement method": "Bitcoin" + "price": "79$" }, "uuid": "46601172-d938-47af-8cf5-c5a796ab68ab", "value": "Spora Ransomware" @@ -1446,7 +1563,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/cryptokill-ransomware.html" - ] + ], + "payement method": "Bitcoin" }, "uuid": "7ae2f594-8a72-4ba8-a37a-32457d1d3fe8", "value": "CryptoKill Ransomware" @@ -1463,7 +1581,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/allyourdocuments-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.35" }, "uuid": "62120e20-21f6-474b-9dc1-fc871d25c798", "value": "All_Your_Documents Ransomware" @@ -1485,7 +1605,9 @@ "https://www.bleepingcomputer.com/news/security/ultranationalist-developer-behind-serbransom-ransomware/", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-10th-2017-serpent-spora-id-ransomware/", "https://twitter.com/malwrhunterteam/status/830116190873849856" - ] + ], + "payement method": "Bitcoin", + "price": "500$" }, "uuid": "fb1e99cb-73fa-4961-a052-c90b3f383542", "value": "SerbRansom 2017 Ransomware" @@ -1502,7 +1624,9 @@ "https://id-ransomware.blogspot.co.il/2017/02/fadesoft-ransomware.html", "https://twitter.com/malwrhunterteam/status/829768819031805953", "https://twitter.com/malwrhunterteam/status/838700700586684416" - ] + ], + "payement method": "Bitcoin", + "price": "0.33" }, "uuid": "ccfe7f6a-9c9b-450a-a4c7-5bbaf4a82e37", "value": "Fadesoft Ransomware" @@ -1522,7 +1646,9 @@ "https://id-ransomware.blogspot.co.il/2017/02/hugeme-ransomware.html", "https://www.ozbargain.com.au/node/228888?page=3", "https://id-ransomware.blogspot.co.il/2016/04/magic-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "681ad7cc-fda0-40dc-83b3-91fdfdec81e1", "value": "HugeMe Ransomware" @@ -1544,7 +1670,9 @@ ], "synonyms": [ "DynA CryptoLocker Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "50$" }, "uuid": "9979ae53-98f7-49a2-aa1e-276973c2b44f", "value": "DynA-Crypt Ransomware" @@ -1565,7 +1693,9 @@ ], "synonyms": [ "Serpent Danish Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "0.75 (787.09$) - 2.25 (2366.55$ after 7 days)" }, "uuid": "3b472aac-085b-409e-89f1-e8c766f7c401", "value": "Serpent 2017 Ransomware" @@ -1582,7 +1712,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/erebus-2017-ransomware.html", "https://www.bleepingcomputer.com/news/security/erebus-ransomware-utilizes-a-uac-bypass-and-request-a-90-ransom-payment/" - ] + ], + "payement method": "Bitcoin", + "price": "0.085" }, "uuid": "c21e637c-6611-47e1-a191-571409b6669a", "value": "Erebus 2017 Ransomware" @@ -1602,7 +1734,9 @@ ], "synonyms": [ "Ransomuhahawhere" - ] + ], + "payement method": "Bitcoin", + "price": "0.085" }, "uuid": "dcb183d1-11b5-464c-893a-21e132cb7b51", "value": "Cyber Drill Exercise " @@ -1620,7 +1754,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/cancer-ransomware.html", "https://www.bleepingcomputer.com/news/security/watch-your-computer-go-bonkers-with-cancer-trollware/" - ] + ], + "payement method": "no ransom" }, "uuid": "ef747d7f-894e-4c0c-ac0f-3fa1ef3ef17f", "value": "Cancer Ransomware FAKE" @@ -1639,7 +1774,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/updatehost-ransomware.html", "https://www.bleepingcomputer.com/startups/Windows_Update_Host-16362.html" - ] + ], + "payement method": "Email - Bitcoin" }, "uuid": "ed5b30b0-2949-410a-bc4c-3d90de93d033", "value": "UpdateHost Ransomware" @@ -1657,7 +1793,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/nemesis-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "10" }, "uuid": "b5942085-c9f2-4d1a-aadf-1061ad38fb1d", "value": "Nemesis Ransomware" @@ -1686,7 +1824,8 @@ ], "synonyms": [ "File0Locked KZ Ransomware" - ] + ], + "payement method": "Email" }, "uuid": "57933295-4a0e-4f6a-b06b-36807ff150cd", "value": "Evil Ransomware" @@ -1705,7 +1844,9 @@ ], "synonyms": [ "Ocelot Locker Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "0.03" }, "uuid": "054b9fbd-72fa-464f-a683-a69ab3936d69", "value": "Ocelot Ransomware (FAKE RANSOMWARE)" @@ -1726,7 +1867,9 @@ ], "synonyms": [ "Blablabla Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "1000 CZK" }, "uuid": "00b8ff33-1504-49a4-a025-b761738eed68", "value": "SkyName Ransomware" @@ -1750,7 +1893,9 @@ ], "synonyms": [ "Depsex Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "155$" }, "uuid": "e5a60429-ae5d-46f4-a731-da9e2fcf8b92", "value": "MafiaWare Ransomware" @@ -1788,7 +1933,9 @@ ], "synonyms": [ "Purge Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "3" }, "related": [ { @@ -1819,7 +1966,9 @@ ], "synonyms": [ "FireCrypt Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "500$" }, "uuid": "fbb3fbf9-50d7-4fe1-955a-fd4defa0cb08", "value": "BleedGreen Ransomware" @@ -1839,7 +1988,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/btcamant.html" - ] + ], + "payement method": "Email" }, "uuid": "a5826bd3-b457-4aa9-a2e7-f0044ad9992f", "value": "BTCamant Ransomware" @@ -1859,7 +2009,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/x3m-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "700$" }, "uuid": "192bc3e8-ace8-4229-aa88-37034a11ef5b", "value": "X3M Ransomware" @@ -1880,7 +2032,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/gog-ransomware.html", "https://twitter.com/BleepinComputer/status/816112218815266816" - ] + ], + "payement method": "Bitcoin - WebSite (onion)" }, "uuid": "c3ef2acd-cc5d-4240-80e7-47e85b46db96", "value": "GOG Ransomware" @@ -1899,7 +2052,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/edgelocker-ransomware.html", "https://twitter.com/BleepinComputer/status/815392891338194945" - ] + ], + "payement method": "Bitcoin", + "price": "0.1" }, "uuid": "ecfa106d-0aff-4f7e-a259-f00eb14fc245", "value": "EdgeLocker" @@ -1919,7 +2074,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/red-alert-ransomware.html", "https://twitter.com/JaromirHorejsi/status/815557601312329728" - ] + ], + "payement method": "Website" }, "related": [ { @@ -1946,7 +2102,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/first-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "1.5" }, "uuid": "ed26fcf3-47fb-45cc-b5f9-de18f6491934", "value": "First" @@ -1963,7 +2121,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/xcrypt-ransomware.html", "https://twitter.com/JakubKroustek/status/825790584971472902" - ] + ], + "payement method": "Email" }, "uuid": "fd5bb71f-80dc-4a6d-ba8e-ed74999700d3", "value": "XCrypt Ransomware" @@ -1982,7 +2141,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/7zipper-ransomware.html", "https://1.bp.blogspot.com/-ClM0LCPjQuk/WI-BgHTpdNI/AAAAAAAADc8/JyEQ8-pcJmsXIntuP-MMdE-pohVncxTXQCLcB/s1600/7-zip-logo.png" - ] + ], + "payement method": "Email" }, "uuid": "d8ec9e54-a4a4-451e-9f29-e7503174c16e", "value": "7Zipper Ransomware" @@ -2004,7 +2164,9 @@ "https://www.pcrisk.com/removal-guides/10899-zyka-ransomware", "https://download.bleepingcomputer.com/demonslay335/StupidDecrypter.zip", "https://twitter.com/GrujaRS/status/826153382557712385" - ] + ], + "payement method": "Bitcoin", + "price": "170€/$" }, "uuid": "7b7c8124-c679-4201-b5a5-5e66e6d52b70", "value": "Zyka Ransomware" @@ -2020,7 +2182,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/sureransom-ransomware.html", "http://www.forbes.com/sites/leemathews/2017/01/27/fake-ransomware-is-tricking-people-into-paying/#777faed0381c" - ] + ], + "payement method": "Bitcoin", + "price": "50£" }, "uuid": "a9365b55-acd8-4b70-adac-c86d121b80b3", "value": "SureRansom Ransomeware (Fake)" @@ -2044,7 +2208,9 @@ "http://www.darkreading.com/attacks-breaches/netflix-scam-spreads-ransomware/d/d-id/1328012", "https://4.bp.blogspot.com/-bQQ4DTIClvA/WJCIh6Uq2nI/AAAAAAAADfY/hB5HcjuGgh8rRJKeLHo__IRz3Ezth22-wCEw/s1600/form1.jpg", "https://4.bp.blogspot.com/-ZnWdPDprJOg/WJCPeCtP4HI/AAAAAAAADfw/kR0ifI1naSwTAwSuOPiw8ZCPr0tSIz1CgCLcB/s1600/netflix-akk.png" - ] + ], + "payement method": "Bitcoin", + "price": "0.18 (100$)" }, "uuid": "1317351f-ec8f-4c76-afab-334e1384d3d3", "value": "Netflix Ransomware" @@ -2077,7 +2243,8 @@ "synonyms": [ "Merry X-Mas", "MRCR" - ] + ], + "payement method": "Email" }, "uuid": "72cbed4e-b26a-46a1-82be-3d0154fdd2e5", "value": "Merry Christmas" @@ -2092,7 +2259,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/seoirse-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "bdf807c2-74ec-4802-9907-a89b1d910296", "value": "Seoirse Ransomware" @@ -2113,7 +2282,9 @@ "http://www.securityweek.com/destructive-killdisk-malware-turns-ransomware", "http://www.welivesecurity.com/2017/01/05/killdisk-now-targeting-linux-demands-250k-ransom-cant-decrypt/", "https://cyberx-labs.com/en/blog/new-killdisk-malware-brings-ransomware-into-industrial-domain/" - ] + ], + "payement method": "Bitcoin", + "price": "222 (200 000$)" }, "uuid": "8e067af6-d1f7-478a-8a8e-5154d2685bd1", "value": "KillDisk Ransomware" @@ -2133,7 +2304,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/derialock-ransomware.html", "https://www.bleepingcomputer.com/news/security/new-derialock-ransomware-active-on-christmas-includes-an-unlock-all-command/" - ] + ], + "payement method": "Bitcoin", + "price": "20 - 30$" }, "uuid": "c0d7acd4-5d64-4571-9b07-bd4bd0d27ee3", "value": "DeriaLock Ransomware" @@ -2153,7 +2326,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/badencript-ransomware.html", "https://twitter.com/demonslay335/status/813064189719805952" - ] + ], + "payement method": "Email - Bitcoin" }, "uuid": "43bfbb2a-9416-44da-81ef-03d6d3a3923f", "value": "BadEncript Ransomware" @@ -2171,7 +2345,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/adamlocker-ransomware.html" - ] + ], + "payement method": "Website" }, "uuid": "5e7d10b7-18ec-47f7-8f13-6fd03d10a8bc", "value": "AdamLocker Ransomware" @@ -2190,7 +2365,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/alphabet-ransomware.html", "https://twitter.com/PolarToffee/status/812331918633172992" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "related": [ { @@ -2221,7 +2398,9 @@ ], "synonyms": [ "KokoLocker Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "0.1" }, "uuid": "d672fe4f-4561-488e-bca6-20385b53d77f", "value": "KoKoKrypt Ransomware" @@ -2239,8 +2418,10 @@ "https://2.bp.blogspot.com/-yncl7-Jy198/WGDjdgNKXjI/AAAAAAAACzA/bfkDgwWEGKggUG3E1tgPBAWDXwi-p-7AwCLcB/s1600/note_2.png" ], "refs": [ - "https://id-ransomware.blogspot.co.il/2016/12/l33taf-locker-ransomware.html" - ] + "https://id-ransomware.blogspot.co.il/2016/12/l33taf-locker-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "791a6720-d589-4cf7-b164-08b35b453ac7", "value": "L33TAF Locker Ransomware" @@ -2258,7 +2439,9 @@ ], "synonyms": [ "PClock SysGop Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "0.6 - 1.6" }, "uuid": "b78be3f4-e39b-41cc-adc0-5824f246959b", "value": "PClock4 Ransomware" @@ -2277,7 +2460,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/guster-ransomware.html", "https://twitter.com/BleepinComputer/status/812131324979007492" - ] + ], + "payement method": "Bitcoin", + "price": "0.4" }, "uuid": "ffa7ac2f-b216-4fac-80be-e859a0e0251f", "value": "Guster Ransomware" @@ -2295,7 +2480,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/roga-ransomware.html" - ] + ], + "payement method": "Website (gift card)" }, "related": [ { @@ -2325,7 +2511,9 @@ ], "synonyms": [ "Fake CryptoLocker" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "4094b021-6654-49d5-9b80-a3666a1c1e44", "value": "CryptoLocker3 Ransomware" @@ -2346,7 +2534,9 @@ "http://www.archersecuritygroup.com/what-is-ransomware/", "https://twitter.com/demonslay335/status/812002960083394560", "https://twitter.com/malwrhunterteam/status/811613888705859586" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "4cf270e7-e4df-49d5-979b-c13d8ce117cc", "value": "ProposalCrypt Ransomware" @@ -2363,7 +2553,9 @@ "https://id-ransomware.blogspot.co.il/2016/12/manifestus-ransomware.html", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-23rd-2016-cryptxxx-koolova-cerber-and-more/", "https://twitter.com/struppigel/status/811587154983981056" - ] + ], + "payement method": "Bitcoin", + "price": "0.2 (160$)" }, "uuid": "e62ba8f5-e7ce-44ab-ac33-713ace192de3", "value": "Manifestus Ransomware " @@ -2388,7 +2580,9 @@ "synonyms": [ "IDRANSOMv3", "Manifestus" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "related": [ { @@ -2416,7 +2610,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/braincrypt-ransomware.html" - ] + ], + "payement method": "Email" }, "uuid": "ade6ec5e-e082-43cb-9b82-ff8c0f4d7e56", "value": "BrainCrypt Ransomware" @@ -2433,7 +2628,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/msn-cryptolocker-ransomware.html", "https://twitter.com/struppigel/status/810766686005719040" - ] + ], + "payement method": "Bitcoin", + "price": "0.2" }, "uuid": "7de27419-9874-4c3f-b75f-429a507ed7c5", "value": "MSN CryptoLocker Ransomware" @@ -2449,7 +2646,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/cryptoblock-ransomware.html", "https://twitter.com/drProct0r/status/810500976415281154" - ] + ], + "payement method": "Bitcoin", + "price": "0.3" }, "uuid": "7b0df78e-8f00-468f-a6ef-3e1bda2a344c", "value": "CryptoBlock Ransomware " @@ -2468,7 +2667,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/aes-ni-ransomware.html" - ] + ], + "payement method": "Email" }, "uuid": "69c9b45f-f226-485f-9033-fcb796c315cf", "value": "AES-NI Ransomware " @@ -2487,7 +2687,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/koolova-ransomware.html", "https://www.bleepingcomputer.com/news/security/koolova-ransomware-decrypts-for-free-if-you-read-two-articles-about-ransomware/" - ] + ], + "payement method": "Game" }, "uuid": "ff6b8fc4-cfe0-45c1-9814-3261e39b4c9a", "value": "Koolova Ransomware" @@ -2517,7 +2718,9 @@ "synonyms": [ "Globe Imposter", "GlobeImposter" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "related": [ { @@ -2544,7 +2747,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/v8locker-ransomware.html" - ] + ], + "payement method": "Email" }, "uuid": "45862a62-4cb3-4101-84db-8e338d17e283", "value": "V8Locker Ransomware" @@ -2562,7 +2766,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/cryptorium-ransomware.html" - ] + ], + "payement method": "Website" }, "uuid": "96bd63e5-99bd-490c-a23a-e0092337f6e6", "value": "Cryptorium (Fake Ransomware)" @@ -2580,7 +2785,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/antihacker2017-ransomware.html" - ] + ], + "payement method": "Email" }, "uuid": "efd64e86-611a-4e10-91c7-e741cf0c58d9", "value": "Antihacker2017 Ransomware" @@ -2597,7 +2803,9 @@ "https://www.bleepingcomputer.com/virus-removal/remove-cia-special-agent-767-screen-locker", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-16th-2016-samas-no-more-ransom-screen-lockers-and-more/", "https://guides.yoosecurity.com/cia-special-agent-767-virus-locks-your-pc-screen-how-to-unlock/" - ] + ], + "payement method": "Dollars", + "price": "100 - 250 - 500" }, "uuid": "e479e32e-c884-4ea0-97d3-3c3356135719", "value": "CIA Special Agent 767 Ransomware (FAKE!!!)" @@ -2611,7 +2819,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/loveserver-ransomware.html" - ] + ], + "payement method": "Email" }, "uuid": "d1698a73-8be8-4c10-8114-8cfa1c399eb1", "value": "LoveServer Ransomware " @@ -2632,7 +2841,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/kraken-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "2" }, "uuid": "51737c36-11a0-4c25-bd87-a990bd479aaf", "value": "Kraken Ransomware" @@ -2647,7 +2858,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/antix-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.25" }, "uuid": "8a7e0615-b9bd-41ab-89f1-62d041350e99", "value": "Antix Ransomware" @@ -2667,7 +2880,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/payday-ransomware.html", "https://twitter.com/BleepinComputer/status/808316635094380544" - ] + ], + "payement method": "Bitcoin", + "price": "950 bresilian real ($)" }, "uuid": "70324b69-6076-4d00-884e-7f9d5537a65a", "value": "PayDay Ransomware " @@ -2682,7 +2897,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/slimhem-ransomware.html" - ] + ], + "payement method": "no ransom" }, "uuid": "76b14980-e53c-4209-925e-3ab024210734", "value": "Slimhem Ransomware" @@ -2698,7 +2914,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/m4n1f3sto-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.3" }, "uuid": "94a3be6b-3a83-40fb-85b2-555239260235", "value": "M4N1F3STO Ransomware (FAKE!!!!!)" @@ -2713,7 +2931,8 @@ ], "synonyms": [ "DaleLocker Ransomware" - ] + ], + "payement method": "Email" }, "uuid": "abe6cbe4-9031-46da-9e1c-89d9babe6449", "value": "Dale Ransomware" @@ -2732,7 +2951,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/ultralocker-ransomware.html", "https://twitter.com/struppigel/status/807161652663742465" - ] + ], + "payement method": "Bitcoin", + "price": "1000 $" }, "uuid": "3a66610b-5197-4af9-b662-d873afc81b2e", "value": "UltraLocker Ransomware" @@ -2752,7 +2973,8 @@ "https://id-ransomware.blogspot.co.il/2016/12/aeskeygenassist-ransomware.html", "https://id-ransomware.blogspot.co.il/2016/09/dxxd-ransomware.html", "https://www.bleepingcomputer.com/forums/t/634258/aes-key-gen-assistprotonmailcom-help-support/" - ] + ], + "payement method": "Email" }, "uuid": "d755510f-d775-420c-83a0-b0fe9e483256", "value": "AES_KEY_GEN_ASSIST Ransomware" @@ -2771,7 +2993,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/code-virus-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.5 - 1" }, "uuid": "a23d7c45-7200-4074-9acf-8789600fa145", "value": "Code Virus Ransomware " @@ -2789,7 +3013,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/flkr-ransomware.html" - ] + ], + "payement method": "Email" }, "uuid": "1cdc34ce-43b7-4df1-ae8f-ae0acbe5e4ad", "value": "FLKR Ransomware" @@ -2812,7 +3037,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/popcorntime-ransomware.html", "https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/" - ] + ], + "payement method": "Bitcoin", + "price": "0.5 - 1" }, "uuid": "c1b3477b-cd7f-4726-8744-a2c44275dffd", "value": "PopCorn Time Ransomware" @@ -2830,7 +3057,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/hackedlocker-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.33 - 0.5" }, "uuid": "c2624d8e-da7b-4d94-b06f-363131ddb6ac", "value": "HackedLocker Ransomware" @@ -2851,7 +3080,9 @@ "https://id-ransomware.blogspot.co.il/2016/12/goldeneye-ransomware.html", "https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/", "https://www.bleepingcomputer.com/forums/t/634778/golden-eye-virus/" - ] + ], + "payement method": "Bitcoin", + "price": "1.33 - 1.34" }, "uuid": "ac7affb8-971d-4c05-84f0-172b61d007d7", "value": "GoldenEye Ransomware" @@ -2871,7 +3102,9 @@ "https://id-ransomware.blogspot.co.il/2016/12/sage-ransomware.html", "https://www.bleepingcomputer.com/forums/t/634978/sage-file-sample-extension-sage/", "https://www.bleepingcomputer.com/forums/t/634747/sage-20-ransomware-sage-support-help-topic/" - ] + ], + "payement method": "Bitcoin", + "price": "0.74 (545 $)" }, "uuid": "3e5a475f-7467-49ab-917a-4d1f590ad9b4", "value": "Sage Ransomware" @@ -2892,7 +3125,9 @@ ], "synonyms": [ "VO_ Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "4(1040 $)" }, "uuid": "5024f328-2595-4dbd-9007-218147e55d5f", "value": "SQ_ Ransomware" @@ -2950,7 +3185,8 @@ "synonyms": [ "Malta Ransomware", "Matrix Ransomware" - ] + ], + "payement method": "Email" }, "uuid": "42ee85b9-45f8-47a3-9bab-b695ac271544", "value": "Matrix" @@ -2968,7 +3204,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/satan666-ransomware.html" - ] + ], + "payement method": "Email" }, "uuid": "03d92e7b-95ae-4c5b-8b58-daa2fd98f7a1", "value": "Satan666 Ransomware" @@ -2988,7 +3225,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/rip-ransomware.html", "https://twitter.com/BleepinComputer/status/804810315456200704" - ] + ], + "payement method": "Bitcoin", + "price": "0.2" }, "uuid": "5705df4a-42b0-4579-ad9f-8bfa42bae471", "value": "RIP (Phoenix) Ransomware" @@ -3009,7 +3248,8 @@ "https://id-ransomware.blogspot.co.il/2016/11/novalid-ransomware.html", "https://www.bleepingcomputer.com/forums/t/634754/locked-in-ransomware-help-support-restore-corupted-fileshtml/", "https://twitter.com/struppigel/status/807169774098796544" - ] + ], + "payement method": "Bitcoin - Link WebSite" }, "uuid": "777f0b78-e778-435f-b4d5-e40f0b7f54c3", "value": "Locked-In Ransomware or NoValid Ransomware" @@ -3039,7 +3279,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/renlocker-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "957850f7-081a-4191-9e5e-cf9ff27584ac", "value": "RenLocker Ransomware (FAKE)" @@ -3056,7 +3298,8 @@ "https://id-ransomware.blogspot.co.il/2016/11/thanksgiving-ransomware.html", "https://id-ransomware.blogspot.co.il/2016/07/stampado-ransomware-1.html", "https://twitter.com/BleepinComputer/status/801486420368093184" - ] + ], + "payement method": "Email" }, "uuid": "459ea908-e39e-4274-8866-362281e24911", "value": "Thanksgiving Ransomware" @@ -3075,7 +3318,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/cockblocker-ransomware.html", "https://twitter.com/jiriatvirlab/status/801910919739674624" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "3a40c5ae-b117-45cd-b674-a7750e3f3082", "value": "CockBlocker Ransomware" @@ -3094,7 +3339,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/lomix-ransomware.html", "https://twitter.com/siri_urz/status/801815087082274816" - ] + ], + "payement method": "Bitcoin", + "price": "0.68096697 (500$)" }, "uuid": "e721b7c5-df07-4e26-b375-fc09a4911451", "value": "Lomix Ransomware" @@ -3116,7 +3363,9 @@ "https://id-ransomware.blogspot.co.il/2016/11/ozozalocker-ransomware.html", "https://decrypter.emsisoft.com/ozozalocker", "https://twitter.com/malwrhunterteam/status/801503401867673603" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "d20b0d12-1a56-4339-b02b-eb3803dc3e6e", "value": "OzozaLocker Ransomware" @@ -3138,7 +3387,8 @@ ], "synonyms": [ "m0on Ransomware" - ] + ], + "payement method": "WebSite link" }, "uuid": "5539c8e7-2058-4757-b9e3-71ff7d41db31", "value": "Crypute Ransomware" @@ -3161,7 +3411,9 @@ ], "synonyms": [ "Fake Maktub Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "0,5 - 1,5" }, "uuid": "9490641f-6a51-419c-b3dc-c6fa2bab4ab3", "value": "NMoreira Ransomware" @@ -3183,7 +3435,9 @@ "https://rol.im/VindowsUnlocker.zip", "https://twitter.com/JakubKroustek/status/800729944112427008", "https://www.bleepingcomputer.com/news/security/vindowslocker-ransomware-mimics-tech-support-scam-not-the-other-way-around/" - ] + ], + "payement method": "Call Number", + "price": "349.99$" }, "uuid": "b58e1265-2855-4c8a-ac34-bb1504086084", "value": "VindowsLocker Ransomware" @@ -3203,7 +3457,8 @@ "refs": [ "http://id-ransomware.blogspot.co.il/2016/09/donald-trump-ransomware.html", "https://www.bleepingcomputer.com/news/security/the-donald-trump-ransomware-tries-to-build-walls-around-your-files/" - ] + ], + "payement method": "no ransom" }, "uuid": "96c10791-258f-4b2b-a2cc-b5abddbdb285", "value": "Donald Trump 2 Ransomware" @@ -3222,7 +3477,8 @@ ], "synonyms": [ "Voldemort Ransomware" - ] + ], + "payement method": "CreditCard" }, "uuid": "46a35af7-9d05-4de4-a955-41ccf3d3b83b", "value": "Nagini Ransomware" @@ -3242,7 +3498,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/shelllocker-ransomware.html", "https://twitter.com/JakubKroustek/status/799388289337671680" - ] + ], + "payement method": "Bitcoin", + "price": "100$" }, "uuid": "a8ea7a67-c019-4c6c-8061-8614c47f153e", "value": "ShellLocker Ransomware" @@ -3267,7 +3525,8 @@ ], "synonyms": [ "ChipLocker Ransomware" - ] + ], + "payement method": "Tor WebSite" }, "uuid": "7487fd37-d4ba-4c85-b6f8-8d4d7d5b74d7", "value": "Chip Ransomware" @@ -3332,7 +3591,8 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/", "https://www.youtube.com/watch?v=qjoYtwLx2TI", "https://twitter.com/GrujaRS/status/1072139616910757888" - ] + ], + "payement method": "Bitcoin - Email" }, "uuid": "2b365b2c-4a9a-4b66-804d-3b2d2814fe7b", "value": "Dharma Ransomware" @@ -3351,7 +3611,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/angela-merkel-ransomware.html", "https://twitter.com/malwrhunterteam/status/798268218364358656" - ] + ], + "payement method": "Bitcoin", + "price": "1200€" }, "uuid": "a9bb4ae1-b4da-49bb-aeeb-3596cb883860", "value": "Angela Merkel Ransomware" @@ -3376,7 +3638,9 @@ ], "synonyms": [ "YafunnLocker" - ] + ], + "payement method": "Bitcoin", + "price": "0.7 - 2.1" }, "uuid": "615b682d-4746-464d-8091-8869d0e6ea2c", "value": "CryptoLuck Ransomware" @@ -3412,7 +3676,9 @@ "synonyms": [ "Nemesis", "X3M" - ] + ], + "payement method": "Bitcoin", + "price": "0.2 - 2" }, "uuid": "117693d2-1551-486e-93e5-981945eecabd", "value": "Crypton Ransomware" @@ -3434,7 +3700,9 @@ "https://id-ransomware.blogspot.co.il/2016/11/karma-ransomware.html", "https://www.bleepingcomputer.com/news/security/researcher-finds-the-karma-ransomware-being-distributed-via-pay-per-install-network/", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-18th-2016-crysis-cryptoluck-chip-and-more/" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "51596eaa-6df7-4aa3-8df4-cec3aeffb1b5", "value": "Karma Ransomware" @@ -3452,7 +3720,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/wickedlocker-ht-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "878c06be-95d7-4a0d-9dba-178ffc1d3e5e", "value": "WickedLocker HT Ransomware" @@ -3482,7 +3752,9 @@ "PClock SuppTeam Ransomware", "WinPlock", "CryptoLocker clone" - ] + ], + "payement method": "Bitcoin", + "price": "0.55 - 0.65" }, "uuid": "6c38f175-b32a-40ef-8cad-33c2c8840d51", "value": "PClock3 Ransomware" @@ -3505,7 +3777,8 @@ ], "synonyms": [ "Kolobocheg Ransomware" - ] + ], + "payement method": "Email" }, "uuid": "f32f0bec-961b-4c01-9cc1-9cf409efd598", "value": "Kolobo Ransomware" @@ -3527,7 +3800,9 @@ ], "synonyms": [ "Paysafecard Generator 2016" - ] + ], + "payement method": "PaySafeCard", + "price": "100€" }, "uuid": "379d5258-6f11-4c41-a685-c2ff555c0cb9", "value": "PaySafeGen (German) Ransomware" @@ -3549,7 +3824,9 @@ "https://malwarebytes.app.box.com/s/kkxwgzbpwe7oh59xqfwcz97uk0q05kp3", "https://blog.malwarebytes.com/threat-analysis/2016/11/telecrypt-the-ransomware-abusing-telegram-api-defeated/", "https://securelist.com/blog/research/76558/the-first-cryptor-to-exploit-telegram/" - ] + ], + "payement method": "Qhvi-wallet / Yandex-wallet", + "price": "5000 rubles" }, "uuid": "2f362760-925b-4948-aae5-dd0d2fc21002", "value": "Telecrypt Ransomware" @@ -3569,7 +3846,9 @@ "https://id-ransomware.blogspot.co.il/2016/11/cerbertear-ransomware.html", "https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/november-2016-month-ransomware/", "https://twitter.com/struppigel/status/795630452128227333" - ] + ], + "payement method": "Bitcoin", + "price": "0.4" }, "uuid": "28808e63-e71f-4aaa-b203-9310745f87b6", "value": "CerberTear Ransomware" @@ -3584,7 +3863,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/fucksociety-ransomware.html" - ] + ], + "payement method": "Bitcoin" }, "uuid": "81c476c3-3190-440d-be4a-ea875e9415aa", "value": "FuckSociety Ransomware" @@ -3610,7 +3890,9 @@ ], "synonyms": [ "Serpent Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "0.33" }, "uuid": "4818a48a-dfc2-4f35-a76d-e4fb462d6c94", "value": "PayDOS Ransomware" @@ -3647,7 +3929,9 @@ "https://id-ransomware.blogspot.co.il/2016/11/gremit-ransomware.html", "https://twitter.com/struppigel/status/794444032286060544", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-4th-2016-cerber-paydos-alcatraz-locker-and-more/" - ] + ], + "payement method": "Bitcoin", + "price": "0.03" }, "uuid": "47512afc-ecf2-4766-8487-8f3bc8dddbf3", "value": "Gremit Ransomware" @@ -3665,7 +3949,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/hollycrypt-ransomware.html" - ] + ], + "payement method": "Bitcoin Email" }, "uuid": "b77298c1-3f84-4ffb-a81b-36eab5c10881", "value": "Hollycrypt Ransomware" @@ -3686,7 +3971,8 @@ ], "synonyms": [ "BTC Ransomware" - ] + ], + "payement method": "Email" }, "uuid": "3f461284-85a1-441c-b07d-8b547be43ca2", "value": "BTCLocker Ransomware" @@ -3706,7 +3992,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/kangaroo-ransomware.html", "https://www.bleepingcomputer.com/news/security/the-kangaroo-ransomware-not-only-encrypts-your-data-but-tries-to-lock-you-out-of-windows/" - ] + ], + "payement method": "Bitcoin", + "price": "2" }, "uuid": "5ab1449f-7e7d-47e7-924a-8662bc2df805", "value": "Kangaroo Ransomware" @@ -3724,7 +4012,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/dummyencrypter-ransomware.html" - ] + ], + "payement method": "Email" }, "uuid": "6bf055c6-acb2-4459-92b0-70d61616ab62", "value": "DummyEncrypter Ransomware" @@ -3746,7 +4035,8 @@ ], "synonyms": [ "SFX Monster Ransomware" - ] + ], + "payement method": "Email" }, "uuid": "317cab8a-31a1-4a82-876a-94edc7afffba", "value": "Encryptss77 Ransomware" @@ -3764,7 +4054,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/winrarer-ransomware.html" - ] + ], + "payement method": "Website (onion)" }, "uuid": "7ee22340-ed89-4e22-b085-257bde4c0fc5", "value": "WinRarer Ransomware" @@ -3782,7 +4073,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/russian-globe-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.5 - 1" }, "uuid": "30771cde-2543-4c13-b722-ff940f235b0f", "value": "Russian Globe Ransomware" @@ -3800,7 +4093,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/zerocrypt-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "10 (7300 $)" }, "uuid": "e999ca18-61cb-4419-a2fa-ab8af6ebe8dc", "value": "ZeroCrypt Ransomware" @@ -3831,7 +4126,9 @@ "RotorCrypt", "RotoCrypt", "Tar Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "7 (2000 - 5000 $)" }, "uuid": "63991ed9-98dc-4f24-a0a6-ff58e489c263", "value": "RotorCrypt(RotoCrypt, Tar) Ransomware" @@ -3849,7 +4146,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/ishtar-ransomware.html" - ] + ], + "payement method": "Email - rubles", + "price": "15 000" }, "uuid": "30cad868-b2f1-4551-8f76-d17695c67d52", "value": "Ishtar Ransomware" @@ -3869,7 +4168,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/masterbuster-ransomware.html", "https://twitter.com/struppigel/status/791943837874651136" - ] + ], + "payement method": "rupies", + "price": "3500 - 5000 - 10 000" }, "uuid": "07f859cd-9c36-4dae-a6fc-fa4e4aa36176", "value": "MasterBuster Ransomware" @@ -3891,7 +4192,9 @@ ], "synonyms": [ "Jack.Pot Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "3" }, "uuid": "04f1772a-053e-4f6e-a9af-3f83ab312633", "value": "JackPot Ransomware" @@ -3911,7 +4214,9 @@ "https://id-ransomware.blogspot.co.il/2016/10/onyx-ransomware.html", "https://twitter.com/struppigel/status/791557636164558848", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28-2016-locky-angry-duck-and-more/" - ] + ], + "payement method": "Bitcoin", + "price": "100 $" }, "uuid": "927a4150-9380-4310-9f68-cb06d8debcf2", "value": "ONYX Ransomeware" @@ -3931,7 +4236,9 @@ "https://id-ransomware.blogspot.co.il/2016/10/ifn643-ransomware.html", "https://twitter.com/struppigel/status/791576159960072192", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28-2016-locky-angry-duck-and-more/" - ] + ], + "payement method": "Bitcoin", + "price": "1000 $" }, "uuid": "ddeab8b3-5df2-414e-9c6b-06b309e1fcf4", "value": "IFN643 Ransomware" @@ -3953,7 +4260,8 @@ "https://id-ransomware.blogspot.co.il/2016/10/alcatraz-locker-ransomware.html", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-4th-2016-cerber-paydos-alcatraz-locker-and-more/", "https://twitter.com/PolarToffee/status/792796055020642304" - ] + ], + "payement method": "Email" }, "uuid": "2ad63264-8f52-4ab4-ad26-ca8c3bcc066e", "value": "Alcatraz Locker Ransomware" @@ -3973,7 +4281,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/esmeralda-ransomware.html", "https://www.bleepingcomputer.com/forums/t/630835/esmeralda-ransomware/" - ] + ], + "payement method": "Email" }, "uuid": "ff5a04bb-d412-4cb3-9780-8d3488b7c268", "value": "Esmeralda Ransomware" @@ -3991,7 +4300,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/encryptile-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.053773" }, "uuid": "56e49b84-a250-4aaf-9f65-412616709652", "value": "EncrypTile Ransomware" @@ -4010,7 +4321,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/fileice-ransomware-survey.html", "https://www.bleepingcomputer.com/news/security/in-dev-ransomware-forces-you-do-to-survey-before-unlocking-computer/" - ] + ], + "payement method": "Game" }, "uuid": "ca5d0e52-d0e4-4aa9-872a-0669433c0dcc", "value": "Fileice Ransomware Survey Ransomware" @@ -4031,7 +4343,9 @@ "https://id-ransomware.blogspot.co.il/2016/10/cryptowire-ransomware.html", "https://twitter.com/struppigel/status/791554654664552448", "https://www.bleepingcomputer.com/news/security/-proof-of-concept-cryptowire-ransomware-spawns-lomix-and-ultralocker-families/" - ] + ], + "payement method": "Bitcoin", + "price": "0.29499335" }, "uuid": "4e6e45c2-8e13-49ad-8b27-e5aeb767294a", "value": "CryptoWire Ransomeware" @@ -4058,7 +4372,8 @@ ], "synonyms": [ "Hungarian Locky Ransomware" - ] + ], + "payement method": "Email" }, "uuid": "74f91a93-4f1e-4603-a6f5-aaa40d2dd311", "value": "Hucky Ransomware" @@ -4078,7 +4393,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/winnix-cryptor-ransomware.html", "https://twitter.com/PolarToffee/status/811940037638111232" - ] + ], + "payement method": "Bitcoin", + "price": "2 - 4" }, "uuid": "e30e663d-d8c8-44f2-8da7-03b1a9c52376", "value": "Winnix Cryptor Ransomware" @@ -4098,7 +4415,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/angryduck-ransomware.html", "https://twitter.com/demonslay335/status/790334746488365057" - ] + ], + "payement method": "Bitcoin", + "price": "10 (7300 $)" }, "uuid": "2813a5c7-530b-492f-8d77-fe7b1ed96a65", "value": "AngryDuck Ransomware" @@ -4118,7 +4437,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/lock93-ransomware.html", "https://twitter.com/malwrhunterteam/status/789882488365678592" - ] + ], + "payement method": "Email", + "price": "1000 rubles" }, "uuid": "2912426d-2a26-4091-a87f-032a6d3d28c1", "value": "Lock93 Ransomware" @@ -4135,7 +4456,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/asn1-encoder-ransomware.html", "https://malwarebreakdown.com/2017/03/02/rig-ek-at-92-53-105-43-drops-asn1-ransomware/" - ] + ], + "payement method": "Bitcoin", + "price": "0.25 - 0.5" }, "uuid": "dd99cc50-91f7-4375-906a-7d09c76ee9f7", "value": "ASN1 Encoder Ransomware" @@ -4154,7 +4477,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/click-me-ransomware.html", "https://www.youtube.com/watch?v=Xe30kV4ip8w" - ] + ], + "payement method": "Email Bitcoin" }, "uuid": "97bdadda-e874-46e6-8672-11dbfe3958c4", "value": "Click Me Ransomware" @@ -4172,7 +4496,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/airacrop-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "e7a5c384-a93c-4ed4-8411-ca1e52396256", "value": "AiraCrop Ransomware" @@ -4198,7 +4524,8 @@ "SHC Ransomware", "SHCLocker", "SyNcryption" - ] + ], + "payement method": "Email" }, "uuid": "d579e5b6-c6fd-43d9-9213-7591cd324f94", "value": "JapanLocker Ransomware" @@ -4218,7 +4545,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/anubis-ransomware.html", "http://nyxbone.com/malware/Anubis.html" - ] + ], + "payement method": "Bitcoin", + "price": "1 - 2.5 - 3" }, "uuid": "a6215279-37d8-47f7-9b1b-efae4178c738", "value": "Anubis Ransomware" @@ -4233,7 +4562,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/xtplocker-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "2" }, "uuid": "eef4bf49-5b1d-463a-aef9-538c5dc2f71f", "value": "XTPLocker 5.0 Ransomware" @@ -4257,7 +4588,9 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-14-2016-exotic-lockydump-comrade-and-more/", "https://www.cyber.nj.gov/threat-profiles/ransomware-variants/exotic-ransomware", "https://id-ransomware.blogspot.co.il/2016/10/exotic-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "50 $" }, "uuid": "eb22cb8d-763d-4cac-af35-46dc4f85317b", "value": "Exotic Ransomware" @@ -4275,7 +4608,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/apt-ransomware-2.html" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "6ec0f43c-6b73-4f5e-bee7-a231572eb994", "value": "APT Ransomware v.2" @@ -4298,7 +4633,9 @@ "synonyms": [ "WS Go Ransonware", "Trojan.Encoder.6491" - ] + ], + "payement method": "Bitcoin", + "price": "0.0523" }, "related": [ { @@ -4326,7 +4663,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/ncrypt-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.2" }, "uuid": "d590865e-f3ae-4381-9d82-3f540f9818cb", "value": "NCrypt Ransomware" @@ -4346,7 +4685,8 @@ "https://id-ransomware.blogspot.co.il/2016/10/venis-ransomware.html", "https://twitter.com/Antelox/status/785849412635521024", "http://pastebin.com/HuK99Xmj" - ] + ], + "payement method": "Email", }, "uuid": "b9cfe6f3-5970-4283-baf4-252e0491b91c", "value": "Venis Ransomware" @@ -4364,7 +4704,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/enigma-2-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "200 $" }, "uuid": "507506a3-3745-47fd-8d31-ef122317c0c2", "value": "Enigma 2 Ransomware" @@ -4383,7 +4725,9 @@ ], "synonyms": [ "Deadly for a Good Purpose Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "500$" }, "uuid": "a25e39b0-b601-403c-bba8-2f595e221269", "value": "Deadly Ransomware" @@ -4403,7 +4747,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/comrade-circle-ransomware.html" - ] + ], + "payement method": "Bitcoin", + "price": "~2" }, "uuid": "db23145a-e15b-4cf7-9d2c-ffa9928750d5", "value": "Comrade Circle Ransomware" @@ -4437,7 +4783,9 @@ ], "synonyms": [ "Purge Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "0.8 - 1" }, "related": [ { @@ -4466,7 +4814,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/kostya-ransomware.html", "http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-14-2016-exotic-lockydump-comrade-and-more/" - ] + ], + "payement method": "PaySafe", + "price": "300 CZK - 2000 CZK after 12 hours" }, "uuid": "7d6f02d2-a626-40f6-81c3-14e3a9a2aea5", "value": "Kostya Ransomware" @@ -4483,8 +4833,10 @@ "https://4.bp.blogspot.com/-nskzYgbg7Ac/V_jpJ3GApqI/AAAAAAAABos/EbG_-BLDPqA9bRVOWdzHjPnDWFiHYlsJwCLcB/s1600/ransom-note.png" ], "refs": [ - "https://id-ransomware.blogspot.co.il/2016/10/fs0ciety-locker-ransomware.htm" - ] + "https://id-ransomware.blogspot.co.il/2016/10/fs0ciety-locker-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1.5" }, "uuid": "ed3a4f8a-49de-40c3-9acb-da1b78f89c4f", "value": "Fs0ciety Locker Ransomware" @@ -4502,7 +4854,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/09/erebus-ransomware.html" - ] + ], + "payement method": "Tor WebSite" }, "uuid": "6a77c96b-1814-427f-83ca-fe7e0e40b1c0", "value": "Erebus Ransomware" @@ -4520,7 +4873,9 @@ "WanaCrypt0r", "WCrypt", "WCRY" - ] + ], + "payement method": "Bitcoin", + "price": "0.1781 (300$ - $600)" }, "related": [ { @@ -4546,7 +4901,8 @@ ], "refs": [ "http://www.nyxbone.com/malware/CryptoHasYou.html" - ] + ], + "payement method": "Email" }, "uuid": "a0ce5d94-a22a-40db-a09f-a796d0bb4006", "value": ".CryptoHasYou." @@ -4568,7 +4924,9 @@ ], "synonyms": [ "Sevleg" - ] + ], + "payement method": "Bitcoin", + "price": "0.1 (37$)" }, "uuid": "cd9e9eaa-0895-4d55-964a-b53eacdfd36a", "value": "777" @@ -4590,7 +4948,9 @@ ], "synonyms": [ "7ev3n-HONE$T" - ] + ], + "payement method": "Bitcoin", + "price": "13 (4980$)" }, "related": [ { @@ -4632,7 +4992,8 @@ ], "refs": [ "https://twitter.com/PolarToffee/status/796079699478900736" - ] + ], + "payement method": "WebSite (onion) - Email" }, "uuid": "77919c1f-4ef8-41cd-a635-2d3118ade1f3", "value": "AiraCrop" @@ -4649,7 +5010,8 @@ ], "refs": [ "https://decrypter.emsisoft.com/al-namrood" - ] + ], + "payement method": "Email" }, "uuid": "0040dca4-bf2e-43cb-89ae-ab1b50f1183d", "value": "Al-Namrood" @@ -4664,8 +5026,12 @@ "README HOW TO DECRYPT YOUR FILES.HTML" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/new-alfa-or-alpha-ransomware-from-the-same-devs-as-cerber/" - ] + "http://www.bleepingcomputer.com/news/security/new-alfa-or-alpha-ransomware-from-the-same-devs-as-cerber/", + +"https://news.softpedia.com/news/cerber-devs-create-new-ransomware-called-alfa-506165.shtml" + ], + "payement method": "Bitcoin", + "price": "1 (650$)" }, "uuid": "888abc95-9e01-4cbc-a6e5-058eb9314f51", "value": "ALFA Ransomware" @@ -4685,7 +5051,9 @@ "https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=d4173312-989b-4721-ad00-8308fff353b3&placement_guid=22f2fe97-c748-4d6a-9e1e-ba3fb1060abe&portal_id=326665&redirect_url=APefjpGnqFjmP_xzeUZ1Y55ovglY1y1ch7CgMDLit5GTHcW9N0ztpnIE-ZReqqv8MDj687_4Joou7Cd2rSx8-De8uhFQAD_Len9QpT7Xvu8neW5drkdtTPV7hAaou0osAi2O61dizFXibewmpO60UUCd5OazCGz1V6yT_3UFMgL0x9S1VeOvoL_ucuER8g2H3f1EfbtYBw5QFWeUmrjk-9dGzOGspyn303k9XagBtF3SSX4YWSyuEs03Vq7Fxb04KkyKc4GJx-igK98Qta8iMafUam8ikg8XKPkob0FK6Pe-wRZ0QVWIIkM&hsutk=34612af1cd87864cf7162095872571d1&utm_referrer=https%3A%2F%2Finfo.phishlabs.com%2Fblog%2Falma-ransomware-analysis-of-a-new-ransomware-threat-and-a-decrypter&canon=https%3A%2F%2Finfo.phishlabs.com%2Fblog%2Falma-ransomware-analysis-of-a-new-ransomware-threat-and-a-decrypter&__hstc=61627571.34612af1cd87864cf7162095872571d1.1472135921345.1472140656779.1472593507113.3&__hssc=61627571.1.1472593507113&__hsfp=1114323283", "https://info.phishlabs.com/blog/alma-ransomware-analysis-of-a-new-ransomware-threat-and-a-decrypter", "http://www.bleepingcomputer.com/news/security/new-alma-locker-ransomware-being-distributed-via-the-rig-exploit-kit/" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "76a08868-345f-4566-a403-5f5e575dfee5", "value": "Alma Ransomware" @@ -4707,7 +5075,9 @@ ], "synonyms": [ "AlphaLocker" - ] + ], + "payement method": "Itunes Gift Cards", + "price": "400$" }, "related": [ { @@ -4732,8 +5102,12 @@ "READ_ME.txt" ], "refs": [ - "https://twitter.com/benkow_/status/747813034006020096" - ] + "https://twitter.com/benkow_/status/747813034006020096", + +"https://www.enigmasoftware.com/ambaransomware-removal/" + ], + "payement method": "Bitcoin", + "price": "Depending on the victim’s situation" }, "uuid": "8dd289d8-71bc-42b0-aafd-540dafa93343", "value": "AMBA" @@ -4749,7 +5123,9 @@ ], "refs": [ "https://twitter.com/BleepinComputer/status/844531418474708993" - ] + ], + "payement method": "Bitcoin", + "price": "3" }, "uuid": "e06526ac-0083-44ab-8787-dd7278746bb6", "value": "AngleWare" @@ -4762,7 +5138,8 @@ ], "synonyms": [ "ngocanh" - ] + ], + "payement method": "Write a FaceBook message" }, "uuid": "5b94100d-83bb-4e30-be7a-6015c00356e0", "value": "Anony" @@ -4793,7 +5170,8 @@ ], "synonyms": [ "Fabiansomeware" - ] + ], + "payement method": "Email - WebSite (onion)" }, "related": [ { @@ -4826,7 +5204,8 @@ ], "refs": [ "http://decrypter.emsisoft.com/download/apocalypsevm" - ] + ], + "payement method": "Email - WebSite (onion)" }, "uuid": "5bc9c3a5-a35f-43aa-a999-fc7cd0685994", "value": "ApocalypseVM" @@ -4843,7 +5222,9 @@ ], "refs": [ "https://decrypter.emsisoft.com/autolocky" - ] + ], + "payement method": "Bitcoin", + "price": "0.5 - 1" }, "uuid": "803fa9e2-8803-409a-b455-3a886c23fae4", "value": "AutoLocky" @@ -4871,7 +5252,9 @@ "https://decrypter.emsisoft.com/badblock", "http://www.nyxbone.com/malware/BadBlock.html", "http://www.nyxbone.com/images/articulos/malware/badblock/5.png" - ] + ], + "payement method": "Bitcoin", + "price": "2 (888,4$)" }, "uuid": "f1a30552-21c1-46be-8b5f-64bd62b03d35", "value": "BadBlock" @@ -4907,7 +5290,8 @@ ], "synonyms": [ "Rakhni" - ] + ], + "payement method": "Email - Telegram" }, "related": [ { @@ -4940,7 +5324,9 @@ ], "synonyms": [ "BaCrypt" - ] + ], + "payement method": "Bitcoin", + "price": "3" }, "related": [ { @@ -4961,8 +5347,11 @@ ".clf" ], "refs": [ - "https://noransom.kaspersky.com/" - ] + "https://noransom.kaspersky.com/", +"https://id-ransomware.blogspot.com/2016/05/bitcryptor-ransomware-aes-256-1-btc.html" + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "b5e9a802-cd17-4cd6-b83d-f36cce009808", "value": "BitCryptor" @@ -4975,8 +5364,11 @@ ".bitstak" ], "refs": [ - "https://download.bleepingcomputer.com/demonslay335/BitStakDecrypter.zip" - ] + "https://download.bleepingcomputer.com/demonslay335/BitStakDecrypter.zip", +"https://id-ransomware.blogspot.com/2016/07/ransomware-007867.html" + ], + "payement method": "Bitcoin", + "price": "0.07867 (40€)" }, "uuid": "33e398fa-2586-415e-9b18-6ea2ea36ff74", "value": "BitStak" @@ -4993,11 +5385,14 @@ "YourID.txt" ], "refs": [ - "http://nyxbone.com/malware/BlackShades.html" + "http://nyxbone.com/malware/BlackShades.html", +"https://id-ransomware.blogspot.com/2016/06/silentshade-ransomware-blackshades.html" ], "synonyms": [ "SilentShade" - ] + ], + "payement method": "Bitcoin", + "price": "0.07 (30$)" }, "uuid": "bf065217-e13a-4f6d-a5b2-ba0750b5c312", "value": "BlackShades Crypter" @@ -5011,7 +5406,9 @@ ], "refs": [ "http://www.bleepingcomputer.com/forums/t/614456/bloccato-ransomware-bloccato-help-support-leggi-questo-filetxt/" - ] + ], + "payement method": "Bitcoin", + "price": "5 - 10" }, "uuid": "a3e1cfec-aacd-4d84-aa7d-99ed6c17f26d", "value": "Blocatto" @@ -5029,7 +5426,12 @@ "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], - "type": "similar" + "type": "similar", + "refs": [ + "https://id-ransomware.blogspot.com/2016/05/booyah-ransomware-1-2-btc.html" + ], + "payement method": "Bitcoin", + "price": "1-2 / 7 after 1 week" } ], "uuid": "eee75995-321f-477f-8b57-eee4eedf4ba3", @@ -5048,7 +5450,9 @@ "refs": [ "http://www.nyxbone.com/malware/brazilianRansom.html", "http://www.nyxbone.com/images/articulos/malware/brazilianRansom/0.png" - ] + ], + "payement method": "Reais", + "price": "2000 (543$)" }, "uuid": "f9cf4f0d-3efc-4d6d-baf2-7dcb96db1279", "value": "Brazilian" @@ -5064,7 +5468,9 @@ ], "refs": [ "https://twitter.com/JakubKroustek/status/821831437884211201" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "d2bc5ec4-1dd1-408a-a6f6-621986657dff", "value": "Brazilian Globe" @@ -5075,7 +5481,9 @@ "encryption": "AES", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/ransomware-explosion-continues-cryptflle2-brlock-mm-locker-discovered" - ] + ], + "payement method": "Phone Number", + "price": "1000 Rubles (15$)" }, "uuid": "889d2296-40d2-49f6-be49-cbdfbcde2246", "value": "BrLock" @@ -5096,7 +5504,9 @@ ], "refs": [ "https://twitter.com/malwrhunterteam/status/845199679340011520" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "8d60dec9-d43f-4d52-904f-40fb67e57ef7", "value": "BTCWare Related to / new version of CryptXXX" @@ -5106,8 +5516,11 @@ "meta": { "encryption": "GOST", "refs": [ - "http://researchcenter.paloaltonetworks.com/2016/05/unit42-bucbi-ransomware-is-back-with-a-ukrainian-makeover/" - ] + "http://researchcenter.paloaltonetworks.com/2016/05/unit42-bucbi-ransomware-is-back-with-a-ukrainian-makeover/", +"https://id-ransomware.blogspot.com/2016/05/bucbi-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "5" }, "uuid": "3510ce65-80e6-4f80-8cde-bb5ad8a271c6", "value": "Bucbi" @@ -5120,6 +5533,10 @@ ], "ransomnotes": [ "BUYUNLOCKCODE.txt" + ], + "refs": [ + +"https://id-ransomware.blogspot.com/2016/05/buyunlockcode-ransomware-rsa-1024.html" ] }, "uuid": "289624c4-1d50-4178-9371-aebd95f423f9", @@ -5136,8 +5553,11 @@ "!Recovery_[random_chars].txt" ], "refs": [ - "http://www.bleepingcomputer.com/forums/t/625820/central-security-treatment-organization-ransomware-help-topic-cry-extension/" - ] + "http://www.bleepingcomputer.com/forums/t/625820/central-security-treatment-organization-ransomware-help-topic-cry-extension/", +"https://id-ransomware.blogspot.com/2016/09/cry-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "Variable / 0.3 - 1.2 / Double after 4 days and 4 hours" }, "related": [ { @@ -5188,7 +5608,9 @@ ], "synonyms": [ "CRBR ENCRYPTOR" - ] + ], + "payement method": "Bitcoin", + "price": "1.24 / 2.48 after 7 days" }, "related": [ { @@ -5217,7 +5639,9 @@ "refs": [ "http://www.bleepingcomputer.com/news/security/chimera-ransomware-decryption-keys-released-by-petya-devs/", "https://blog.malwarebytes.org/threat-analysis/2015/12/inside-chimera-ransomware-the-first-doxingware-in-wild/" - ] + ], + "payement method": "Bitcoin", + "price": "0.939" }, "uuid": "27b036f0-afa3-4984-95b3-47fa344b1aa7", "value": "Chimera" @@ -5227,7 +5651,9 @@ "meta": { "refs": [ "https://twitter.com/JakubKroustek/status/794956809866018816" - ] + ], + "payement method": "Paypal", + "price": "20$" }, "uuid": "af3b3bbb-b54d-49d0-8e58-e9c56762a96b", "value": "Clock" @@ -5242,8 +5668,11 @@ "wallpaper.jpg" ], "refs": [ - "https://noransom.kaspersky.com/" - ] + "https://noransom.kaspersky.com/", +"https://id-ransomware.blogspot.com/2016/05/bitcryptor-ransomware-aes-256-1-btc.html" + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "15941fb1-08f0-4276-a61f-e2a306d6c6b5", "value": "CoinVault" @@ -5262,8 +5691,11 @@ "!!!-WARNING-!!!.txt" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/paying-the-coverton-ransomware-may-not-get-your-data-back/" - ] + "http://www.bleepingcomputer.com/news/security/paying-the-coverton-ransomware-may-not-get-your-data-back/", +"https://id-ransomware.blogspot.com/2016/04/coverton-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "36450e8c-ff66-4ecf-9c0f-fbfb27a72d63", "value": "Coverton" @@ -5307,8 +5739,11 @@ ], "refs": [ "SHTODELATVAM.txt", - "Instructionaga.txt" - ] + "Instructionaga.txt", +"https://id-ransomware.blogspot.com/2016/06/cryfile-ransomware-100.html" + ], + "payement method": "Email", + "price": "100$" }, "uuid": "0d46e21d-8f1c-4355-8205-185fb7e041a7", "value": "CryFile" @@ -5324,13 +5759,16 @@ "!Recovery_[random_chars].txt" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/the-crylocker-ransomware-communicates-using-udp-and-stores-data-on-imgur-com/" + "http://www.bleepingcomputer.com/news/security/the-crylocker-ransomware-communicates-using-udp-and-stores-data-on-imgur-com/", +"https://id-ransomware.blogspot.com/2016/09/cry-ransomware.html" ], "synonyms": [ "Cry", "CSTO", "Central Security Treatment Organization" - ] + ], + "payement method": "Bitcoin", + "price": "Variable / 0.3 - 1.2 / Double after 4 days and 4 hours" }, "related": [ { @@ -5361,8 +5799,11 @@ "README.BMP" ], "refs": [ - "http://blog.trendmicro.com/trendlabs-security-intelligence/crypmic-ransomware-wants-to-follow-cryptxxx/" - ] + "http://blog.trendmicro.com/trendlabs-security-intelligence/crypmic-ransomware-wants-to-follow-cryptxxx/", +"https://id-ransomware.blogspot.com/2016/07/crypmic-ransomware-aes-256.html" + ], + "payement method": "Bitcoin", + "price": "Variable / 0.3 - 1.2 / Double after 4 days and 4 hours" }, "uuid": "82cb7a40-0a78-4414-9afd-028d6b3082ea", "value": "CrypMIC" @@ -5380,7 +5821,9 @@ "https://github.com/pekeinfo/DecryptCrypren", "http://www.nyxbone.com/malware/Crypren.html", "http://www.nyxbone.com/images/articulos/malware/crypren/0.png" - ] + ], + "payement method": "Bitcoin", + "price": "0.1 (45$)" }, "uuid": "a9f05b4e-6b03-4211-a2bd-6b4432eb3388", "value": "Crypren" @@ -5394,8 +5837,11 @@ ], "refs": [ "https://download.bleepingcomputer.com/demonslay335/Crypt38Keygen.zip", - "https://blog.fortinet.com/2016/06/17/buggy-russian-ransomware-inadvertently-allows-free-decryption" - ] + "https://blog.fortinet.com/2016/06/17/buggy-russian-ransomware-inadvertently-allows-free-decryption", +"https://id-ransomware.blogspot.com/2016/06/regist-crypt38-ransomware-aes-1000-15.html" + ], + "payement method": "Rubles", + "price": "1000 (15$)" }, "uuid": "12a96f43-8a8c-410e-aaa3-ba6735276555", "value": "Crypt38" @@ -5405,7 +5851,9 @@ "meta": { "refs": [ "https://twitter.com/jiriatvirlab/status/802554159564062722" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "37edc8d7-c939-4a33-9ed5-dafbbc1e5b1e", "value": "Crypter" @@ -5419,8 +5867,11 @@ "id[_ID]email_xerx@usa.com.scl" ], "refs": [ - "https://www.proofpoint.com/us/threat-insight/post/ransomware-explosion-continues-cryptflle2-brlock-mm-locker-discovered" - ] + "https://www.proofpoint.com/us/threat-insight/post/ransomware-explosion-continues-cryptflle2-brlock-mm-locker-discovered", +"https://id-ransomware.blogspot.com/2016/06/cryptfile2-ransomware-rsa-email.html" + ], + "payement method": "Bitcoin", + "price": "0.5 - 1.5" }, "uuid": "5b0dd136-6428-48c8-b2a6-8e926a82dfac", "value": "CryptFIle2" @@ -5432,8 +5883,11 @@ ".crinf" ], "refs": [ - "https://decrypter.emsisoft.com/" - ] + "https://decrypter.emsisoft.com/", +"https://id-ransomware.blogspot.com/2016/06/cryptfile2-ransomware-rsa-email.html" + ], + "payement method": "Bitcoin", + "price": "0.5 - 1.5" }, "uuid": "2b0d60c3-6560-49ac-baf0-5f642e8a77de", "value": "CryptInfinite" @@ -5447,8 +5901,11 @@ ], "refs": [ "http://www.pandasecurity.com/mediacenter/panda-security/cryptobit/", - "http://news.softpedia.com/news/new-cryptobit-ransomware-could-be-decryptable-503239.shtml" - ] + "http://news.softpedia.com/news/new-cryptobit-ransomware-could-be-decryptable-503239.shtml", +"https://id-ransomware.blogspot.com/2016/04/cryptobit-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1 - 2" }, "related": [ { @@ -5471,8 +5928,11 @@ "HOW_DECRYPT.URL" ], "refs": [ - "https://decrypter.emsisoft.com/" - ] + "https://decrypter.emsisoft.com/", +"https://id-ransomware.blogspot.com/2016/04/cryptodefense-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.9 (500$) - 1.9 (1000$) after 4 days" }, "uuid": "ad9eeff2-91b4-440a-ae74-ab84d3e2075e", "value": "CryptoDefense" @@ -5482,11 +5942,14 @@ "meta": { "refs": [ "http://blog.talosintel.com/2016/07/ranscam.html", - "https://nakedsecurity.sophos.com/2016/07/13/ransomware-that-demands-money-and-gives-you-back-nothing/" + "https://nakedsecurity.sophos.com/2016/07/13/ransomware-that-demands-money-and-gives-you-back-nothing/", +"https://id-ransomware.blogspot.com/search?q=CryptoFinancial" ], "synonyms": [ "Ranscam" - ] + ], + "payement method": "Bitcoin", + "price": "0.2" }, "related": [ { @@ -5509,7 +5972,12 @@ ], "ransomnotes": [ "READ IF YOU WANT YOUR FILES BACK.html" - ] + ], + "refs": [ + "https://id-ransomware.blogspot.com/2016/05/cryptofortress-ransomware-aes-256-1.html", + ], + "payement method": "Bitcoin", + "price": "1" }, "related": [ { @@ -5555,13 +6023,16 @@ "meta": { "encryption": "AES-256 (RAR implementation)", "refs": [ - "http://www.bleepingcomputer.com/news/security/cryptohost-decrypted-locks-files-in-a-password-protected-rar-file/" + "http://www.bleepingcomputer.com/news/security/cryptohost-decrypted-locks-files-in-a-password-protected-rar-file/", +"https://id-ransomware.blogspot.com/2016/04/cryptohost-ransomware.html" ], "synonyms": [ "Manamecrypt", "Telograph", "ROI Locker" - ] + ], + "payement method": "Bitcoin", + "price": "0.33" }, "related": [ { @@ -5586,7 +6057,12 @@ "README!!!.txt", "GetYouFiles.txt", "crjoker.html" - ] + ], + "refs": [ +"https://id-ransomware.blogspot.com/2017/07/cryptojoker-2017-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "100€" }, "related": [ { @@ -5629,7 +6105,8 @@ "meta": { "refs": [ "https://twitter.com/malwrhunterteam/status/839747940122001408" - ] + ], + "payement method": "Email", }, "uuid": "8d5e3b1f-e333-4eed-8dec-d74f19d6bcbb", "value": "CryptoLocker 1.0.0" @@ -5639,7 +6116,9 @@ "meta": { "refs": [ "https://twitter.com/malwrhunterteam/status/782890104947867649" - ] + ], + "payement method": "Bitcoin", + "price": "250€" }, "uuid": "e1412d2a-2a94-4c83-aed0-9e09523514a4", "value": "CryptoLocker 5.1" @@ -5706,7 +6185,9 @@ ], "synonyms": [ "Zeta" - ] + ], + "payement method": "Bitcoin", + "price": "5" }, "related": [ { @@ -5725,7 +6206,9 @@ "meta": { "refs": [ "https://twitter.com/malwrhunterteam/status/817672617658347521" - ] + ], + "payement method": "Bitcoin", + "price": "Some Bitcoins" }, "related": [ { @@ -5750,8 +6233,11 @@ "!Where_are_my_files!.html" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/new-ransomware-called-cryptoroger-that-appends-crptrgr-to-encrypted-files/" - ] + "http://www.bleepingcomputer.com/news/security/new-ransomware-called-cryptoroger-that-appends-crptrgr-to-encrypted-files/", +"https://id-ransomware.blogspot.com/2016/06/cryptoroger-aes-256-0.html" + ], + "payement method": "Bitcoin", + "price": "0.5 (360$)" }, "uuid": "b6fe71ba-b0f4-4cc4-b84c-d3d80a37eada", "value": "CryptoRoger" @@ -5783,8 +6269,11 @@ "ATTENTION.url" ], "refs": [ - "http://www.bleepingcomputer.com/forums/t/617601/cryptoshocker-ransomware-help-and-support-topic-locked-attentionurl/" - ] + "http://www.bleepingcomputer.com/forums/t/617601/cryptoshocker-ransomware-help-and-support-topic-locked-attentionurl/", +"https://id-ransomware.blogspot.com/2016/06/cryptoshocker-ransomware-aes-200.html" + ], + "payement method": "Bitcoin", + "price": "200$" }, "uuid": "545b4b25-763a-4a5c-8dda-12142c00422c", "value": "CryptoShocker" @@ -5800,8 +6289,11 @@ "%Temp%\\.bmp" ], "refs": [ - "http://www.bleepingcomputer.com/forums/t/565020/new-cryptotorlocker2015-ransomware-discovered-and-easily-decrypted/" - ] + "http://www.bleepingcomputer.com/forums/t/565020/new-cryptotorlocker2015-ransomware-discovered-and-easily-decrypted/", +"https://id-ransomware.blogspot.com/2016/04/cryptotorlocker-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.5 (100$)" }, "uuid": "06ec3640-4b93-4e79-a8ec-e24b3d349dd5", "value": "CryptoTorLocker2015" @@ -5825,7 +6317,9 @@ "DECRYPT_INSTRUCTION.TXT", "DECRYPT_INSTRUCTION.URL", "INSTALL_TOR.URL" - ] + ], + "payement method": "Bitcoin", + "price": "1.09 (500$)" }, "uuid": "5559fbc1-52c6-469c-be97-8f8344765577", "value": "CryptoWall 1" @@ -5838,7 +6332,9 @@ "HELP_DECRYPT.PNG", "HELP_DECRYPT.URL", "HELP_DECRYPT.HTML" - ] + ], + "payement method": "Bitcoin", + "price": "1.09 (500$)" }, "uuid": "f2780d22-4410-4a2f-a1c3-f43807ed1f19", "value": "CryptoWall 2" @@ -5855,7 +6351,9 @@ "refs": [ "https://blogs.technet.microsoft.com/mmpc/2015/01/13/crowti-update-cryptowall-3-0/", "https://www.virustotal.com/en/file/45317968759d3e37282ceb75149f627d648534c5b4685f6da3966d8f6fca662d/analysis/" - ] + ], + "payement method": "Bitcoin", + "price": "1.09 (500$)" }, "uuid": "9d35fe47-5f8c-494c-a74f-23a7ac7f44be", "value": "CryptoWall 3" @@ -5869,7 +6367,9 @@ "ransomnotes": [ "HELP_YOUR_FILES.HTML", "HELP_YOUR_FILES.PNG" - ] + ], + "payement method": "Bitcoin", + "price": "1.09 (500$)" }, "uuid": "f7c04ce6-dd30-4a94-acd4-9a3125bcb12e", "value": "CryptoWall 4" @@ -5885,11 +6385,14 @@ ], "refs": [ "https://support.kaspersky.com/viruses/disinfection/8547", - "http://www.bleepingcomputer.com/virus-removal/cryptxxx-ransomware-help-information" + "http://www.bleepingcomputer.com/virus-removal/cryptxxx-ransomware-help-information", +"https://id-ransomware.blogspot.com/2016/04/cryptxxx-ransomware.html" ], "synonyms": [ "CryptProjectXXX" - ] + ], + "payement method": "Bitcoin", + "price": "1.2 (500$) - 2.4" }, "related": [ { @@ -5915,11 +6418,14 @@ "refs": [ "https://support.kaspersky.com/viruses/disinfection/8547", "https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool", - "http://blogs.cisco.com/security/cryptxxx-technical-deep-dive" + "http://blogs.cisco.com/security/cryptxxx-technical-deep-dive", +"https://id-ransomware.blogspot.com/2016/04/cryptxxx-ransomware.html" ], "synonyms": [ "CryptProjectXXX" - ] + ], + "payement method": "Bitcoin", + "price": "1.2 (500$) - 2.4" }, "related": [ { @@ -5946,12 +6452,15 @@ "refs": [ "https://support.kaspersky.com/viruses/disinfection/8547", "http://www.bleepingcomputer.com/news/security/cryptxxx-updated-to-version-3-0-decryptors-no-longer-work/", - "http://blogs.cisco.com/security/cryptxxx-technical-deep-dive" + "http://blogs.cisco.com/security/cryptxxx-technical-deep-dive", +"https://id-ransomware.blogspot.com/2016/04/cryptxxx-ransomware.html" ], "synonyms": [ "UltraDeCrypter", "UltraCrypter" - ] + ], + "payement method": "Bitcoin", + "price": "1.2 (500$) - 2.4" }, "uuid": "60a50fe5-53ea-43f0-8a17-e7134f5fc371", "value": "CryptXXX 3.0" @@ -5964,8 +6473,11 @@ ], "refs": [ "https://support.kaspersky.com/viruses/disinfection/8547", - "https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-samba-other-new-tricks-with-version3100" - ] + "https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-samba-other-new-tricks-with-version3100", +"https://id-ransomware.blogspot.com/2016/04/cryptxxx-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1.2 (500$) - 2.4" }, "uuid": "3f5a76ea-6b83-443e-b26f-b2b2d02d90e0", "value": "CryptXXX 3.1" @@ -5981,8 +6493,10 @@ "README_FOR_DECRYPT.txt" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/ctb-faker-ransomware-does-a-poor-job-imitating-ctb-locker/" - ] + "http://www.bleepingcomputer.com/news/security/ctb-faker-ransomware-does-a-poor-job-imitating-ctb-locker/", +"https://id-ransomware.blogspot.com/2016/09/crypy-ransomware.html" + ], + "payement method": "Email" }, "uuid": "0b0f5f33-1871-461d-8e7e-b5e0ebc82311", "value": "CryPy" @@ -6000,9 +6514,15 @@ "DecryptAllFiles .txt", ".html" ], + "refs": [ + +"https://id-ransomware.blogspot.com/2016/07/ctb-faker-ransomware-008.html" + ], "synonyms": [ "Citroni" - ] + ], + "payement method": "Bitcoin", + "price": "0.08686 (50$)" }, "uuid": "6212bf8f-07db-490a-8cef-ac42042076c1", "value": "CTB-Faker" @@ -6012,8 +6532,11 @@ "meta": { "refs": [ "https://thisissecurity.net/2016/02/26/a-lockpicking-exercise/", - "https://github.com/eyecatchup/Critroni-php" - ] + "https://github.com/eyecatchup/Critroni-php", +"https://id-ransomware.blogspot.com/2016/06/ctb-locker-for-websites-04.html" + ], + "payement method": "Bitcoin", + "price": "0.4 - 0.8" }, "uuid": "555b2c6f-0848-4ac1-9443-e4c20814459a", "value": "CTB-Locker WEB" @@ -6036,7 +6559,9 @@ ], "synonyms": [ "my-Little-Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "1a369bbf-6f03-454c-b507-15abe2a8bbb4", "value": "CuteRansomware" @@ -6046,11 +6571,14 @@ "meta": { "refs": [ "https://twitter.com/struppigel/status/778871886616862720", - "https://twitter.com/struppigel/status/806758133720698881" + "https://twitter.com/struppigel/status/806758133720698881", +"https://id-ransomware.blogspot.com/2016/09/cyber-splitter-vbs-ransomware.html" ], "synonyms": [ "CyberSplitter" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "related": [ { @@ -6075,7 +6603,9 @@ ], "refs": [ "https://twitter.com/JaromirHorejsi/status/815555258478981121" - ] + ], + "payement method": "Bitcoin", + "price": "1.5" }, "uuid": "0f074c07-613d-43cb-bd5f-37c747d39fe2", "value": "Death Bitches" @@ -6102,8 +6632,11 @@ ], "refs": [ "http://www.bleepingcomputer.com/forums/t/617395/dedcryptor-ded-help-support-topic/", - "http://www.nyxbone.com/malware/DEDCryptor.html" - ] + "http://www.nyxbone.com/malware/DEDCryptor.html", +"https://id-ransomware.blogspot.com/2016/06/dedcryptor-ransomware-aes-256rsa-2.html" + ], + "payement method": "Bitcoin", + "price": "2" }, "uuid": "496b6c3c-771a-46cd-8e41-ce7c4168ae20", "value": "DEDCryptor" @@ -6118,8 +6651,11 @@ "HELP_YOUR_FILES.txt" ], "refs": [ - "https://twitter.com/struppigel/status/798573300779745281" - ] + "https://twitter.com/struppigel/status/798573300779745281", +"https://id-ransomware.blogspot.com/2017/10/cryptodemo-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "b314d86f-92bb-4be3-b32a-19d6f8eb55d4", "value": "Demo" @@ -6129,8 +6665,11 @@ "meta": { "encryption": "AES", "refs": [ - "http://www.bleepingcomputer.com/news/security/new-detoxcrypto-ransomware-pretends-to-be-pokemongo-or-uploads-a-picture-of-your-screen/" - ] + "http://www.bleepingcomputer.com/news/security/new-detoxcrypto-ransomware-pretends-to-be-pokemongo-or-uploads-a-picture-of-your-screen/", +"https://id-ransomware.blogspot.com/2016/08/detoxcrypto-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "2 - 3" }, "uuid": "be094d75-eba8-4ff3-91f1-f8cde687e5ed", "value": "DetoxCrypto" @@ -6143,7 +6682,9 @@ ], "refs": [ "https://twitter.com/PolarToffee/status/829727052316160000" - ] + ], + "payement method": "Bitcoin", + "price": "0.05" }, "uuid": "c5b2a0bc-352f-481f-8c35-d378754793c0", "value": "Digisom" @@ -6152,8 +6693,10 @@ "description": "Ransomware", "meta": { "refs": [ - "https://twitter.com/demonslay335/status/752586334527709184" - ] + "https://twitter.com/demonslay335/status/752586334527709184", +"https://id-ransomware.blogspot.com/2016/07/revoyem-dirtydecrypt-ransomware-doc.html" + ], + "payement method": "No ransom" }, "uuid": "5ad8a530-3ab9-48b1-9a75-e1e97b3f77ec", "value": "DirtyDecrypt" @@ -6171,8 +6714,11 @@ "https://decrypter.emsisoft.com/", "https://github.com/hasherezade/dma_unlocker", "https://drive.google.com/drive/folders/0Bzb5kQFOXkiSMm94QzdyM3hCdDg", - "https://blog.malwarebytes.org/threat-analysis/2016/02/dma-locker-a-new-ransomware-but-no-reason-to-panic/" - ] + "https://blog.malwarebytes.org/threat-analysis/2016/02/dma-locker-a-new-ransomware-but-no-reason-to-panic/", +""https://blog.malwarebytes.org/threat-analysis/2016/02/dma-locker-a-new-ransomware-but-no-reason-to-panic/"" + ], + "payement method": "Bitcoin", + "price": "1 - 2 - 4" }, "uuid": "407ebc7c-5b05-488f-862f-b2bf6c562372", "value": "DMALocker" @@ -6184,7 +6730,9 @@ "refs": [ "https://drive.google.com/drive/folders/0Bzb5kQFOXkiSMm94QzdyM3hCdDg", "https://blog.malwarebytes.org/threat-analysis/2016/02/dma-locker-strikes-back/" - ] + ], + "payement method": "Bitcoin", + "price": "1 - 2 (440$)" }, "uuid": "ba39be57-c138-48d5-b46b-d996ff899ffa", "value": "DMALocker 3.0" @@ -6197,7 +6745,9 @@ ], "refs": [ "https://twitter.com/BleepinComputer/status/822500056511213568" - ] + ], + "payement method": "Bitcoin", + "price": "0.5 (864$)" }, "uuid": "45cae006-5d14-4c95-bb5b-dcf5555d7c78", "value": "DNRansomware" @@ -6214,8 +6764,11 @@ ], "refs": [ "http://www.nyxbone.com/malware/Domino.html", - "http://www.bleepingcomputer.com/news/security/the-curious-case-of-the-domino-ransomware-a-windows-crack-and-a-cow/" - ] + "http://www.bleepingcomputer.com/news/security/the-curious-case-of-the-domino-ransomware-a-windows-crack-and-a-cow/", +"https://id-ransomware.blogspot.com/2016/08/domino-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "7cb20800-2033-49a4-bdf8-a7da5a24f7f1", "value": "Domino" @@ -6233,8 +6786,11 @@ "КАК РАСШИФРОВАТЬ ФАЙЛЫ!!!.txt" ], "refs": [ - "https://www.bleepingcomputer.com/forums/t/643330/donotchange-ransomware-id-7es642406cry-do-not-change-the-file-namecryp/" - ] + "https://www.bleepingcomputer.com/forums/t/643330/donotchange-ransomware-id-7es642406cry-do-not-change-the-file-namecryp/", +"https://id-ransomware.blogspot.com/2017/03/donotchange-ransomware.html" + ], + "payement method": "Email", + "price": "250$" }, "uuid": "2e6f4fa6-5fdf-4d69-b764-063d88ba1dd0", "value": "DoNotChange" @@ -6263,8 +6819,10 @@ ], "refs": [ "https://www.bleepingcomputer.com/forums/t/627831/dxxd-ransomware-dxxd-help-support-readmetxt/", - "https://www.bleepingcomputer.com/news/security/the-dxxd-ransomware-displays-legal-notice-before-users-login/" - ] + "https://www.bleepingcomputer.com/news/security/the-dxxd-ransomware-displays-legal-notice-before-users-login/", +"https://id-ransomware.blogspot.com/2016/09/dxxd-ransomware.html" + ], + "payement method": "Email" }, "uuid": "57108b9e-5af8-4797-9924-e424cb5e9903", "value": "DXXD" @@ -6277,13 +6835,15 @@ ".locked" ], "refs": [ - "http://www.utkusen.com/blog/dealing-with-script-kiddies-cryptear-b-incident.html" + "http://www.utkusen.com/blog/dealing-with-script-kiddies-cryptear-b-incident.html", +"https://id-ransomware.blogspot.com/2016/06/hiddentear-2.html" ], "synonyms": [ "Cryptear", "EDA2", "Hidden Tear" - ] + ], + "payement method": "Download Decrypter" }, "related": [ { @@ -6316,11 +6876,13 @@ ], "refs": [ "http://www.filedropper.com/decrypter_1", - "https://twitter.com/JakubKroustek/status/747031171347910656" + "https://twitter.com/JakubKroustek/status/747031171347910656", +"https://id-ransomware.blogspot.com/2016/06/hiddentear-2.html" ], "synonyms": [ "EduCrypter" - ] + ], + "payement method": "Download Decryter" }, "uuid": "826a341a-c329-4e1e-bc9f-5d44c8317557", "value": "EduCrypt" @@ -6334,7 +6896,9 @@ "refs": [ "https://twitter.com/BroadAnalysis/status/845688819533930497", "https://twitter.com/malwrhunterteam/status/845652520202616832" - ] + ], + "payement method": "Bitcoin", + "price": "0.25 (320$)" }, "uuid": "0a24ea0d-3f8a-428a-8b77-ef5281c1ee05", "value": "EiTest" @@ -6350,9 +6914,13 @@ "qwer2.html", "locked.bmp" ], + "refs": [ "https://id-ransomware.blogspot.com/2016/07/el-polocker-ransomware-aes-450-aud.html" + ], "synonyms": [ "Los Pollos Hermanos" - ] + ], + "payement method": "Email", + "price": "450$ - 1000$" }, "uuid": "63d9cb32-a1b9-46c3-818a-df16d8b9e46a", "value": "El-Polocker" @@ -6391,7 +6959,11 @@ ], "ransomnotes": [ "How to recover.enc" - ] + ], + "refs": [ "https://id-ransomware.blogspot.com/2016/11/encryptojjs-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "3e5deef2-bace-40bc-beb1-5d9009233667", "value": "encryptoJJS" @@ -6410,8 +6982,10 @@ "enigma_info.txt" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/the-enigma-ransomware-targets-russian-speaking-users/" - ] + "http://www.bleepingcomputer.com/news/security/the-enigma-ransomware-targets-russian-speaking-users/", +"https://id-ransomware.blogspot.com/2016/05/enigma-ransomware-aes-128-0.html" + ], + "payement method": "WebSite (onion)" }, "uuid": "1b24d240-df72-4388-946b-efa07a9447bb", "value": "Enigma" @@ -6421,7 +6995,8 @@ "meta": { "refs": [ "https://twitter.com/malwrhunterteam/status/839022018230112256" - ] + ], + "payement method": "Bitcoin - Email" }, "uuid": "198891fb-26a4-455a-9719-4130bedba103", "value": "Enjey" @@ -6431,7 +7006,9 @@ "meta": { "refs": [ "http://www.bleepingcomputer.com/news/security/new-fairware-ransomware-targeting-linux-computers/" - ] + ], + "payement method": "Bitcoin", + "price": "2" }, "uuid": "6771b42f-1d95-4b2e-bbb5-9ab703bbaa9d", "value": "Fairware" @@ -6446,8 +7023,11 @@ "READ ME FOR DECRYPT.txt" ], "refs": [ - "https://blog.fortinet.com/post/fakben-team-ransomware-uses-open-source-hidden-tear-code" - ] + "https://blog.fortinet.com/post/fakben-team-ransomware-uses-open-source-hidden-tear-code", +"https://id-ransomware.blogspot.com/2016/07/fakben-team-ransomware-aes-256-1505.html" + ], + "payement method": "Bitcoin", + "price": "1.50520802" }, "uuid": "c308346a-2746-4900-8149-464a09086b55", "value": "Fakben" @@ -6460,7 +7040,9 @@ ], "refs": [ "https://twitter.com/PolarToffee/status/812312402779836416" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "abddc01f-7d76-47d4-985d-ea6d16acccb1", "value": "FakeCryptoLocker" @@ -6482,7 +7064,8 @@ ], "synonyms": [ "Comrad Circle" - ] + ], + "payement method": "Email" }, "uuid": "35be87a5-b498-4693-8b8d-8b17864ac088", "value": "Fantom" @@ -6498,8 +7081,10 @@ ], "refs": [ "https://decrypter.emsisoft.com/fenixlocker", - "https://twitter.com/fwosar/status/777197255057084416" - ] + "https://twitter.com/fwosar/status/777197255057084416", +"https://id-ransomware.blogspot.com/2016/09/fenixlocker-ransomware.html" + ], + "payement method": "Email" }, "uuid": "f9f54046-ed5d-4353-8b81-d92b51f596b4", "value": "FenixLocker" @@ -6508,8 +7093,11 @@ "description": "Ransomware RaaS", "meta": { "refs": [ - "https://twitter.com/rommeljoven17/status/846973265650335744" - ] + "https://twitter.com/rommeljoven17/status/846973265650335744", +"https://id-ransomware.blogspot.com/2017/03/filefrozr-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "2a50f476-7355-4d58-b0ce-4235b2546c90", "value": "FILE FROZR" @@ -6522,7 +7110,9 @@ ], "refs": [ "https://twitter.com/jiriatvirlab/status/836616468775251968" - ] + ], + "payement method": "Bitcoin", + "price": "0.09 (100$ with discount price) - 150$" }, "uuid": "b92bc550-7edb-4f8f-96fc-cf47d437df32", "value": "FileLocker" @@ -6538,8 +7128,11 @@ "[random_chars]-READ_ME.html" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/" - ] + "https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/", +"https://id-ransomware.blogspot.com/2017/01/bleedgreen-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "500$" }, "related": [ { @@ -6560,8 +7153,11 @@ ".locked" ], "refs": [ - "https://twitter.com/malwrhunterteam/status/773771485643149312" - ] + "https://twitter.com/malwrhunterteam/status/773771485643149312", +"https://id-ransomware.blogspot.com/2016/09/flyper-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "1a110f7e-8820-4a9a-86c0-db4056f0b911", "value": "Flyper" @@ -6572,7 +7168,8 @@ "ransomnotes": [ "help-file-decrypt.enc", "/pronk.txt" - ] + ], + "payement method": "Email" }, "uuid": "3d75cb84-2f14-408d-95bd-f1316bf854e6", "value": "Fonco" @@ -6585,7 +7182,7 @@ ] }, "uuid": "2db3aafb-b219-4b52-8dfe-ce41416ebeab", - "value": "FortuneCookie " + "value": "FortuneCookie" }, { "description": "Ransomware Unlock code is: adam or adamdude9", @@ -6594,11 +7191,14 @@ ".madebyadam" ], "refs": [ - "https://twitter.com/BleepinComputer/status/812135608374226944" + "https://twitter.com/BleepinComputer/status/812135608374226944", +"https://id-ransomware.blogspot.com/2016/12/roga-ransomware.html" ], "synonyms": [ "Roga" - ] + ], + "payement method": "Playstore Card (Gift)", + "price": "25£ or 30$" }, "related": [ { @@ -6626,8 +7226,10 @@ "refs": [ "https://www.bleepingcomputer.com/forums/t/628199/fs0ciety-locker-ransomware-help-support-fs0cietyhtml/", "http://www.bleepingcomputer.com/news/security/new-fsociety-ransomware-pays-homage-to-mr-robot/", - "https://twitter.com/siri_urz/status/795969998707720193" - ] + "https://twitter.com/siri_urz/status/795969998707720193", +"https://id-ransomware.blogspot.com/2016/08/fsociety-ransomware.html" + ], + "payement method": "No Ransom - No Descrypter" }, "uuid": "d1e7c0d9-3c96-41b7-a4a2-7eaef64d7b0f", "value": "FSociety" @@ -6651,8 +7253,11 @@ ], "refs": [ "https://download.bleepingcomputer.com/demonslay335/GhostCryptDecrypter.zip", - "http://www.bleepingcomputer.com/forums/t/614197/ghostcrypt-z81928819-help-support-topic-read-this-filetxt/" - ] + "http://www.bleepingcomputer.com/forums/t/614197/ghostcrypt-z81928819-help-support-topic-read-this-filetxt/", +"https://id-ransomware.blogspot.com/2016/05/ghostcrypt-ransomware-aes-256-2-bitcoins.html" + ], + "payement method": "Bitcoin", + "price": "2" }, "uuid": "3b681f76-b0e4-4ba7-a113-5dd87d6ee53b", "value": "GhostCrypt" @@ -6662,7 +7267,8 @@ "meta": { "refs": [ "https://twitter.com/ni_fi_70/status/796353782699425792" - ] + ], + "payement method": "Email" }, "uuid": "c6419971-47f8-4c80-a685-77292ff30fa7", "value": "Gingerbread" @@ -6679,11 +7285,14 @@ ], "refs": [ "https://success.trendmicro.com/portal_kb_articledetail?solutionid=1114221", - "http://www.bleepingcomputer.com/news/security/the-globe-ransomware-wants-to-purge-your-files/" + "http://www.bleepingcomputer.com/news/security/the-globe-ransomware-wants-to-purge-your-files/", +"https://id-ransomware.blogspot.com/2017/07/purge-kind-ransomware.html" ], "synonyms": [ "Purge" - ] + ], + "payement method": "Bitcoin", + "price": "250$" }, "uuid": "b247b6e5-f51b-4bb5-8f5a-1628843abe99", "value": "Globe v1" @@ -6700,8 +7309,12 @@ "UNLOCK_FILES_INSTRUCTIONS.html and .txt" ], "refs": [ - "http://www.bleepingcomputer.com/forums/t/611342/gnl-locker-support-and-help-topic-locked-and-unlock-files-instructionshtml/" - ] + "http://www.bleepingcomputer.com/forums/t/611342/gnl-locker-support-and-help-topic-locked-and-unlock-files-instructionshtml/", + +"http://id-ransomware.blogspot.ru/2016/05/gnl-locker-ransomware-gnl-locker-ip.html" + ], + "payement method": "Bitcoin", + "price": "0.5(190 - 250 $)" }, "related": [ { @@ -6730,8 +7343,10 @@ "!___[EMAILADDRESS]_.crypt" ], "refs": [ - "https://decrypter.emsisoft.com/" - ] + "https://decrypter.emsisoft.com/", +"http://id-ransomware.blogspot.com/2016/05/gomasom-ransonware.html" + ], + "payement method": "Email" }, "uuid": "70b85861-f419-4ad5-9aa6-254db292e043", "value": "Gomasom" @@ -6744,7 +7359,9 @@ ], "refs": [ "http://blog.trendmicro.com/trendlabs-security-intelligence/angler-shift-ek-landscape-new-crytpo-ransomware-activity/" - ] + ], + "payement method": "Bitcoin", + "price": "500 $" }, "uuid": "3229a370-7a09-4b93-ad89-9555a847b1dd", "value": "Goopic" @@ -6765,8 +7382,11 @@ ".Locked" ], "refs": [ - "https://twitter.com/demonslay335/status/806878803507101696" - ] + "https://twitter.com/demonslay335/status/806878803507101696", +"http://id-ransomware.blogspot.com/2016/12/hackedlocker-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.33 - 0.5" }, "uuid": "7f2df0cd-5962-4687-90a2-a49eab2b12bc", "value": "Hacked" @@ -6776,8 +7396,11 @@ "meta": { "encryption": "3DES, AES-128, AES-192, AES-256, DES, RC2, RC4", "refs": [ - "https://twitter.com/malwrhunterteam/status/847114064224497666" - ] + "https://twitter.com/malwrhunterteam/status/847114064224497666", +"http://id-ransomware.blogspot.com/2017/03/happydayzz-blackjocker-ransomware.html" + ], + "payement method": "MoneyPak", + "price": "0.5" }, "uuid": "e71c76f3-8274-4ec5-ac11-ac8b8286d069", "value": "HappyDayzz" @@ -6790,7 +7413,9 @@ ], "refs": [ "https://decrypter.emsisoft.com/" - ] + ], + "payement method": "MoneyPak", + "price": "100 $" }, "uuid": "5cadd11c-002a-4062-bafd-aadb7d740f59", "value": "Harasom" @@ -6801,11 +7426,14 @@ "encryption": "Custom (net shares), XTS-AES (disk)", "refs": [ "https://www.linkedin.com/pulse/mamba-new-full-disk-encryption-ransomware-family-member-marinho", - "blog.trendmicro.com/trendlabs-security-intelligence/bksod-by-ransomware-hddcryptor-uses-commercial-tools-to-encrypt-network-shares-and-lock-hdds/" + "blog.trendmicro.com/trendlabs-security-intelligence/bksod-by-ransomware-hddcryptor-uses-commercial-tools-to-encrypt-network-shares-and-lock-hdds/", + +"http://id-ransomware.blogspot.com/2016/09/hddcryptor-ransomware-mbr.html" ], "synonyms": [ "Mamba" - ] + ], + "payement method": "Email" }, "related": [ { @@ -6824,8 +7452,10 @@ "meta": { "encryption": "AES-128-CBC", "refs": [ - "https://www.bleepingcomputer.com/news/security/heimdall-open-source-php-ransomware-targets-web-servers/" - ] + "https://www.bleepingcomputer.com/news/security/heimdall-open-source-php-ransomware-targets-web-servers/", +"https://id-ransomware.blogspot.com/2016/11/heimdall-ransomware.html" + ], + "payement method": "Bitcoin" }, "uuid": "c6d6ddf0-2afa-4cca-8982-ba2a7c0441ae", "value": "Heimdall" @@ -6838,7 +7468,12 @@ ], "ransomnotes": [ "help_dcfile.txt" - ] + ], + "refs": [ + "http://id-ransomware.blogspot.com/2016/09/helpdcfile-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "2fdc6daa-6b6b-41b9-9a25-1030101478c3", "value": "Help_dcfile" @@ -6851,8 +7486,11 @@ ".herbst" ], "refs": [ - "https://blog.fortinet.com/2016/06/03/cooking-up-autumn-herbst-ransomware" - ] + "https://blog.fortinet.com/2016/06/03/cooking-up-autumn-herbst-ransomware", +"https://id-ransomware.blogspot.com/2016/06/herbst-autumn-ransomware-aes-256-01.html" + ], + "payement method": "Bitcoin", + "price": "0.1" }, "related": [ { @@ -6874,8 +7512,11 @@ ".cry" ], "refs": [ - "http://www.nyxbone.com/malware/hibuddy.html" - ] + "http://www.nyxbone.com/malware/hibuddy.html", +"http://id-ransomware.blogspot.ru/2016/05/hi-buddy-ransomware-aes-256-0.html" + ], + "payement method": "Bitcoin", + "price": "0.77756467" }, "uuid": "a0d6563d-1e98-4e49-9151-39fbeb09ef76", "value": "Hi Buddy!" @@ -6888,8 +7529,11 @@ ], "refs": [ "http://www.bleepingcomputer.com/news/security/development-version-of-the-hitler-ransomware-discovered/", - "https://twitter.com/jiriatvirlab/status/825310545800740864" - ] + "https://twitter.com/jiriatvirlab/status/825310545800740864", +"http://id-ransomware.blogspot.com/2016/08/hitler-ransomware.html" + ], + "payement method": "Vodafone card", + "price": "25 €" }, "uuid": "8807752b-bd26-45a7-ba34-c8ddd8e5781d", "value": "Hitler" @@ -6902,8 +7546,10 @@ "(encrypted)" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/new-python-ransomware-called-holycrypt-discovered/" - ] + "http://www.bleepingcomputer.com/news/security/new-python-ransomware-called-holycrypt-discovered/", +"https://id-ransomware.blogspot.com/2016/07/holycrypt-ransomware.html" + ], + "payement method": "Link (onion)" }, "related": [ { @@ -6922,7 +7568,9 @@ "meta": { "refs": [ "https://twitter.com/BleepinComputer/status/803288396814839808" - ] + ], + "payement method": "Bitcoin", + "price": "vary" }, "uuid": "728aecfc-9b99-478f-a0a3-8c0fb6896353", "value": "HTCryptor" @@ -6938,8 +7586,11 @@ ], "refs": [ "https://decrypter.emsisoft.com/", - "http://www.malware-traffic-analysis.net/2016/02/03/index2.html" - ] + "http://www.malware-traffic-analysis.net/2016/02/03/index2.html", +"https://id-ransomware.blogspot.com/2016/06/hydracrypt-ransomware-aes-256-cbc-rsa.html" + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "335c3ab6-8f2c-458c-92a3-2f3a09a6064c", "value": "HydraCrypt" @@ -6952,7 +7603,8 @@ ], "refs": [ "https://twitter.com/BleepinComputer/status/817085367144873985" - ] + ], + "payement method": "Website onion" }, "uuid": "68e90fa4-ea66-4159-b454-5f48fdae3d89", "value": "iLock" @@ -6962,7 +7614,9 @@ "meta": { "extensions": [ ".crime" - ] + ], + "payement method": "Bitcoin", + "price": "300 $" }, "uuid": "cb374ee8-76c0-4db8-9026-a57a51d9a0a1", "value": "iLockLight" @@ -6978,7 +7632,9 @@ ], "refs": [ "http://download.bleepingcomputer.com/Nathan/StopPirates_Decrypter.exe" - ] + ], + "payement method": "Bitcoin", + "price": "100 $" }, "uuid": "a66fbb1e-ba59-48c1-aac8-8678b4a98dc1", "value": "International Police Association" @@ -6990,8 +7646,11 @@ ".Locked" ], "refs": [ - "https://twitter.com/demonslay335/status/796134264744083460" - ] + "https://twitter.com/demonslay335/status/796134264744083460", +"http://id-ransomware.blogspot.com/2016/11/iransom-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.15" }, "uuid": "4514ecd4-850d-446f-82cb-0668d2c94ffa", "value": "iRansom" @@ -7007,7 +7666,9 @@ ], "refs": [ "https://twitter.com/JakubKroustek/status/757873976047697920" - ] + ], + "payement method": "Bitcoin", + "price": "50 $" }, "uuid": "25a086aa-e25c-4190-a848-69d9f46fd8ab", "value": "JagerDecryptor" @@ -7026,7 +7687,9 @@ "synonyms": [ "Encryptor RaaS", "Sarento" - ] + ], + "payement method": "Bitcoin", + "price": "0.046627" }, "uuid": "50014fe7-5efd-4639-82ef-30d36f4d2918", "value": "Jeiphoos" @@ -7040,7 +7703,9 @@ "refs": [ "https://download.bleepingcomputer.com/demonslay335/DoNotOpenDecrypter.zip", "https://twitter.com/BleepinComputer/status/822509105487245317" - ] + ], + "payement method": "PaySafeCard", + "price": "0.1" }, "uuid": "fedd7285-d4bd-4411-985e-087954cee96d", "value": "Jhon Woddy" @@ -7073,11 +7738,14 @@ "refs": [ "http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the-ransom/", "https://www.helpnetsecurity.com/2016/04/20/jigsaw-crypto-ransomware/", - "https://twitter.com/demonslay335/status/795819556166139905" + "https://twitter.com/demonslay335/status/795819556166139905", +"https://id-ransomware.blogspot.com/2016/04/jigsaw-ransomware.html" ], "synonyms": [ "CryptoHitMan" - ] + ], + "payement method": "PaySafeCard", + "price": "0.4 (150 $)" }, "related": [ { @@ -7106,14 +7774,24 @@ "refs": [ "http://www.nyxbone.com/malware/jobcrypter.html", "http://forum.malekal.com/jobcrypter-geniesanstravaille-extension-locked-crypto-ransomware-t54381.html", - "https://twitter.com/malwrhunterteam/status/828914052973858816" - ] + "https://twitter.com/malwrhunterteam/status/828914052973858816", + +"http://id-ransomware.blogspot.com/2016/05/jobcrypter-ransomware.html" + ], + "payement method": "PaySafeCard", + "price": "300 €" }, "uuid": "7c9a273b-1534-4a13-b201-b7a782b6c32a", "value": "Job Crypter" }, { "description": "Ransomware", +"meta": { + "refs": [ + "http://id-ransomware.blogspot.com/2016/04/johnycryptor-ransomware.html" + ], + "payement method": "Email" + }, "uuid": "5af5be3e-549f-4485-8c2e-1459d4e5c7d7", "value": "JohnyCryptor" }, @@ -7124,8 +7802,11 @@ "How Decrypt Files.txt" ], "refs": [ - "https://safezone.cc/resources/kawaii-decryptor.195/" - ] + "https://safezone.cc/resources/kawaii-decryptor.195/", +"http://id-ransomware.blogspot.com/2016/09/kawaiilocker-ransomware.html" + ], + "payement method": "rubles", + "price": "6 000" }, "uuid": "b6d0ea4d-4e55-4b42-9d60-485d605d6c49", "value": "KawaiiLocker" @@ -7139,8 +7820,11 @@ ], "refs": [ "http://news.drweb.com/show/?i=9877&lng=en&c=5", - "http://www.welivesecurity.com/2016/03/07/new-mac-ransomware-appears-keranger-spread-via-transmission-app/" - ] + "http://www.welivesecurity.com/2016/03/07/new-mac-ransomware-appears-keranger-spread-via-transmission-app/", +"https://id-ransomware.blogspot.com/2016/03/keranger-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1" }, "related": [ { @@ -7167,7 +7851,8 @@ ], "refs": [ "https://decrypter.emsisoft.com/" - ] + ], + "payement method": "Email" }, "uuid": "3964e617-dde5-4c95-b4a0-e7c19c6e7d7f", "value": "KeyBTC" @@ -7180,8 +7865,11 @@ "how_decrypt.html" ], "refs": [ - "http://www.bleepingcomputer.com/forums/t/559463/keyholder-ransomware-support-and-help-topic-how-decryptgifhow-decrypthtml" - ] + "http://www.bleepingcomputer.com/forums/t/559463/keyholder-ransomware-support-and-help-topic-how-decryptgifhow-decrypthtml", +"https://id-ransomware.blogspot.com/2016/06/keyholder-ransomware-xor-cfb-cipher.html" + ], + "payement method": "Bitcoin", + "price": "1.5 (500 $)" }, "uuid": "66eda328-9408-4e98-ad27-572fd6b2acd8", "value": "KEYHolder" @@ -7193,8 +7881,10 @@ ".rip" ], "refs": [ - "https://twitter.com/malwrhunterteam/status/782232299840634881" - ] + "https://twitter.com/malwrhunterteam/status/782232299840634881", +"http://id-ransomware.blogspot.com/2016/10/killerlocker-ransomware.html" + ], + "payement method": "Bitcoin" }, "uuid": "ea8e7350-f243-4ef7-bc31-4648df8a4d96", "value": "KillerLocker" @@ -7209,8 +7899,12 @@ ], "refs": [ "https://blog.fortinet.com/post/kimcilware-ransomware-how-to-decrypt-encrypted-files-and-who-is-behind-it", - "http://www.bleepingcomputer.com/news/security/the-kimcilware-ransomware-targets-web-sites-running-the-magento-platform/" - ] + "http://www.bleepingcomputer.com/news/security/the-kimcilware-ransomware-targets-web-sites-running-the-magento-platform/", + +"http://id-ransomware.blogspot.com/2016/04/kimcilware-ransomware.html" + ], + "payement method": "Dollars", + "price": "140 - 415" }, "uuid": "950e2514-8a7e-4fdb-a3ad-5679f6342e5d", "value": "KimcilWare" @@ -7226,8 +7920,11 @@ "ReadMe.txt" ], "refs": [ - "http://www.nyxbone.com/malware/koreanRansom.html" - ] + "http://www.nyxbone.com/malware/koreanRansom.html", +"http://id-ransomware.blogspot.com/2016/08/korean-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "4febffe0-3837-41d7-b95f-e26d126275e4", "value": "Korean" @@ -7245,11 +7942,13 @@ ], "refs": [ "http://www.nyxbone.com/malware/KozyJozy.html", - "http://www.bleepingcomputer.com/forums/t/617802/kozyjozy-ransomware-help-support-wjpg-31392e30362e32303136-num-lsbj1/" + "http://www.bleepingcomputer.com/forums/t/617802/kozyjozy-ransomware-help-support-wjpg-31392e30362e32303136-num-lsbj1/", +"https://id-ransomware.blogspot.com/2016/06/kozy.html" ], "synonyms": [ "QC" - ] + ], + "payement method": "Email" }, "uuid": "47b5d261-11bd-4c7b-91f9-e5651578026a", "value": "Kozy.Jozy" @@ -7264,8 +7963,11 @@ "README_ALL.html" ], "refs": [ - "https://twitter.com/demonslay335/status/746090483722686465" - ] + "https://twitter.com/demonslay335/status/746090483722686465", +"https://id-ransomware.blogspot.com/2016/06/kratoscrypt-ransomware-aes-256-0.html" + ], + "payement method": "Bitcoin", + "price": "0.03" }, "uuid": "cc819741-830b-4859-bb7c-ccedf3356acd", "value": "KratosCrypt" @@ -7276,7 +7978,11 @@ "encryption": "AES-256", "ransomnotes": [ "KryptoLocker_README.txt" - ] + ], + "refs": [ + "https://id-ransomware.blogspot.com/2016/07/kryptolocker-ransomware-aes-256.html" + ], + "payement method": "ransom" }, "uuid": "e68d4f37-704a-4f8e-9718-b12039fbe424", "value": "KryptoLocker" @@ -7288,8 +7994,11 @@ "@__help__@" ], "refs": [ - "https://twitter.com/struppigel/status/847689644854595584" - ] + "https://twitter.com/struppigel/status/847689644854595584", +"http://id-ransomware.blogspot.com/2017/03/lanran-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "9e152871-fb16-475d-bf3b-f3b870d0237a", "value": "LanRan" @@ -7305,8 +8014,10 @@ ], "refs": [ "https://decrypter.emsisoft.com/lechiffre", - "https://blog.malwarebytes.org/threat-analysis/2016/01/lechiffre-a-manually-run-ransomware/" - ] + "https://blog.malwarebytes.org/threat-analysis/2016/01/lechiffre-a-manually-run-ransomware/", +"http://id-ransomware.blogspot.com/2016/05/lechiffre-ransomware.html" + ], + "payement method": "Email" }, "uuid": "ea1ba874-07e6-4a6d-82f0-e4ce4210e34e", "value": "LeChiffre" @@ -7321,8 +8032,11 @@ "RANSOM_NOTE.txt" ], "refs": [ - "https://twitter.com/JakubKroustek/status/842404866614038529" - ] + "https://twitter.com/JakubKroustek/status/842404866614038529", +"https://www.2-spyware.com/remove-lick-ransomware-virus.html" + ], + "payement method": "Monero", + "price": "50 - 500" }, "uuid": "f2e76070-0cea-4c9c-8d6b-1d847e777575", "value": "Lick" @@ -7335,7 +8049,9 @@ ], "synonyms": [ "Linux.Encoder.{0,3}" - ] + ], + "payement method": "Bitcoin", + "price": "1 (450 $)" }, "uuid": "b4992483-a693-4e73-b39e-0f45c9f645b5", "value": "Linux.Encoder" @@ -7344,8 +8060,11 @@ "description": "Ransomware Based on HiddenTear", "meta": { "refs": [ - "https://twitter.com/malwrhunterteam/status/845183290873044994" - ] + "https://twitter.com/malwrhunterteam/status/845183290873044994", +"http://id-ransomware.blogspot.com/2017/03/lk-encryption-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "af52badb-3211-42b0-a1ac-e4d35d5829d7", "value": "LK Encryption" @@ -7362,8 +8081,11 @@ "LEAME.txt" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/new-lltp-ransomware-appears-to-be-a-rewritten-venus-locker/" - ] + "https://www.bleepingcomputer.com/news/security/new-lltp-ransomware-appears-to-be-a-rewritten-venus-locker/", +"http://id-ransomware.blogspot.com/2017/03/lltp-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.2 (200 $)" }, "uuid": "0cec6928-80c7-4085-ba47-cdc52177dfd3", "value": "LLTP Locker" @@ -7372,8 +8094,12 @@ "description": "Ransomware has GUI", "meta": { "refs": [ - "http://www.bleepingcomputer.com/forums/t/577246/locker-ransomware-support-and-help-topic/page-32#entry3721545" - ] + "http://www.bleepingcomputer.com/forums/t/577246/locker-ransomware-support-and-help-topic/page-32#entry3721545", + +"https://id-ransomware.blogspot.com/2016/04/locker-ransomware-2015.html" + ], + "payement method": "Bitcoin", + "price": "0.1" }, "uuid": "abc7883c-244a-44ac-9c86-559dafa4eb63", "value": "Locker" @@ -7389,8 +8115,11 @@ "READ_ME.TXT" ], "refs": [ - "https://www.bleepingcomputer.com/forums/t/626750/locklock-ransomware-locklock-help-support/" - ] + "https://www.bleepingcomputer.com/forums/t/626750/locklock-ransomware-locklock-help-support/", + +"https://id-ransomware.blogspot.com/2016/09/locklock-ransomware.html" + ], + "payement method": "Email" }, "uuid": "7850bf92-394b-443b-8830-12f9ddbb50dc", "value": "LockLock" @@ -7435,8 +8164,12 @@ "http://www.bleepingcomputer.com/news/security/new-locky-version-adds-the-zepto-extension-to-encrypted-files/", "http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-spotted-in-the-brazilian-underground-market-uses-windows-script-files/", "https://nakedsecurity.sophos.com/2016/10/06/odin-ransomware-takes-over-from-zepto-and-locky/", - "https://www.bleepingcomputer.com/news/security/locky-ransomware-switches-to-egyptian-mythology-with-the-osiris-extension/" - ] + "https://www.bleepingcomputer.com/news/security/locky-ransomware-switches-to-egyptian-mythology-with-the-osiris-extension/", + +"https://id-ransomware.blogspot.com/2016/02/locky.html" + ], + "payement method": "Bitcoin", + "price": "3 - 5 - 7" }, "related": [ { @@ -7455,7 +8188,12 @@ "meta": { "extensions": [ ".crime" - ] + ], + "refs": [ +"https://id-ransomware.blogspot.com/2016/06/lortok-ransomware-aes-256-5.html" + ], + "payement method": "Dollars", + "price": "5" }, "uuid": "bc23872a-7cd3-4a66-9d25-6b4e6f90cc4e", "value": "Lortok" @@ -7465,7 +8203,12 @@ "meta": { "extensions": [ "oor." - ] + ], + "refs": [ +"http://id-ransomware.blogspot.com/2016/04/lowlevel04-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "4" }, "uuid": "d4fb0463-6cd1-45ac-a7d2-6eea8be39590", "value": "LowLevel04" @@ -7474,19 +8217,35 @@ "description": "Ransomware Does not encrypt Unlock code=suckmydicknigga", "meta": { "refs": [ - "https://twitter.com/jiriatvirlab/status/808015275367002113" - ] + "https://twitter.com/jiriatvirlab/status/808015275367002113", +"http://id-ransomware.blogspot.com/2016/12/m4n1f3sto-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.3" }, "uuid": "f5d19af8-1c85-408b-818e-db50208d62b1", "value": "M4N1F3STO" }, { "description": "Ransomware OS X ransomware (PoC)", +"meta": { + "refs": [ + "https://www.youtube.com/watch?v=9nJv_PN2m1Y" + ], + "payement method": "Bitcoin" + }, "uuid": "f9214319-6ad4-4c4e-bc6d-fb710f61da48", "value": "Mabouia" }, { "description": "Ransomware Based on HiddenTear", + "meta": { + "refs": [ + "http://id-ransomware.blogspot.com/2017/03/macandchess-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.5" + }, "uuid": "fae8bf6e-47d1-4449-a1c6-761a4970fc38", "value": "MacAndChess" }, @@ -7500,7 +8259,12 @@ "ransomnotes": [ "DECRYPT_ReadMe1.TXT", "DECRYPT_ReadMe.TXT" - ] + ], + "refs": [ + "http://id-ransomware.blogspot.com/2016/04/magic-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1 - 2" }, "uuid": "31fa83fc-8247-4347-940a-e463acd66bac", "value": "Magic" @@ -7516,8 +8280,12 @@ "_DECRYPT_INFO_[extension pattern].html" ], "refs": [ - "https://blog.malwarebytes.org/threat-analysis/2016/03/maktub-locker-beautiful-and-dangerous/" - ] + "https://blog.malwarebytes.org/threat-analysis/2016/03/maktub-locker-beautiful-and-dangerous/", + +"http://id-ransomware.blogspot.com/2016/04/maktub-locker-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1.4 - 3.9" }, "uuid": "ef6ceb04-243e-4783-b476-8e8e9f06e8a7", "value": "MaktubLocker" @@ -7535,8 +8303,12 @@ ], "refs": [ "https://securelist.ru/blog/issledovaniya/29376/polyglot-the-fake-ctb-locker/", - "https://www.proofpoint.com/us/threat-insight/post/MarsJoke-Ransomware-Mimics-CTB-Locker" - ] + "https://www.proofpoint.com/us/threat-insight/post/MarsJoke-Ransomware-Mimics-CTB-Locker", + +"http://id-ransomware.blogspot.com/2016/09/jokefrommars-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.7 - 1.1" }, "uuid": "933bd53f-5ccf-4262-a70c-c01a6f05af3e", "value": "MarsJoke" @@ -7546,7 +8318,9 @@ "meta": { "refs": [ "https://twitter.com/siri_urz/status/840913419024945152" - ] + ], + "payement method": "Bitcoin", + "price": "0.1" }, "uuid": "ce5a82ef-d2a3-405c-ac08-3dca71057eb5", "value": "Meister" @@ -7559,8 +8333,10 @@ "readme_your_files_have_been_encrypted.txt" ], "refs": [ - "https://twitter.com/malwrhunterteam/status/844614889620561924" - ] + "https://twitter.com/malwrhunterteam/status/844614889620561924", +"http://id-ransomware.blogspot.com/2017/03/meteoritan-ransomware.html" + ], + "payement method": "Email" }, "uuid": "34f292d9-cb68-4bcf-a3db-a717362aca77", "value": "Meteoritan" @@ -7576,11 +8352,14 @@ "http://www.bleepingcomputer.com/forums/t/618457/microcop-ransomware-help-support-lock-mircop/", "https://www.avast.com/ransomware-decryption-tools#!", "http://blog.trendmicro.com/trendlabs-security-intelligence/instruction-less-ransomware-mircop-channels-guy-fawkes/", - "http://www.nyxbone.com/malware/Mircop.html" + "http://www.nyxbone.com/malware/Mircop.html", +"https://id-ransomware.blogspot.com/2016/06/mircop-ransomware-4848.html" ], "synonyms": [ "Crypt888" - ] + ], + "payement method": "Bitcoin", + "price": "48.48" }, "uuid": "7dd326a5-1168-4309-98b1-f2146d9cf8c7", "value": "MIRCOP" @@ -7595,7 +8374,12 @@ ], "ransomnotes": [ "READ_IT.txt" - ] + ], + "refs": [ + +"http://id-ransomware.blogspot.com/2016/05/mireware-ransomware.html" + ], + "payement method": "Bitcoin - Email" }, "uuid": "9f01ded7-99f6-4863-b3a3-9d32aabf96c3", "value": "MireWare" @@ -7611,11 +8395,14 @@ "YOUR_FILES_ARE_ENCRYPTED.TXT " ], "refs": [ - "http://www.bleepingcomputer.com/news/security/petya-is-back-and-with-a-friend-named-mischa-ransomware/" + "http://www.bleepingcomputer.com/news/security/petya-is-back-and-with-a-friend-named-mischa-ransomware/", +"https://id-ransomware.blogspot.com/2016/05/petya-mischa-ransomware.html" ], "synonyms": [ "\"Petya's little brother\"" - ] + ], + "payement method": "Bitcoin", + "price": "1.9338" }, "uuid": "a029df89-2bb1-409d-878b-a67572217a65", "value": "Mischa" @@ -7631,11 +8418,15 @@ "READ_IT.txt" ], "refs": [ - "https://www.proofpoint.com/us/threat-insight/post/ransomware-explosion-continues-cryptflle2-brlock-mm-locker-discovered" + "https://www.proofpoint.com/us/threat-insight/post/ransomware-explosion-continues-cryptflle2-brlock-mm-locker-discovered", + +"https://id-ransomware.blogspot.com/2016/06/mm-locker-ransomware-aes-2256-1.html" ], "synonyms": [ "Booyah" - ] + ], + "payement method": "Bitcoin", + "price": "1.011 (400 $)" }, "related": [ { @@ -7663,12 +8454,16 @@ "refs": [ "http://nyxbone.com/malware/Mobef.html", "http://researchcenter.paloaltonetworks.com/2016/07/unit42-cryptobit-another-ransomware-family-gets-an-update/", - "http://nyxbone.com/images/articulos/malware/mobef/0.png" + "http://nyxbone.com/images/articulos/malware/mobef/0.png", + +"http://id-ransomware.blogspot.com/2016/05/mobef-yakes-ransomware-4-bitcoins-2000.html" ], "synonyms": [ "Yakes", "CryptoBit" - ] + ], + "payement method": "Bitcoin", + "price": "4" }, "related": [ { @@ -7687,7 +8482,9 @@ "meta": { "refs": [ "https://twitter.com/malwrhunterteam/status/844826339186135040" - ] + ], + "payement method": "Bitcoin", + "price": "0.15 - 0.2" }, "uuid": "2702fb96-8118-4519-bd75-23eed40f25e9", "value": "Monument" @@ -7701,7 +8498,9 @@ "refs": [ "https://twitter.com/JakubKroustek/status/815961663644008448", "https://www.youtube.com/watch?v=dAVMgX8Zti4&feature=youtu.be&list=UU_TMZYaLIgjsdJMwurHAi4Q" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "8ec55495-fb31-49c7-a720-40250b5e085f", "value": "N-Splitter" @@ -7714,8 +8513,11 @@ ], "refs": [ "https://twitter.com/demonslay335/status/790608484303712256", - "https://twitter.com/demonslay335/status/831891344897482754" - ] + "https://twitter.com/demonslay335/status/831891344897482754", +"http://id-ransomware.blogspot.com/2016/09/n1n1n1-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1.5" }, "uuid": "a439b37b-e123-4b1d-9400-94aca70b223a", "value": "n1n1n1" @@ -7728,8 +8530,11 @@ "ATTENTION.RTF" ], "refs": [ - "http://github.com/Cyberclues/nanolocker-decryptor" - ] + "http://github.com/Cyberclues/nanolocker-decryptor", +"https://id-ransomware.blogspot.com/2016/06/nanolocker-ransomware-aes-256-rsa-01.html" + ], + "payement method": "Bitcoin", + "price": "0.1 (43 $)" }, "related": [ { @@ -7757,8 +8562,11 @@ "https://decrypter.emsisoft.com/nemucod", "https://github.com/Antelox/NemucodFR", "http://www.bleepingcomputer.com/news/security/decryptor-released-for-the-nemucod-trojans-crypted-ransomware/", - "https://blog.cisecurity.org/malware-analysis-report-nemucod-ransomware/" - ] + "https://blog.cisecurity.org/malware-analysis-report-nemucod-ransomware/", +"http://id-ransomware.blogspot.com/2016/04/nemucod-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.39983 - 4" }, "uuid": "f1ee9ae8-b798-4e6f-8f98-874395d0fa18", "value": "Nemucod" @@ -7770,11 +8578,14 @@ "AES-256" ], "refs": [ - "http://blog.trendmicro.com/trendlabs-security-intelligence/netflix-scam-delivers-ransomware/" + "http://blog.trendmicro.com/trendlabs-security-intelligence/netflix-scam-delivers-ransomware/", +"https://id-ransomware.blogspot.com/2017/01/netflix-ransomware.html" ], "synonyms": [ "RANSOM_NETIX.A" - ] + ], + "payement method": "Bitcoin", + "price": "0.18 (100 $)" }, "uuid": "5d3ec71e-9e0f-498a-aa33-0433799e80b4", "value": "Netix" @@ -7787,8 +8598,11 @@ "HELP_ME_PLEASE.txt" ], "refs": [ - "https://twitter.com/demonslay335/status/839221457360195589" - ] + "https://twitter.com/demonslay335/status/839221457360195589", +"http://id-ransomware.blogspot.com/2017/03/nhtnwcuf-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "1d8e8ca3-da2a-494c-9db3-5b1b6277c363", "value": "Nhtnwcuf" @@ -7806,12 +8620,15 @@ ], "refs": [ "https://decrypter.emsisoft.com/nmoreira", - "https://twitter.com/fwosar/status/803682662481174528" + "https://twitter.com/fwosar/status/803682662481174528", +"id-ransomware.blogspot.com/2016/11/nmoreira-ransomware.html" ], "synonyms": [ "XRatTeam", "XPan" - ] + ], + "payement method": "Bitcoin", + "price": "0.5 - 1.5" }, "uuid": "51f00a39-f4b9-4ed2-ba0d-258c6bf3f71a", "value": "NMoreira" @@ -7821,8 +8638,11 @@ "meta": { "refs": [ "https://twitter.com/JakubKroustek/status/757267550346641408", - "https://www.bleepingcomputer.com/news/security/noobcrypt-ransomware-dev-shows-noobness-by-using-same-password-for-everyone/" - ] + "https://www.bleepingcomputer.com/news/security/noobcrypt-ransomware-dev-shows-noobness-by-using-same-password-for-everyone/", +"https://id-ransomware.blogspot.com/2016/07/noobcrypt-ransomare-250-nzd.html" + ], + "payement method": "Bitcoin", + "price": "250 NZD (299 $)" }, "uuid": "aeb76911-ed45-4bf2-9a60-e023386e02a4", "value": "NoobCrypt" @@ -7837,7 +8657,11 @@ "ransomnotes": [ "!!_RECOVERY_instructions_!!.html", "!!_RECOVERY_instructions_!!.txt" - ] + ], + "refs": [ + "http://id-ransomware.blogspot.com/2016/10/nuke-ransomware.html" + ], + "payement method": "Email" }, "uuid": "e0bcb7d2-6032-43a0-b490-c07430d8a598", "value": "Nuke" @@ -7850,8 +8674,11 @@ ], "refs": [ "https://download.bleepingcomputer.com/demonslay335/NullByteDecrypter.zip", - "https://www.bleepingcomputer.com/news/security/the-nullbyte-ransomware-pretends-to-be-the-necrobot-pokemon-go-application/" - ] + "https://www.bleepingcomputer.com/news/security/the-nullbyte-ransomware-pretends-to-be-the-necrobot-pokemon-go-application/", +"http://id-ransomware.blogspot.com/2016/08/nullbyte-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.1" }, "uuid": "460b700b-5d03-43f9-99e7-916ff180a036", "value": "Nullbyte" @@ -7871,8 +8698,11 @@ "http://download.bleepingcomputer.com/BloodDolly/ODCODCDecoder.zip", "http://www.nyxbone.com/malware/odcodc.html", "https://twitter.com/PolarToffee/status/813762510302183424", - "http://www.nyxbone.com/images/articulos/malware/odcodc/1c.png" - ] + "http://www.nyxbone.com/images/articulos/malware/odcodc/1c.png", +"http://id-ransomware.blogspot.com/2016/05/odcodc-ransomware-rsa-2048.html" + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "f90724e4-c148-4479-ae1a-109498b4688f", "value": "ODCODC" @@ -7895,7 +8725,8 @@ "synonyms": [ "Vipasana", "Cryakl" - ] + ], + "payement method": "Email" }, "related": [ { @@ -7928,7 +8759,9 @@ ], "synonyms": [ "GPCode" - ] + ], + "payement method": "Bitcoin", + "price": "100 $" }, "related": [ { @@ -7950,7 +8783,9 @@ ], "refs": [ "http://news.thewindowsclub.com/operation-global-iii-ransomware-decryption-tool-released-70341/" - ] + ], + "payement method": "Bitcoin", + "price": "250 $" }, "uuid": "e5800883-c663-4eb0-b05e-6034df5bc6e0", "value": "Operation Global III" @@ -7966,11 +8801,14 @@ "log.txt" ], "refs": [ - "https://twitter.com/JakubKroustek/status/842342996775448576" + "https://twitter.com/JakubKroustek/status/842342996775448576", +"https://id-ransomware.blogspot.com/2016/10/cryptowire-ransomware.html" ], "synonyms": [ "CryptoWire" - ] + ], + "payement method": "Bitcoin", + "price": "0.29499335" }, "related": [ { @@ -7996,8 +8834,12 @@ ], "refs": [ "http://www.bleepingcomputer.com/news/security/padcrypt-the-first-ransomware-with-live-support-chat-and-an-uninstaller/", - "https://twitter.com/malwrhunterteam/status/798141978810732544" - ] + "https://twitter.com/malwrhunterteam/status/798141978810732544", + +"http://id-ransomware.blogspot.com/2016/04/padcrypt-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.8" }, "related": [ { @@ -8016,7 +8858,8 @@ "meta": { "refs": [ "https://twitter.com/BleepinComputer/status/811635075158839296" - ] + ], + "payement method": "no ransom" }, "uuid": "8f41c9ce-9bd4-4bbd-96d7-c965d1621be7", "value": "Padlock Screenlocker" @@ -8033,7 +8876,9 @@ "refs": [ "https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/", "https://www.bleepingcomputer.com/news/security/new-macos-patcher-ransomware-locks-data-for-good-no-way-to-recover-your-files/" - ] + ], + "payement method": "Bitcoin", + "price": "0.25" }, "related": [ { @@ -8069,7 +8914,8 @@ ], "synonyms": [ "Goldeneye" - ] + ], + "payement method": "Bitcoin - Website (onion)" }, "related": [ { @@ -8093,8 +8939,12 @@ ], "refs": [ "https://decrypter.emsisoft.com/philadelphia", - "www.bleepingcomputer.com/news/security/the-philadelphia-ransomware-offers-a-mercy-button-for-compassionate-criminals/" - ] + "www.bleepingcomputer.com/news/security/the-philadelphia-ransomware-offers-a-mercy-button-for-compassionate-criminals/", + +"http://id-ransomware.blogspot.ru/2016/09/philadelphia-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.3" }, "uuid": "6fd25982-9cf8-4379-a126-433c91aaadf2", "value": "Philadelphia" @@ -8106,8 +8956,10 @@ ".id-[victim_id]-maestro@pizzacrypts.info" ], "refs": [ - "http://download.bleepingcomputer.com/BloodDolly/JuicyLemonDecoder.zip" - ] + "http://download.bleepingcomputer.com/BloodDolly/JuicyLemonDecoder.zip", +"https://id-ransomware.blogspot.com/2016/07/pizzacrypts-ransomware-1.html" + ], + "payement method": "Email" }, "uuid": "2482122b-1df6-488e-8867-215b165a4f66", "value": "PizzaCrypts" @@ -8121,8 +8973,11 @@ ], "refs": [ "http://www.nyxbone.com/malware/pokemonGO.html", - "http://www.bleepingcomputer.com/news/security/pokemongo-ransomware-installs-backdoor-accounts-and-spreads-to-other-drives/" - ] + "http://www.bleepingcomputer.com/news/security/pokemongo-ransomware-installs-backdoor-accounts-and-spreads-to-other-drives/", + +"https://id-ransomware.blogspot.com/2016/08/pokemongo-ransomware-aes-256.html" + ], + "payement method": "Bitcoin - Email" }, "uuid": "8b151275-d4c4-438a-9d06-92da2835586d", "value": "PokemonGO" @@ -8134,7 +8989,8 @@ "refs": [ "https://support.kaspersky.com/8547", "https://securelist.com/blog/research/76182/polyglot-the-fake-ctb-locker/" - ] + ], + "payement method": "Website (onion)" }, "related": [ { @@ -8159,11 +9015,15 @@ "https://github.com/pan-unit42/public_tools/blob/master/powerware/powerware_decrypt.py", "https://download.bleepingcomputer.com/demonslay335/PowerLockyDecrypter.zip", "https://www.carbonblack.com/2016/03/25/threat-alert-powerware-new-ransomware-written-in-powershell-targets-organizations-via-microsoft-word/", - "http://researchcenter.paloaltonetworks.com/2016/07/unit42-powerware-ransomware-spoofing-locky-malware-family/" + "http://researchcenter.paloaltonetworks.com/2016/07/unit42-powerware-ransomware-spoofing-locky-malware-family/", + +"http://id-ransomware.blogspot.com/2016/04/powerware-ransomware.html" ], "synonyms": [ "PoshCoder" - ] + ], + "payement method": "Bitcoin", + "price": "500 $" }, "related": [ { @@ -8183,7 +9043,8 @@ "encryption": "AES", "ransomnotes": [ "DECRYPT_INSTRUCTION.html" - ] + ], + "payement method": "Website (onion)" }, "uuid": "b54d59d7-b604-4b01-8002-5a2930732ca6", "value": "PowerWorm" @@ -8204,8 +9065,11 @@ "refs": [ "https://hshrzd.wordpress.com/2016/11/17/princess-locker-decryptor/", "https://www.bleepingcomputer.com/news/security/introducing-her-royal-highness-the-princess-locker-ransomware/", - "https://blog.malwarebytes.com/threat-analysis/2016/11/princess-ransomware/" - ] + "https://blog.malwarebytes.com/threat-analysis/2016/11/princess-ransomware/", +"http://id-ransomware.blogspot.com/2016/09/princess-locker-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "3 (1 800 $)" }, "uuid": "7c8ff7e5-2cad-48e8-92e8-4c8226933cbc", "value": "Princess Locker" @@ -8215,7 +9079,9 @@ "meta": { "refs": [ "http://www.enigmasoftware.com/prismyourcomputerhasbeenlockedransomware-removal/" - ] + ], + "payement method": "MoneyPak", + "price": "300 $" }, "uuid": "c0ebfb75-254d-4d85-9d02-a7af8e655068", "value": "PRISM" @@ -8225,7 +9091,8 @@ "meta": { "refs": [ "https://twitter.com/jiriatvirlab/status/803297700175286273" - ] + ], + "payement method": "Bitcoin" }, "uuid": "1da6653c-8657-4cdc-9eaf-0df9d2ebbf10", "value": "Ps2exe" @@ -8237,8 +9104,11 @@ "Ransomware.txt" ], "refs": [ - "https://twitter.com/malwrhunterteam/status/846705481741733892" - ] + "https://twitter.com/malwrhunterteam/status/846705481741733892", +"http://id-ransomware.blogspot.com/2017/03/r-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1 - 2" }, "uuid": "f7cd8956-2825-4104-94b1-e9589ab1089a", "value": "R" @@ -8254,8 +9124,11 @@ "rtext.txt" ], "refs": [ - "https://otx.alienvault.com/pulse/57976b52b900fe01376feb01/" - ] + "https://otx.alienvault.com/pulse/57976b52b900fe01376feb01/", +"http://id-ransomware.blogspot.com/2016/07/r980-ransomware-aes-256-rsa4096-05.html" + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "6a7ebb0a-78bc-4fdc-92ae-1b02976b5499", "value": "R980" @@ -8271,11 +9144,15 @@ ], "refs": [ "https://reaqta.com/2016/06/raa-ransomware-delivering-pony/", - "http://www.bleepingcomputer.com/news/security/the-new-raa-ransomware-is-created-entirely-using-javascript/" + "http://www.bleepingcomputer.com/news/security/the-new-raa-ransomware-is-created-entirely-using-javascript/", + +"https://id-ransomware.blogspot.com/2016/06/raa-ransomware-aes-256-039-250.html" ], "synonyms": [ "RAA" - ] + ], + "payement method": "Bitcoin", + "price": "0.39 (215 $)" }, "uuid": "b6d4faa1-6d76-42ff-8a18-238eb70cff06", "value": "RAA encryptor" @@ -8285,7 +9162,9 @@ "meta": { "refs": [ "https://twitter.com/CryptoInsane/status/846181140025282561" - ] + ], + "payement method": "Bitcoin", + "price": "0.05" }, "uuid": "4a95257a-6646-492f-93eb-d15dff7ce1eb", "value": "Rabion" @@ -8306,8 +9185,11 @@ "refs": [ "https://decrypter.emsisoft.com/radamant", "http://www.bleepingcomputer.com/news/security/new-radamant-ransomware-kit-adds-rdm-extension-to-encrypted-files/", - "http://www.nyxbone.com/malware/radamant.html" - ] + "http://www.nyxbone.com/malware/radamant.html", +"https://id-ransomware.blogspot.com/2016/04/radamant-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.5" }, "related": [ { @@ -8358,7 +9240,8 @@ "%APPDATA%\\Roaming\\.bmp" ], "refs": [ - "https://support.kaspersky.com/us/viruses/disinfection/10556" + "https://support.kaspersky.com/us/viruses/disinfection/10556", +"https://id-ransomware.blogspot.com/2016/07/bandarchor-ransomware-aes-256.html" ], "synonyms": [ "Agent.iih", @@ -8370,7 +9253,8 @@ "Isda", "Cryptokluchen", "Bandarchor" - ] + ], + "payement method": "Email" }, "related": [ { @@ -8386,6 +9270,8 @@ }, { "description": "Ransomware Based on the DUMB ransomware", + "payement method": "Bitcoin", + "price": "0.3169" "uuid": "5b81ea66-9a44-43d8-bceb-22e5b0582f8d", "value": "Ramsomeer" }, @@ -8397,7 +9283,9 @@ ], "refs": [ "https://support.kaspersky.com/viruses/disinfection/8547" - ] + ], + "payement method": "PaySafeCard", + "price": "1000 $" }, "uuid": "d45f089b-efc7-45f8-a681-845374349d83", "value": "Rannoh" @@ -8423,7 +9311,8 @@ "https://github.com/pan-unit42/public_tools/tree/master/ranran_decryption", "http://researchcenter.paloaltonetworks.com/2017/03/unit42-targeted-ransomware-attacks-middle-eastern-government-organizations-political-purposes/", "https://www.bleepingcomputer.com/news/security/new-ranran-ransomware-uses-encryption-tiers-political-messages/" - ] + ], + "payement method": "Bitcoin" }, "uuid": "e01a0cfa-2c8c-4e08-963a-4fa1e8cc6a34", "value": "RanRan" @@ -8434,7 +9323,9 @@ "refs": [ "https://www.proofpoint.com/us/threat-insight/post/ransoc-desktop-locking-ransomware-ransacks-local-files-social-media-profiles", "https://www.bleepingcomputer.com/news/security/ransoc-ransomware-extorts-users-who-accessed-questionable-content/" - ] + ], + "payement method": "Bitcoin", + "price": "100 $" }, "related": [ { @@ -8450,6 +9341,13 @@ }, { "description": "Ransomware no extension change, Javascript Ransomware", +"meta": { + "refs": [ + "http://id-ransomware.blogspot.com/2016/04/ransom32.html" + ], + "payement method": "Bitcoin", + "price": "1" + }, "uuid": "d74e2fa6-6b8d-49ed-80f9-07b274eecef8", "value": "Ransom32" }, @@ -8459,7 +9357,9 @@ "encryption": "Asymmetric 1024 ", "refs": [ "https://www.symantec.com/security_response/writeup.jsp?docid=2009-041513-1400-99&tabid=2" - ] + ], + "payement method": "Bitcoin", + "price": "500 $" }, "uuid": "24f98123-192c-4e31-b2ee-4c77afbdc3be", "value": "RansomLock" @@ -8469,7 +9369,12 @@ "meta": { "ransomnotes": [ "RarVault.htm" - ] + ], + "refs": [ +"http://id-ransomware.blogspot.com/2016/09/rarvault-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1 - 50" }, "uuid": "c8ee96a3-ac22-40c7-8ed2-df67aeaca08d", "value": "RarVault" @@ -8484,8 +9389,10 @@ ], "refs": [ "http://www.nyxbone.com/malware/Razy(German).html", - "http://nyxbone.com/malware/Razy.html" - ] + "http://nyxbone.com/malware/Razy.html", +"http://id-ransomware.blogspot.com/2016/08/razy-ransomware-aes.html" + ], + "payement method": "Link" }, "uuid": "f2a38c7b-054e-49ab-aa0e-67a7aac71837", "value": "Razy" @@ -8501,7 +9408,8 @@ ], "refs": [ "https://support.kaspersky.com/viruses/disinfection/4264" - ] + ], + "payement method": "Bitcoin Email" }, "uuid": "08f519f4-df8f-4baf-b7ac-c7a0c66f7e74", "value": "Rector" @@ -8517,8 +9425,11 @@ "Readme.txt" ], "refs": [ - "https://support.kaspersky.com/viruses/disinfection/4264" - ] + "https://support.kaspersky.com/viruses/disinfection/4264", +"http://id-ransomware.blogspot.com/2016/08/rektlocker-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "5448f038-0558-45c7-bda7-76950f82846a", "value": "RektLocker" @@ -8535,8 +9446,11 @@ ], "refs": [ "http://www.nyxbone.com/malware/RemindMe.html", - "http://i.imgur.com/gV6i5SN.jpg" - ] + "http://i.imgur.com/gV6i5SN.jpg", +"http://id-ransomware.blogspot.com/2016/05/remindme-ransomware-2.html" + ], + "payement method": "Bitcoin", + "price": "2" }, "uuid": "0120015c-7d37-469c-a966-7a0d42166e67", "value": "RemindMe" @@ -8553,8 +9467,11 @@ "README_HOW_TO_UNLOCK.HTML" ], "refs": [ - "https://blog.malwarebytes.org/threat-analysis/2016/04/rokku-ransomware/" - ] + "https://blog.malwarebytes.org/threat-analysis/2016/04/rokku-ransomware/", +"https://id-ransomware.blogspot.com/2016/04/rokku-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.2403 (100.29 $)" }, "related": [ { @@ -8572,8 +9489,11 @@ "description": "Ransomware Stores your files in a password protected RAR file", "meta": { "refs": [ - "https://twitter.com/siri_urz/status/842452104279134209" - ] + "https://twitter.com/siri_urz/status/842452104279134209", +"https://id-ransomware.blogspot.com/2017/02/allyourdocuments-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.35" }, "uuid": "e88a7509-9c79-42c1-8b0c-5e63af8e25b5", "value": "RoshaLock" @@ -8583,7 +9503,8 @@ "meta": { "refs": [ "https://twitter.com/struppigel/status/801812325657440256" - ] + ], + "payement method": "Bitcoin" }, "uuid": "266b366b-2b4f-41af-a30f-eab1c63c9976", "value": "Runsomewere" @@ -8593,7 +9514,9 @@ "meta": { "refs": [ "https://twitter.com/struppigel/status/823925410392080385" - ] + ], + "payement method": "Bitcoin", + "price": "0.3" }, "uuid": "1149197c-89e7-4a8f-98aa-40ac0a9c0914", "value": "RussianRoulette" @@ -8602,8 +9525,11 @@ "description": "Ransomware Variant of CryPy", "meta": { "refs": [ - "https://twitter.com/malwrhunterteam/status/845356853039190016" - ] + "https://twitter.com/malwrhunterteam/status/845356853039190016", + +"http://id-ransomware.blogspot.com/2017/03/sadstory-ransomware.html" + ], + "payement method": "Email" }, "uuid": "6d81cee2-6c99-41fb-8b54-6581422d85dc", "value": "SADStory" @@ -8617,7 +9543,9 @@ "refs": [ "https://malwarebreakdown.com/2017/03/16/sage-2-2-ransomware-from-good-man-gate", "https://malwarebreakdown.com/2017/03/10/finding-a-good-man/" - ] + ], + "payement method": "Bitcoin", + "price": "0.52803 (625 $)" }, "uuid": "eacf3aee-ffb1-425a-862f-874e444a218d", "value": "Sage 2.2" @@ -8683,7 +9611,9 @@ "http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf", "https://www.bleepingcomputer.com/news/security/new-samsam-variant-requires-special-password-before-infection/", "https://www.bleepingcomputer.com/news/security/samsam-ransomware-crew-made-nearly-6-million-from-ransom-payments/", - "https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-The-Almost-Six-Million-Dollar-Ransomware.pdf" + "https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-The-Almost-Six-Million-Dollar-Ransomware.pdf", + +"https://id-ransomware.blogspot.com/2016/03/samsam.html" ], "synonyms": [ "samsam.exe", @@ -8693,7 +9623,9 @@ "SamSam Ransomware", "SamSam", "Samsam" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "related": [ { @@ -8716,7 +9648,12 @@ ], "ransomnotes": [ "DECRYPT_YOUR_FILES.HTML" - ] + ], + "refs": [ +"http://id-ransomware.blogspot.com/2016/05/sanction-ransomware-3.html" + ], + "payement method": "Bitcoin", + "price": "3" }, "uuid": "e7b69fbe-26ba-49df-aa62-a64525f89343", "value": "Sanction" @@ -8732,8 +9669,12 @@ "RESTORE_ALL_DATA.html" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/sanctions-ransomware-makes-fun-of-usa-sanctions-against-russia/" - ] + "https://www.bleepingcomputer.com/news/security/sanctions-ransomware-makes-fun-of-usa-sanctions-against-russia/", + +"http://id-ransomware.blogspot.com/2017/03/sanctions-2017-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "6" }, "uuid": "7b517c02-9f93-44c7-b957-10346803c43c", "value": "Sanctions" @@ -8746,7 +9687,9 @@ ], "refs": [ "https://twitter.com/BleepinComputer/status/835955409953357825" - ] + ], + "payement method": "Bitcoin", + "price": "100 $" }, "uuid": "6e49ecfa-1c25-4841-ae60-3b1c3c9c7710", "value": "Sardoninir" @@ -8762,8 +9705,11 @@ ], "refs": [ "https://blog.malwarebytes.com/threat-analysis/2016/06/satana-ransomware/", - "https://blog.kaspersky.com/satana-ransomware/12558/" - ] + "https://blog.kaspersky.com/satana-ransomware/12558/", +"https://id-ransomware.blogspot.com/2016/06/satana-ransomware-0.html" + ], + "payement method": "Bitcoin", + "price": "0.5" }, "related": [ { @@ -8792,8 +9738,11 @@ "meta": { "encryption": "AES", "refs": [ - "http://www.nyxbone.com/malware/Serpico.html" - ] + "http://www.nyxbone.com/malware/Serpico.html", +"http://id-ransomware.blogspot.com/2016/08/serpico-ransomware.html" + ], + "payement method": "Euros", + "price": "50" }, "related": [ { @@ -8823,7 +9772,9 @@ ], "synonyms": [ "Atom" - ] + ], + "payement method": "Bitcoin", + "price": "50 - 100 - 200 $" }, "related": [ { @@ -8845,8 +9796,10 @@ ], "refs": [ "https://twitter.com/JakubKroustek/status/760560147131408384", - "http://www.bleepingcomputer.com/news/security/new-educational-shinolocker-ransomware-project-released/" - ] + "http://www.bleepingcomputer.com/news/security/new-educational-shinolocker-ransomware-project-released/", +"https://id-ransomware.blogspot.com/2016/08/shinolocker-ransomware.html" + ], + "payement method": "no ransom" }, "uuid": "bc029327-ee34-4eba-8933-bd85f2a1e9d1", "value": "ShinoLocker" @@ -8859,11 +9812,15 @@ ], "refs": [ "http://www.nyxbone.com/malware/chineseRansom.html", - "http://blog.trendmicro.com/trendlabs-security-intelligence/chinese-language-ransomware-makes-appearance/" + "http://blog.trendmicro.com/trendlabs-security-intelligence/chinese-language-ransomware-makes-appearance/", + +"http://id-ransomware.blogspot.com/2016/05/chinese-ransomware.html" ], "synonyms": [ "KinCrypt" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "related": [ { @@ -8888,8 +9845,11 @@ "_RECOVER_INSTRUCTIONS.ini" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/the-shark-ransomware-project-allows-to-create-your-own-customized-ransomware/" - ] + "http://www.bleepingcomputer.com/news/security/the-shark-ransomware-project-allows-to-create-your-own-customized-ransomware/", +"https://id-ransomware.blogspot.com/2016/07/tilde-ransomware-aes-08.html" + ], + "payement method": "Bitcoin", + "price": "0.8" }, "uuid": "2709b2ff-a2be-49a9-b268-2576170a5dff", "value": "Simple_Encoder" @@ -8906,11 +9866,14 @@ ], "refs": [ "http://www.bleepingcomputer.com/news/security/pompous-ransomware-dev-gets-defeated-by-backdoor/", - "http://www.nyxbone.com/malware/SkidLocker.html" + "http://www.nyxbone.com/malware/SkidLocker.html", +"http://id-ransomware.blogspot.com/2016/04/pompous-ransomware.html" ], "synonyms": [ "Pompous" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "44b6b99e-b1d9-4605-95c2-55c14c7c25be", "value": "SkidLocker" @@ -8920,7 +9883,8 @@ "meta": { "refs": [ "https://www.bleepingcomputer.com/news/security/smash-ransomware-is-cute-rather-than-dangerous/" - ] + ], + "payement method": "no ransom" }, "uuid": "27283e74-abc6-4d8a-bcb6-a60804b8e264", "value": "Smash!" @@ -8933,7 +9897,12 @@ ], "ransomnotes": [ "_HOW_TO_Decrypt.bmp" - ] + ], + "refs": [ + "http://id-ransomware.blogspot.com/2016/08/smrss32-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.66 (300 $)" }, "uuid": "cd21bb2a-0c6a-463b-8c0e-16da251f69ae", "value": "Smrss32" @@ -8951,8 +9920,12 @@ ], "refs": [ "http://nyxbone.com/malware/SNSLocker.html", - "http://nyxbone.com/images/articulos/malware/snslocker/16.png" - ] + "http://nyxbone.com/images/articulos/malware/snslocker/16.png", + +"http://id-ransomware.blogspot.com/2016/05/sns-locker-ransomware-aes-256-066.html" + ], + "payement method": "Bitcoin", + "price": "0.66 (300 $)" }, "uuid": "82658f48-6a62-4dee-bd87-382e76b84c3d", "value": "SNSLocker" @@ -8962,7 +9935,8 @@ "meta": { "extensions": [ ".sport" - ] + ], + "payement method": "Bitcoin" }, "uuid": "9526efea-8853-42f2-89be-a04ee1ca4c7d", "value": "Sport" @@ -8982,8 +9956,12 @@ "http://www.bleepingcomputer.com/news/security/stampado-ransomware-campaign-decrypted-before-it-started/", "https://decrypter.emsisoft.com/stampado", "https://cdn.streamable.com/video/mp4/kfh3.mp4", - "http://blog.trendmicro.com/trendlabs-security-intelligence/the-economics-behind-ransomware-prices/" - ] + "http://blog.trendmicro.com/trendlabs-security-intelligence/the-economics-behind-ransomware-prices/", + +"https://id-ransomware.blogspot.com/2016/07/stampado-ransomware-1.html" + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "6b8729b0-7ffc-4d07-98de-e5210928b274", "value": "Stampado" @@ -8997,7 +9975,9 @@ ], "refs": [ "http://www.nyxbone.com/malware/Strictor.html" - ] + ], + "payement method": "Bitcoin", + "price": "500 - 1000 $" }, "uuid": "d75bdd85-032a-46b7-a339-257fd5656c11", "value": "Strictor" @@ -9012,7 +9992,12 @@ ], "ransomnotes": [ "DECRYPTION_HOWTO.Notepad" - ] + ], + "refs": [ + "http://id-ransomware.blogspot.com/2016/05/surprise-ransomware-aes-256.html" + ], + "payement method": "Bitcoin", + "price": "0.5 - 25" }, "uuid": "6848b77c-92c8-40ec-90ac-9c14b9f17272", "value": "Surprise" @@ -9025,13 +10010,15 @@ ], "refs": [ "http://www.bleepingcomputer.com/news/security/in-dev-ransomware-forces-you-do-to-survey-before-unlocking-computer/" - ] + ], + "payement method": "no ransom" }, "uuid": "11725992-3634-4715-ae17-b6f5ed13b877", "value": "Survey" }, { "description": "Ransomware Exploited Synology NAS firmware directly over WAN", + "payement method": "Website (onion)", "uuid": "27740d5f-30cf-4c5c-812c-15c0918ce9f0", "value": "SynoLocker" }, @@ -9042,8 +10029,11 @@ ".szf" ], "refs": [ - "http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/" - ] + "http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/", + +"https://id-ransomware.blogspot.com/2016/06/szflocker-polish-ransomware-email.html" + ], + "payement method": "Email" }, "uuid": "a7845bbe-d7e6-4c7b-a9b8-dccbd93bc4b2", "value": "SZFLocker" @@ -9060,7 +10050,9 @@ ], "refs": [ "https://securelist.com/blog/research/76153/teamxrat-brazilian-cybercrime-meets-ransomware/" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "65a31863-4f59-4c66-bc2d-31e8fb68bbe8", "value": "TeamXrat" @@ -9088,7 +10080,8 @@ ], "synonyms": [ "AlphaCrypt" - ] + ], + "payement method": "Bitcoin" }, "uuid": "af92c71e-935e-4486-b4e7-319bf16d622e", "value": "TeslaCrypt 0.x - 2.2.0" @@ -9107,7 +10100,8 @@ "http://www.bleepingcomputer.com/forums/t/576600/tesladecoder-released-to-decrypt-exx-ezz-ecc-files-encrypted-by-teslacrypt/", "http://www.welivesecurity.com/2016/05/18/eset-releases-decryptor-recent-variants-teslacrypt-ransomware/", "https://blog.kaspersky.com/raknidecryptor-vs-teslacrypt/12169/" - ] + ], + "payement method": "Bitcoin" }, "uuid": "bd19dfff-7c8d-4c94-967e-f8ffc19e7dd9", "value": "TeslaCrypt 3.0+" @@ -9140,7 +10134,8 @@ "http://www.welivesecurity.com/2016/05/18/eset-releases-decryptor-recent-variants-teslacrypt-ransomware/", "https://blog.kaspersky.com/raknidecryptor-vs-teslacrypt/12169/", "https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslacrypt-41a-and-malware-attack-chain" - ] + ], + "payement method": "Bitcoin" }, "uuid": "ab6b8f56-cf2d-4733-8f9c-df3d52c05e66", "value": "TeslaCrypt 4.1A" @@ -9172,7 +10167,8 @@ "http://www.welivesecurity.com/2016/05/18/eset-releases-decryptor-recent-variants-teslacrypt-ransomware/", "https://blog.kaspersky.com/raknidecryptor-vs-teslacrypt/12169/", "http://www.bleepingcomputer.com/news/security/teslacrypt-4-2-released-with-quite-a-few-modifications/" - ] + ], + "payement method": "Bitcoin" }, "uuid": "eed65c12-b179-4002-a11b-7a2e2df5f0c8", "value": "TeslaCrypt 4.2" @@ -9182,7 +10178,9 @@ "meta": { "ransomnotes": [ "HELP_DECRYPT.HTML" - ] + ], + "payement method": "Bitcoin", + "price": "1.25" }, "uuid": "c0bce92a-63b8-4538-93dc-0911ae46596d", "value": "Threat Finder" @@ -9210,13 +10208,17 @@ "refs": [ "http://www.bleepingcomputer.com/forums/t/547708/torrentlocker-ransomware-cracked-and-decrypter-has-been-made/", "https://twitter.com/PolarToffee/status/804008236600934403", - "http://blog.talosintelligence.com/2017/03/crypt0l0cker-torrentlocker-old-dog-new.html" + "http://blog.talosintelligence.com/2017/03/crypt0l0cker-torrentlocker-old-dog-new.html", + +"http://id-ransomware.blogspot.ru/2016/05/torrentlocker-ransomware-aes-cbc-2048.html" ], "synonyms": [ "Crypt0L0cker", "CryptoFortress", "Teerac" - ] + ], + "payement method": "Bitcoin", + "price": "4.081" }, "related": [ { @@ -9251,8 +10253,12 @@ "Payment_Instructions.jpg" ], "refs": [ - "http://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/" - ] + "http://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/", + +"https://id-ransomware.blogspot.com/2016/06/towerweb-ransonware-100.html" + ], + "payement method": "Bitcoin", + "price": "100 - 150 $" }, "uuid": "4d470cf8-09b6-4d0e-8e5a-2f618e48c560", "value": "TowerWeb" @@ -9265,7 +10271,12 @@ ], "ransomnotes": [ "tox.html" - ] + ], + "refs": [ + "https://id-ransomware.blogspot.com/2016/06/toxcrypt-ransomware-aes-crypto-0.html" + ], + "payement method": "Bitcoin", + "price": "0.23" }, "uuid": "08fc7534-fe85-488b-92b0-630c0d91ecbe", "value": "Toxcrypt" @@ -9281,11 +10292,14 @@ ], "refs": [ "https://download.bleepingcomputer.com/demonslay335/BrainCryptDecrypter.zip", - "https://twitter.com/PolarToffee/status/811249250285842432" + "https://twitter.com/PolarToffee/status/811249250285842432", + +"http://id-ransomware.blogspot.com/2016/12/braincrypt-ransomware.html" ], "synonyms": [ "BrainCrypt" - ] + ], + "payement method": "Email" }, "uuid": "97673387-75ae-4da4-9a5f-38773f2492e7", "value": "Trojan" @@ -9309,8 +10323,11 @@ "refs": [ "https://www.nomoreransom.org/uploads/ShadeDecryptor_how-to_guide.pdf", "http://www.nyxbone.com/malware/Troldesh.html", - "https://www.bleepingcomputer.com/news/security/kelihos-botnet-delivering-shade-troldesh-ransomware-with-no-more-ransom-extension/" - ] + "https://www.bleepingcomputer.com/news/security/kelihos-botnet-delivering-shade-troldesh-ransomware-with-no-more-ransom-extension/", + +"https://id-ransomware.blogspot.com/2016/06/troldesh-ransomware-email.html" + ], + "payement method": "Email" }, "uuid": "6c3dd006-3501-4ebc-ab86-b06e4d555194", "value": "Troldesh orShade, XTBL" @@ -9323,8 +10340,12 @@ ".enc" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/truecrypter-ransomware-accepts-payment-in-bitcoins-or-amazon-gift-card/" - ] + "http://www.bleepingcomputer.com/news/security/truecrypter-ransomware-accepts-payment-in-bitcoins-or-amazon-gift-card/", + +"http://id-ransomware.blogspot.com/2016/04/truecrypter-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.2 (115 $)" }, "uuid": "c46bfed8-7010-432a-8108-138f6d067000", "value": "TrueCrypter" @@ -9337,7 +10358,9 @@ ], "refs": [ "https://twitter.com/struppigel/status/821991600637313024" - ] + ], + "payement method": "Bitcoin", + "price": "100 $" }, "uuid": "132c39fc-1364-4210-aef9-48f73afc1108", "value": "Turkish" @@ -9354,7 +10377,9 @@ ], "refs": [ "http://www.nyxbone.com/malware/turkishRansom.html" - ] + ], + "payement method": "Bitcoin", + "price": "2" }, "uuid": "174dd201-0b0b-4a76-95c7-71f8141684d0", "value": "Turkish Ransom" @@ -9373,8 +10398,11 @@ "default432643264.jpg" ], "refs": [ - "http://www.thewindowsclub.com/emsisoft-decrypter-hydracrypt-umbrecrypt-ransomware" - ] + "http://www.thewindowsclub.com/emsisoft-decrypter-hydracrypt-umbrecrypt-ransomware", + +"https://id-ransomware.blogspot.com/2016/06/umbrecrypt-ransomware-aes.html" + ], + "payement method": "Email" }, "uuid": "028b3489-51da-45d7-8bd0-62044e9ea49f", "value": "UmbreCrypt" @@ -9386,8 +10414,12 @@ "Files encrypted.txt" ], "refs": [ - "https://www.bleepingcomputer.com/forums/t/627582/unblockupc-ransomware-help-support-topic-files-encryptedtxt/" - ] + "https://www.bleepingcomputer.com/forums/t/627582/unblockupc-ransomware-help-support-topic-files-encryptedtxt/", + +"http://id-ransomware.blogspot.com/2016/09/unblockupc-ransomware.html" + ], + "payement method": "Website", + "price": "0.18" }, "uuid": "5a9f9ebe-f4c8-4985-8890-743f59d658fd", "value": "UnblockUPC" @@ -9405,7 +10437,12 @@ "READTHISNOW!!!.txt", "Hellothere.txt", "YOUGOTHACKED.TXT" - ] + ], + "refs": [ +"http://id-ransomware.blogspot.com/2016/05/bitmessage-ransomware-aes-256-25-btc.html" + ], + "payement method": "Website", + "price": "2.5" }, "uuid": "bb8c6b80-91cb-4c01-b001-7b9e73228420", "value": "Ungluk" @@ -9421,8 +10458,11 @@ "READ_ME_!.txt" ], "refs": [ - "https://twitter.com/malwrhunterteam/status/839038399944224768" - ] + "https://twitter.com/malwrhunterteam/status/839038399944224768", + +"http://id-ransomware.blogspot.com/2017/02/unlock26-ransomware.html" + ], + "payement method": "Website" }, "uuid": "dfe760e5-f878-492d-91d0-05fa45a2849d", "value": "Unlock92 " @@ -9432,7 +10472,9 @@ "meta": { "refs": [ "https://twitter.com/struppigel/status/839771195830648833" - ] + ], + "payement method": "Bitcoin", + "price": "200 $" }, "uuid": "7799247c-4e6a-4c20-b0b3-d8e6a8ab6783", "value": "VapeLauncher" @@ -9458,7 +10500,9 @@ "synonyms": [ "CrypVault", "Zlader" - ] + ], + "payement method": "Bitcoin", + "price": "0.438" }, "related": [ { @@ -9480,7 +10524,8 @@ ], "refs": [ "https://twitter.com/BleepinComputer/status/817851339078336513" - ] + ], + "payement method": "Website (onion)" }, "uuid": "44a56cd0-8cd8-486f-972d-4b1b416e9077", "value": "VBRANSOM 7" @@ -9498,8 +10543,11 @@ ], "refs": [ "https://blog.malwarebytes.com/threat-analysis/2016/08/venus-locker-another-net-ransomware/?utm_source=twitter&utm_medium=social", - "http://www.nyxbone.com/malware/venusLocker.html" - ] + "http://www.nyxbone.com/malware/venusLocker.html", +"https://id-ransomware.blogspot.com/2016/08/venuslocker-ransomware-aes-256.html" + ], + "payement method": "Bitcoin", + "price": "0.15 (100 $)" }, "uuid": "7340c6d6-a16e-4a01-8bb4-8ad3edc64d28", "value": "VenusLocker" @@ -9513,7 +10561,9 @@ "refs": [ "http://www.nyxbone.com/malware/Virlock.html", "http://www.welivesecurity.com/2014/12/22/win32virlock-first-self-reproducing-ransomware-also-shape-shifter/" - ] + ], + "payement method": "Bitcoin", + "price": "250 $" }, "uuid": "5c736959-6c58-4bf2-b084-7197b42e500a", "value": "Virlock" @@ -9541,7 +10591,9 @@ ], "synonyms": [ "CrySiS" - ] + ], + "payement method": "Bitcoin", + "price": "2.5 - 3" }, "uuid": "15a30d84-4f5f-4b75-a162-e36107d30215", "value": "Virus-Encoder" @@ -9556,11 +10608,15 @@ "HOW_TO_UNLOCK_FILES_README_().txt" ], "refs": [ - "https://labs.opendns.com/2016/07/13/wildfire-ransomware-gaining-momentum/" + "https://labs.opendns.com/2016/07/13/wildfire-ransomware-gaining-momentum/", + +"https://id-ransomware.blogspot.com/2016/06/wildfire-locker-ransomware-aes-256-cbc.html" ], "synonyms": [ "Hades Locker" - ] + ], + "payement method": "Bitcoin", + "price": "299 $" }, "uuid": "31945e7b-a734-4333-9ea2-e52051ca015a", "value": "WildFire Locker" @@ -9588,8 +10644,11 @@ "refs": [ "https://support.kaspersky.com/viruses/disinfection/2911", "https://decrypter.emsisoft.com/xorist", - "https://twitter.com/siri_urz/status/1006833669447839745" - ] + "https://twitter.com/siri_urz/status/1006833669447839745", +"https://id-ransomware.blogspot.com/2016/06/xrtn-ransomware-rsa-1024-gnu-privacy.html" + ], + "payement method": "Bitcoin", + "price": "0.8" }, "uuid": "0a15a920-9876-4985-9d3d-bb0794722258", "value": "Xorist" @@ -9612,7 +10671,9 @@ ], "refs": [ "https://twitter.com/malwrhunterteam/status/808280549802418181" - ] + ], + "payement method": "Bitcoin", + "price": "0.25" }, "uuid": "0810ea3e-1cd6-4ea3-a416-5895fb685c5b", "value": "You Have Been Hacked!!!" @@ -9624,11 +10685,15 @@ ".zcrypt" ], "refs": [ - "https://blogs.technet.microsoft.com/mmpc/2016/05/26/link-lnk-to-ransom/" + "https://blogs.technet.microsoft.com/mmpc/2016/05/26/link-lnk-to-ransom/", + +"http://id-ransomware.blogspot.com/2016/05/zcrypt-ransomware-rsa-2048-email.html" ], "synonyms": [ "Zcryptor" - ] + ], + "payement method": "Bitcoin", + "price": "1.2 - 5" }, "uuid": "7eed5e96-0219-4355-9a9c-44643272894c", "value": "Zcrypt" @@ -9643,8 +10708,12 @@ "how.txt" ], "refs": [ - "http://www.bleepingcomputer.com/forums/t/617874/zimbra-ransomware-written-in-python-help-and-support-topic-crypto-howtotxt/" - ] + "http://www.bleepingcomputer.com/forums/t/617874/zimbra-ransomware-written-in-python-help-and-support-topic-crypto-howtotxt/", + +"https://id-ransomware.blogspot.com/2016/06/zimbra-ransomware-aes-optzimbrastore.html" + ], + "payement method": "Bitcoin", + "price": "3" }, "uuid": "07346620-a0b4-48d5-9158-5048741f5078", "value": "Zimbra" @@ -9663,7 +10732,9 @@ "Russian", "VaultCrypt", "CrypVault" - ] + ], + "payement method": "Bitcoin", + "price": "100 - 900 $" }, "related": [ { @@ -9687,8 +10758,12 @@ "Take_Seriously (Your saving grace).txt" ], "refs": [ - "https://twitter.com/BleepinComputer/status/844538370323812353" - ] + "https://twitter.com/BleepinComputer/status/844538370323812353", + +"http://id-ransomware.blogspot.com/2017/03/zorro-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "b2bd25e1-d41c-42f2-8971-ecceceb6ba08", "value": "Zorro" @@ -9701,7 +10776,12 @@ ], "synonyms": [ "GNL Locker" - ] + ], + "refs": [ +"http://id-ransomware.blogspot.com/2016/05/zyklon-locker-ransomware-windows-250.html" + ], + "payement method": "Euro", + "price": "250" }, "related": [ { @@ -9727,7 +10807,12 @@ "meta": { "extensions": [ ".vxLock" - ] + ], + "refs": [ +"https://id-ransomware.blogspot.com/2017/01/vxlock-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.3" }, "uuid": "37950a1c-0035-49e0-9278-e878df0a10f3", "value": "vxLock" @@ -9747,8 +10832,12 @@ ], "refs": [ "http://blog.talosintelligence.com/2017/05/jaff-ransomware.html", - "https://www.bleepingcomputer.com/news/security/jaff-ransomware-distributed-via-necurs-malspam-and-asking-for-a-3-700-ransom/" - ] + "https://www.bleepingcomputer.com/news/security/jaff-ransomware-distributed-via-necurs-malspam-and-asking-for-a-3-700-ransom/", + +"http://id-ransomware.blogspot.com/2017/05/jaff-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1.82 - 2.036" }, "related": [ { @@ -9773,8 +10862,12 @@ "DECODE_FILES.txt" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/uiwix-ransomware-using-eternalblue-smb-exploit-to-infect-victims/" - ] + "https://www.bleepingcomputer.com/news/security/uiwix-ransomware-using-eternalblue-smb-exploit-to-infect-victims/", + +"http://id-ransomware.blogspot.com/2017/05/uiwix-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.122" }, "uuid": "369d6fda-0284-44aa-9e74-f6651416fec4", "value": "Uiwix Ransomware" @@ -9790,7 +10883,8 @@ ], "refs": [ "http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-fileless-code-injecting-sorebrect-ransomware/" - ] + ], + "payement method": "Email" }, "uuid": "34cedaf0-b1f0-4b5d-b7bd-2eadfc630ea7", "value": "SOREBRECT" @@ -9805,8 +10899,12 @@ "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2017/august/25/DHvA8CDWAAIR5er.jpg" ], "refs": [ - "https://twitter.com/struppigel/status/899524853426008064" - ] + "https://twitter.com/struppigel/status/899524853426008064", + +"https://id-ransomware.blogspot.com/2017/08/cyron-ransomware.html" + ], + "payement method": "PaySafeCard", + "price": "50 €" }, "uuid": "f597d388-886e-46d6-a5cc-26deeb4674f2", "value": "Cyron" @@ -9822,7 +10920,8 @@ ], "refs": [ "https://twitter.com/struppigel/status/899528477824700416" - ] + ], + "payement method": "Bitcoin Email" }, "uuid": "3330e226-b71a-4ee4-8612-2b06b58368fc", "value": "Kappa" @@ -9838,7 +10937,9 @@ ], "refs": [ "https://twitter.com/struppigel/status/899537940539478016" - ] + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "1fe6c23b-863e-49e4-9439-aa9e999aa2e1", "value": "Trojan Dz" @@ -9850,8 +10951,11 @@ ".xolzsec" ], "refs": [ - "https://twitter.com/struppigel/status/899916577252028416" - ] + "https://twitter.com/struppigel/status/899916577252028416", + +"http://id-ransomware.blogspot.com/2017/08/xolzsec-ransomware.html" + ], + "payement method": "no ransom" }, "uuid": "f2930308-2e4d-4af5-b119-746be0fe7f2c", "value": "Xolzsec" @@ -9866,8 +10970,12 @@ "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2017/august/25/DH5KChhXsAADOIu[1].jpg" ], "refs": [ - "https://twitter.com/struppigel/status/900238572409823232" - ] + "https://twitter.com/struppigel/status/900238572409823232", + +"https://id-ransomware.blogspot.com/2017/08/flatchestware-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "250 $" }, "uuid": "d29341fd-f48e-4caa-8a28-b17853b779d1", "value": "FlatChestWare" @@ -9880,11 +10988,15 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/synack-ransomware-sees-huge-spike-in-activity/", - "https://www.bleepingcomputer.com/news/security/synack-ransomware-uses-process-doppelg-nging-technique/" + "https://www.bleepingcomputer.com/news/security/synack-ransomware-uses-process-doppelg-nging-technique/", + +"https://id-ransomware.blogspot.com/2017/09/synack-ransomware.html" ], "synonyms": [ "Syn Ack" - ] + ], + "payement method": "Bitcoin", + "price": "2 100 $" }, "related": [ { @@ -9909,8 +11021,12 @@ "readme.png" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/" - ] + "https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/", + +"http://id-ransomware.blogspot.com/2017/08/synccrypt-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.1" }, "related": [ { @@ -9928,12 +11044,16 @@ "description": "On October 24, 2017, Cisco Talos was alerted to a widescale ransomware campaign affecting organizations across eastern Europe and Russia. As was the case in previous situations, we quickly mobilized to assess the situation and ensure that customers remain protected from this and other threats as they emerge across the threat landscape. There have been several large scale ransomware campaigns over the last several months. This appears to have some similarities to Nyetya in that it is also based on Petya ransomware. Major portions of the code appear to have been rewritten. The distribution does not appear to have the sophistication of the supply chain attacks we have seen recently.", "meta": { "refs": [ - "http://blog.talosintelligence.com/2017/10/bad-rabbit.html" + "http://blog.talosintelligence.com/2017/10/bad-rabbit.html", + +"https://id-ransomware.blogspot.com/2017/10/badrabbit-ransomware.html" ], "synonyms": [ "BadRabbit", "Bad-Rabbit" - ] + ], + "payement method": "Bitcoin", + "price": "0.05 (300 $)" }, "related": [ { @@ -9961,8 +11081,12 @@ "(Lucifer) [prepend]" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/halloware-ransomware-on-sale-on-the-dark-web-for-only-40/" - ] + "https://www.bleepingcomputer.com/news/security/halloware-ransomware-on-sale-on-the-dark-web-for-only-40/", + +"http://id-ransomware.blogspot.com/2017/11/halloware-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "150 $" }, "uuid": "b366627d-dbc0-45ba-90bc-5f5694f45e35", "value": "Halloware" @@ -9978,8 +11102,12 @@ "Warning\n\nYour documents, photos,databases,important files have been encrypted by RSA-4096 and AES-256!\nIf you modify any file, it may cause make you cannot decrypt!!!\n\nDon't waste your precious time to try decrypt the files.\nIf there is no key that we provide to you , NO ONE can decrypt your precious files, even Jesus.\n\nHow to decrypt your files ?\n\nYou have to pay for decryption in bitcoin\nTo decrypt your files,please following the steps below\n\n1,Pay 2.0 bitcoin to this address: [bitcoin_address]\n\nPay To : [bitcoin_address]\nAmount : 2.0\n\n2,After you have finished paying,Contact us and Send us your Decrypt-ID via email\n\n3,Once we have confimed your deal,You can use the tool we sent to you to decrypt all your files.\n\nHow to obtain bitcoin ?\n\nThe easiest way to buy bitcoin is LocalBitcoins site.\nYou have to register, click Buy bitcoins and select the seller\nby payment method and price\n\nhttps://localbitcoins.com/buy_bitcoins\n\nhttps://paxful.com/buy-bitcoin\n\nhttp://bitcointalk.org/\n\n If you have any questions please do not hesitate to contact us\n\nContact Email:JeanRenoAParis@protonmail.com\n\nDecrypt-ID:" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/" - ] + "https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/", + +"https://id-ransomware.blogspot.com/2017/11/storagecrypter.html" + ], + "payement method": "Bitcoin", + "price": "0.2 - 0.4 - 2" }, "uuid": "0b920d03-971f-413c-8057-60d187192140", "value": "StorageCrypt" @@ -9995,8 +11123,12 @@ "ALL YOUR FILES WERE ENCRYPTED.\nTO RESTORE THIS FILE, YOU MUST SEND $700 BTC for MASCHINE\nOR $5,000 BTC FOR ALL NETWORK\nADDRESS: 15aM71TGtRZRrY97vdGcDEZeJYBWZhf4FP\nAFTER PAYMENT SENT EMAIL m4zn0v@keemail.me\nALONG WITH YOUR IDENTITY: VVNFUi1QQzA5\nNOT TO TURN OFF YOUR COMPUTER, UNLESS IT WILL BREAK" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/hc7-gotya-ransomware-installed-via-remote-desktop-services-spread-with-psexec/" - ] + "https://www.bleepingcomputer.com/news/security/hc7-gotya-ransomware-installed-via-remote-desktop-services-spread-with-psexec/", + +"https://id-ransomware.blogspot.com/2017/12/hc7-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "500 - 700 $" }, "uuid": "9325e097-9fea-490c-9b89-c2d40c166101", "value": "HC7" @@ -10009,8 +11141,12 @@ ], "refs": [ "https://twitter.com/demonslay335/status/935622942737817601?ref_src=twsrc%5Etfw", - "https://www.bleepingcomputer.com/news/security/hc7-gotya-ransomware-installed-via-remote-desktop-services-spread-with-psexec/" - ] + "https://www.bleepingcomputer.com/news/security/hc7-gotya-ransomware-installed-via-remote-desktop-services-spread-with-psexec/", + +"http://id-ransomware.blogspot.com/2017/11/hc6-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "2 500 $" }, "uuid": "909fde65-e015-40a9-9012-8d3ef62bba53", "value": "HC6" @@ -10019,8 +11155,12 @@ "description": "Security researchers have discovered a new ransomware strain named qkG that targets only Office documents for encryption and infects the Word default document template to propagate to new Word documents opened through the same Office suite on the same computer.", "meta": { "refs": [ - "https://www.bleepingcomputer.com/news/security/qkg-ransomware-encrypts-only-word-documents-hides-and-spreads-via-macros/" - ] + "https://www.bleepingcomputer.com/news/security/qkg-ransomware-encrypts-only-word-documents-hides-and-spreads-via-macros/", + +"http://id-ransomware.blogspot.com/2017/11/qkg-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "300 $" }, "uuid": "1f3eab7f-da0a-4e0b-8a9f-cda2f146c819", "value": "qkG" @@ -10075,8 +11215,11 @@ "https://twitter.com/demonslay335/status/1049316344183836672", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-12th-2018-notpetya-gandcrab-and-more/", "https://twitter.com/Amigo_A_/status/1039105453735784448", - "https://twitter.com/GrujaRS/status/1072057088019496960" - ] + "https://twitter.com/GrujaRS/status/1072057088019496960", + +"http://id-ransomware.blogspot.com/2017/06/scarab-ransomware.html" + ], + "payement method": "Bitcoin Email" }, "uuid": "cf8fbd03-4510-41cc-bec3-712fa7609aa4", "value": "Scarab" @@ -10092,8 +11235,12 @@ "As you may have already noticed, all your important files are encrypted and you no longer have access to them. A unique key has been generated specifically for this PC and two very strong encryption algorithm was applied in that process. Original content of your files are wiped and overwritten with encrypted data so it cannot be recovered using any conventional data recovery tool.\n\nThe good news is that there is still a chance to recover your files, you just need to have the right key.\n\nTo obtain the key, visit our website from the menu above. You have to be fast, after 96 hours the key will be blocked and all your files will remain permanently encrypted since no one will be able to recover them without the key!\n\nRemember, do not try anything stupid, the program has several security measures to delete all your files and cause the damage to your PC.\n\nTo avoid any misunderstanding, please read Help section." ], "refs": [ - "https://www.bleepingcomputer.com/news/security/file-spider-ransomware-targeting-the-balkans-with-malspam/" - ] + "https://www.bleepingcomputer.com/news/security/file-spider-ransomware-targeting-the-balkans-with-malspam/", + +"http://id-ransomware.blogspot.com/2017/12/file-spider-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.00725" }, "uuid": "3e75ce6b-b6de-4e5a-9501-8f9f847c819c", "value": "File Spider" @@ -10108,7 +11255,9 @@ "synonyms": [ "FindZip", "Patcher" - ] + ], + "payement method": "Bitcoin", + "price": "0.25" }, "related": [ { @@ -10135,7 +11284,9 @@ "date": "June 2017", "refs": [ "https://objective-see.com/blog/blog_0x25.html" - ] + ], + "payement method": "Bitcoin", + "price": "0.25 (700 $)" }, "related": [ { @@ -10173,8 +11324,12 @@ "https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-version-2-released-with-new-crab-extension-and-other-changes/", "https://www.bleepingcomputer.com/news/security/gandcrab-version-3-released-with-autorun-feature-and-desktop-background/", "https://www.bleepingcomputer.com/news/security/new-fallout-exploit-kit-drops-gandcrab-ransomware-or-redirects-to-pups/", - "https://www.bleepingcomputer.com/news/security/gandcrab-v5-ransomware-utilizing-the-alpc-task-scheduler-exploit/" - ] + "https://www.bleepingcomputer.com/news/security/gandcrab-v5-ransomware-utilizing-the-alpc-task-scheduler-exploit/", + +"https://id-ransomware.blogspot.com/2018/01/gandcrab-ransomware.html" + ], + "payement method": "Dash", + "price": "1 - 3" }, "related": [ { @@ -10194,7 +11349,9 @@ "date": "Febuary 2018", "refs": [ "https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/shurl0ckr-ransomware-as-a-service-peddled-on-dark-web-can-reportedly-bypass-cloud-applications" - ] + ], + "payement method": "Bitcoin", + "price": "0.01 - 0.1" }, "uuid": "cc7f6da3-fafd-444f-b7e9-f0e650fb4d4f", "value": "ShurL0ckr" @@ -10210,7 +11367,8 @@ "https://sensorstechforum.com/fr/fairytail-files-virus-cryakl-ransomware-remove-restore-data/", "https://www.technologynews.tech/cryakl-ransomware-virus", "http://www.zdnet.com/article/cryakl-ransomware-decryption-keys-now-available-for-free/" - ] + ], + "payement method": "Bitcoin" }, "related": [ { @@ -10239,8 +11397,12 @@ ], "refs": [ "https://mobile.twitter.com/EclecticIQ/status/968478323889332226", - "https://www.eclecticiq.com/resources/thanatos--ransomware-first-ransomware-ask-payment-bitcoin-cash?type=intel-report" - ] + "https://www.eclecticiq.com/resources/thanatos--ransomware-first-ransomware-ask-payment-bitcoin-cash?type=intel-report", + +"http://id-ransomware.blogspot.com/2018/02/thanatos-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.1" }, "related": [ { @@ -10278,7 +11440,9 @@ "synonyms": [ "Vagger", "DONTSLIP" - ] + ], + "payement method": "Bitcoin", + "price": "750 $" }, "uuid": "f80b0a42-21ef-11e8-8ac7-0317408794e2", "value": "RSAUtil" @@ -10292,7 +11456,8 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/qwerty-ransomware-utilizes-gnupg-to-encrypt-a-victims-files/" - ] + ], + "payement method": "Bitcoin" }, "uuid": "15c370c0-2799-11e8-a959-57cdcd57e3bf", "value": "Qwerty Ransomware" @@ -10305,8 +11470,11 @@ "*** All your files has been encrypted ***\n\nI am ZENIS. A mischievous boy who loves cryptography, hardware and programming. My world is full of unanswered questions and puzzles half and half, and I'm coming to discover a new world. A world in digital space that you are supposed to play the role of my toys.\n\nIf you want to win in this game, you have to listen carefully to my instructions, otherwise you will be caught up in a one-step game and you will become the main loser of the story.\n\nMy instructions are simple and clear. Then follow these steps:\n\n1. Send this file (Zenis-Instructions.html) to my email with one your encrypted file less than 2 MB to trust to the game.\n\n2. I decrypt your file for free and send for you.\n\n3. If you confirm the correctness of the files, verify that the files are correct via email\n\n4. Then receive the price of decrypting files\n\n5. After you have deposited, please send me the payment details\n\n6. After i confirm deposit, i send you the \"Zenis Decryptor\" along with \"Private Key\" to recovery all your files.\n\nNow you can finish the game. You won the game. congratulations.\n\n\nPlease submit your request to both emails:\n\nTheZenis@Tutanota.com\n\nTheZenis@MailFence.com\n\nIf you did not receive an email after six hours, submit your request to the following emails:\n\nTheZenis@Protonmail.com\n\nTheZenis@Mail2Tor.com (On the TOR network)\n\n\nWarning: 3rd party and public programs, It may cause irreversible damage to your files. And your files will be lost forever." ], "refs": [ - "https://www.bleepingcomputer.com/news/security/zenis-ransomware-encrypts-your-data-and-deletes-your-backups/" - ] + "https://www.bleepingcomputer.com/news/security/zenis-ransomware-encrypts-your-data-and-deletes-your-backups/", + +"https://id-ransomware.blogspot.com/2018/03/zenis-ransomware.html" + ], + "payement method": "Bitcoin Email (Tor)" }, "uuid": "cbe3ee70-2d11-11e8-84bb-9b3c525a48d9", "value": "Zenis Ransomware" @@ -10314,8 +11482,12 @@ { "meta": { "refs": [ - "https://www.bleepingcomputer.com/news/security/author-of-polski-vortex-and-flotera-ransomware-families-arrested-in-poland/" - ] + "https://www.bleepingcomputer.com/news/security/author-of-polski-vortex-and-flotera-ransomware-families-arrested-in-poland/", + +"http://id-ransomware.blogspot.com/2017/03/flotera-ransomware.html" + ], + "payement method": "Dollars", + "price": "199" }, "uuid": "aab356ac-396c-11e8-90c8-631229f19d7a", "value": "Flotera Ransomware" @@ -10333,7 +11505,8 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/black-ruby-ransomware-skips-victims-in-iran-and-adds-a-miner-for-good-measure/", "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf" - ] + ], + "payement method": "Monero miner on the computer" }, "uuid": "abf3001c-396c-11e8-8da6-ef501eef12e1", "value": "Black Ruby" @@ -10350,8 +11523,11 @@ "[Rose ASCII art]\n\n[WhiteRose written in ASCII art]\n\nThe singing of the sparrows, the breezes of the northern mountains and smell of the earth that was raining in the morning filled the entire garden space. I'm sitting on a wooden chair next to a bush tree, I have a readable book in my hands and I am sweating my spring with a cup of bitter coffee. Today is a different day.\n\nBehind me is an empty house of dreams and in front of me, full of beautiful white roses. To my left is an empty blue pool of red fish and my right, trees full of spring white blooms.\n\n I drink coffee, I'll continue to read a book from William Faulkner. In the garden environment, peace and quiet. My life always goes that way. Always alone without even an intimate friend.\n\nI have neither a pet, nor a friend or an enemy; I am a normal person with fantastic wishes among the hordes of white rose flowers. Everything is natural. I'm just a little interested in hacking and programming. My only electronic devices in this big garden are an old laptop for do projects and an iPhone for check out the news feeds for malware analytics on Twitter without likes posts.\n\nBelieve me, my only assets are the white roses of this garden. I think of days and write at night: the story, poem, code, exploit or the accumulation of the number of white roses sold and I say to myself that the wealth is having different friends of different races, languages, habits and religions, Not only being in a fairly stylish garden with full of original white roses.\n\nToday, I think deeply about the decision that has involved my mind for several weeks. A decision to freedom and at the worth of unity, intimacy, joy and love and is the decision to release white roses and to give gifts to all peoples of the world.\n\nI do not think about selling white roses again. This time, I will plant all the white roses of the garden to bring a different gift for the people of each country. No matter where is my garden and where I am from, no matter if you are a housekeeper or a big company owner, it does not matter if you are the west of the world or its east, it's important that the white roses are endless and infinite. You do not need to send letters or e-mails to get these roses. Just wait it tomorrow. Wait for good days with White Rose.\n\nI hope you accept this gift from me and if it reaches you, close your eyes and place yourself in a large garden on a wooden chair and feel this beautiful scene to reduce your anxiety and everyday tension.\n\nThank you for trusting me. Now open your eyes. Your system has a flower like a small garden; A white rose flower.\n\n/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\n[Recovery Instructions]\n\n I. Download qTox on your computer from [https://tox.chat/download.html]\nII. Create new profile then enter our ID in search contacts\n Our Tox ID: \"6F548F217897AA4140FB4C514C8187F2FFDBA3CAFC83795DEE2FBCA369E689006B7CED4A18E9\". III. Wait for us to accept your request.\nIV. Copy '[PersonalKey]' in \"HOW-TO-RECOVERY-FILES.TXT\" file and send this key with one encrypted file less size then 2MB for trust us in our Tox chat.\n IV.I. Only if you did not receive a reply after 24 hours from us, send your message to our secure tor email address \"TheWhiteRose@Torbox3uiot6wchz.onion\".\n IV.II. For perform \"Step IV.I\" and enter the TOR network, you must download tor and register in \"http://torbox3uiot6wchz.onion\" Mail Service)\nV. We decrypt your two files and we will send you.\nVI. After ensuring the integrity of the files, We will send you payment info.\nVII. Now after payment, you get \"WhiteRose Decryptor\" Along with the private key of your system.\nVIII.Everything returns to the normal and your files will be released.\n\n/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nWhat is encryption?\n\n In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it, and those who are not authorized cannot. Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor. In an encryption scheme, the intended information or message, referred to as plaintext, is encrypted using an encryption algorithm – a cipher – generating ciphertext that can be read only if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, considerable computational resources and skills are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients but not to unauthorized users. in your case “WhiteRose Decryptor” software for safe and complete decryption of all your files and data.\n\nAny other way?\n\nIf you look through this text in the Internet and realise that something is wrong with your files but you do not have any instructions to restore your files, please contact your antivirus support." ], "refs": [ - "https://www.bleepingcomputer.com/news/security/the-whiterose-ransomware-is-decryptable-and-tells-a-strange-story/" - ] + "https://www.bleepingcomputer.com/news/security/the-whiterose-ransomware-is-decryptable-and-tells-a-strange-story/", + +"http://id-ransomware.blogspot.com/2018/03/whiterose-ransomware.html" + ], + "payement method": "Website Tor" }, "uuid": "abc80362-396c-11e8-bc5c-8bca89c0f797", "value": "WhiteRose" @@ -10366,8 +11542,12 @@ "https://www.bleepstatic.com/images/news/ransomware/p/pubg-ransomware/pubg-ransomware.jpg" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/pubg-ransomware-decrypts-your-files-if-you-play-playerunknowns-battlegrounds/" - ] + "https://www.bleepingcomputer.com/news/security/pubg-ransomware-decrypts-your-files-if-you-play-playerunknowns-battlegrounds/", + +"https://id-ransomware.blogspot.com/2018/04/pubg-ransomware.html" + ], + "payement method": "Game", + "price": "Play to decrypt" }, "uuid": "2239b3ca-3c9b-11e8-873e-53608d51ee71", "value": "PUBG Ransomware" @@ -10385,8 +11565,12 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/lockcrypt-ransomware-cracked-due-to-bad-crypto/", "https://twitter.com/malwrhunterteam/status/1034436350748053504", - "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-31st-2018-devs-on-vacation/" - ] + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-31st-2018-devs-on-vacation/", + +"http://id-ransomware.blogspot.com/2017/06/lockcrypt-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.5 - 1" }, "uuid": "ac070e9a-3cbe-11e8-9f9d-839e888f2340", "value": "LockCrypt" @@ -10406,8 +11590,12 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/decrypters-for-some-versions-of-magniber-ransomware-released/", "https://www.bleepingcomputer.com/news/security/goodbye-cerber-hello-magniber-ransomware/", - "https://twitter.com/demonslay335/status/1005133410501787648" - ] + "https://twitter.com/demonslay335/status/1005133410501787648", + +"http://id-ransomware.blogspot.com/2017/10/my-decryptor-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.2" }, "uuid": "a0c1790a-3ee7-11e8-9774-93351d675a9e", "value": "Magniber Ransomware" @@ -10422,8 +11610,12 @@ "UNCRYPT.README" ], "refs": [ - "https://twitter.com/siri_urz/status/981191281195044867" - ] + "https://twitter.com/siri_urz/status/981191281195044867", + +"http://id-ransomware.blogspot.com/2018/04/vurten-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "10 000 $" }, "uuid": "7666e948-3f09-11e8-b0b2-af79c067d856", "value": "Vurten" @@ -10435,7 +11627,9 @@ "https://www.bleepingcomputer.com/news/security/microsoft-engineer-charged-in-reveton-ransomware-case/", "https://en.wikipedia.org/wiki/Ransomware#Reveton", "https://nakedsecurity.sophos.com/2012/08/29/reveton-ransomware-exposed-explained-and-eliminated/" - ] + ], + "payement method": "Bitcoin", + "price": "200 $" }, "uuid": "1912ec68-4145-11e8-ac06-9b6643035a71", "value": "Reveton ransomware" @@ -10445,7 +11639,9 @@ "meta": { "refs": [ "https://en.wikipedia.org/wiki/Ransomware#Fusob" - ] + ], + "payement method": "Bitcoin", + "price": "100 - 200 $" }, "uuid": "c921d9ac-4145-11e8-965b-df5002d4cad8", "value": "Fusob" @@ -10467,6 +11663,13 @@ "value": "OXAR" }, { +"meta": { + "refs": [ + "http://id-ransomware.blogspot.com/2018/03/bansomqarewanna-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "100 $" + }, "uuid": "b95a76d8-4171-11e8-b9b3-1bf62ec3265e", "value": "BansomQare Manna Ransomware" }, @@ -10477,8 +11680,11 @@ { "meta": { "refs": [ - "https://twitter.com/malwrhunterteam/status/982229994364547073" - ] + "https://twitter.com/malwrhunterteam/status/982229994364547073", + +"http://id-ransomware.blogspot.com/2018/04/skyfile-ransomware.html" + ], + "payement method": "Bitcoin Email" }, "uuid": "b4654c94-417a-11e8-8c2c-5b5748496f92", "value": "SkyFile" @@ -10488,7 +11694,8 @@ "meta": { "refs": [ "https://www.bleepingcomputer.com/news/security/minecraft-and-cs-go-ransomware-strive-for-media-attention/" - ] + ], + "payement method": "Game" }, "uuid": "443c55c6-43d1-11e8-9072-6fdcf89aa4e6", "value": "MC Ransomware" @@ -10498,7 +11705,9 @@ "meta": { "refs": [ "https://www.bleepingcomputer.com/news/security/minecraft-and-cs-go-ransomware-strive-for-media-attention/" - ] + ], + "payement method": "Game", + "price": "Play during 5 hours" }, "uuid": "449e18b0-43d1-11e8-847e-0fed641732a1", "value": "CSGO Ransomware" @@ -10559,8 +11768,12 @@ "https://twitter.com/struppigel/status/926748937477939200", "https://twitter.com/demonslay335/status/968552114787151873", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/", - "https://twitter.com/malwrhunterteam/status/1004048636530094081" - ] + "https://twitter.com/malwrhunterteam/status/1004048636530094081", + +"https://id-ransomware.blogspot.com/2017/10/xiaoba-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1 200 yuan (180,81 $)" }, "uuid": "ef094aa6-4465-11e8-81ce-739cce28650b", "value": "XiaoBa ransomware" @@ -10580,7 +11793,9 @@ "refs": [ "https://sensorstechforum.com/nmcrypt-files-ransomware-virus-remove-restore-data/", "https://www.enigmasoftware.com/nmcryptansomware-removal/" - ] + ], + "payement method": "Bitcoin", + "price": "7000 $" }, "uuid": "bd71be69-fb8c-4b1f-9d96-993ab23d5f2b", "value": "NMCRYPT Ransomware" @@ -10593,8 +11808,12 @@ "We’re very sorry that all of your personal files have been encrypted :( But there are good news – they aren’t gone, you still have the opportunity to restore them! Statistically, the lifespan of a hard-drive is anywhere from 3 to 5 years. If you don’t make copies of important information, you could lose everything! Just imagine! In order to receive the program that will decrypt all of your files, you will need to pay a certain amount. But let’s start with something else…" ], "refs": [ - "https://bartblaze.blogspot.lu/2018/04/maktub-ransomware-possibly-rebranded-as.html" - ] + "https://bartblaze.blogspot.lu/2018/04/maktub-ransomware-possibly-rebranded-as.html", + +"http://id-ransomware.blogspot.com/2018/04/ironlocker-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.2" }, "uuid": "ba64d47c-46cd-11e8-87df-ff6252b4ea76", "value": "Iron" @@ -10608,8 +11827,12 @@ "https://pbs.twimg.com/media/DavxIr-W4AEq3Ny.jpg" ], "refs": [ - "https://twitter.com/malwrhunterteam/status/985152346773696512" - ] + "https://twitter.com/malwrhunterteam/status/985152346773696512", + +"http://id-ransomware.blogspot.com/2018/04/tron-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.007305 - 0.05" }, "uuid": "94290f1c-46ff-11e8-b9c6-ef8852c58952", "value": "Tron ransomware" @@ -10626,7 +11849,9 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/new-c-ransomware-compiles-itself-at-runtime/" - ] + ], + "payement method": "Bitcoin", + "price": "0.14" }, "uuid": "c1788ac0-4fa0-11e8-b0fd-63f5a2914926", "value": "Unnamed ramsomware 1" @@ -10639,8 +11864,12 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/ransomware-hits-hpe-ilo-remote-management-interfaces/", - "https://twitter.com/M_Shahpasandi/status/989157283799162880" - ] + "https://twitter.com/M_Shahpasandi/status/989157283799162880", + +"https://id-ransomware.blogspot.com/2018/04/hpe-ilo-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "2" }, "uuid": "39cb0268-528b-11e8-ac30-0fa44afdc8de", "value": "HPE iLO 4 Ransomware" @@ -10658,8 +11887,12 @@ "RESTORE-SIGRUN.txt" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/sigrun-ransomware-author-decrypting-russian-victims-for-free/" - ] + "https://www.bleepingcomputer.com/news/security/sigrun-ransomware-author-decrypting-russian-victims-for-free/", + +"http://id-ransomware.blogspot.com/2018/05/sigrun-ransomware.html" + ], + "payement method": "Bitcoin Email", + "price": "2500 $" }, "uuid": "5a53eec2-6993-11e8-a4d5-67480005dcbd", "value": "Sigrun Ransomware" @@ -10675,8 +11908,11 @@ ], "refs": [ "https://twitter.com/malwrhunterteam/status/1002953824590614528", - "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/" - ] + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/", + +"https://id-ransomware.blogspot.com/2018/06/crybrazil-ransomware.html" + ], + "payement method": "Website" }, "uuid": "30625df6-6e3e-11e8-b0cf-a7103cb03e05", "value": "CryBrazil" @@ -10688,8 +11924,12 @@ "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/june/8/De00yEDVQAE_p9z[1].jpg" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/ " - ] + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/ ", + +"http://id-ransomware.blogspot.com/2018/06/pedcont-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.0065 (50 $)" }, "uuid": "b0e074fc-6e45-11e8-8366-dbfc88552a23 ", "value": "Pedcont" @@ -10710,7 +11950,8 @@ ], "synonyms": [ "Scarab-DiskDoctor" - ] + ], + "payement method": "Bitcoin Email" }, "uuid": "aa66e0c2-6fb5-11e8-851d-4722b7b3e9b9", "value": "DiskDoctor" @@ -10727,8 +11968,12 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/", "https://twitter.com/JakubKroustek/status/1004463935905509376", - "https://bartblaze.blogspot.com/2018/06/redeye-ransomware-theres-more-than.html" - ] + "https://bartblaze.blogspot.com/2018/06/redeye-ransomware-theres-more-than.html", + +"https://id-ransomware.blogspot.com/2018/06/redeye-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.1" }, "uuid": "e675e8fa-7065-11e8-95e0-cfdc107099d8", "value": "RedEye" @@ -10757,11 +12002,15 @@ "https://www.spamfighter.com/News-21588-Aurora-Ransomware-Circulating-the-Cyber-Space.htm", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/", "https://twitter.com/demonslay335/status/1004435398687379456", - "https://www.bleepingcomputer.com/news/security/aurora-zorro-ransomware-actively-being-distributed/" + "https://www.bleepingcomputer.com/news/security/aurora-zorro-ransomware-actively-being-distributed/", + +"https://id-ransomware.blogspot.com/2018/05/aurora-ransomware.html" ], "synonyms": [ "Zorro Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "100 - 500" }, "uuid": "3ee0664e-706d-11e8-800d-9f690298b437", "value": "Aurora Ransomware" @@ -10772,11 +12021,15 @@ ".digiworldhack@tutanota.com" ], "ransomnotes": [ - "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/june/8/pgpsnippet-variant.jpg" + "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/june/8/pgpsnippet-variant.jpg", + +"http://id-ransomware.blogspot.com/2018/05/pgpsnippet-ransomware.html" ], "refs": [ "https://twitter.com/demonslay335/status/1005138187621191681" - ] + ], + "payement method": "Bitcoin", + "price": "500 $" }, "uuid": "682ff7ac-7073-11e8-8c8b-bf1271b8800b", "value": "PGPSnippet Ransomware" @@ -10787,8 +12040,11 @@ ".SF" ], "refs": [ - "https://twitter.com/demonslay335/status/1005136022282428419" - ] + "https://twitter.com/demonslay335/status/1005136022282428419", + +"https://id-ransomware.blogspot.com/2018/04/spartacus-ransomware.html" + ], + "payement method": "Bitcoin Email" }, "uuid": "fe42c270-7077-11e8-af82-d7bf7e6ab8a9", "value": "Spartacus Ransomware" @@ -10804,8 +12060,12 @@ ], "refs": [ "https://twitter.com/siri_urz/status/1005438610806583296", - "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-15th-2018-dbger-scarab-and-more/" - ] + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-15th-2018-dbger-scarab-and-more/", + +"http://id-ransomware.blogspot.com/2018/06/donut-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "100 $" }, "uuid": "e57e1f4a-72da-11e8-8c0d-af46e8f393d2", "value": "Donut" @@ -10815,8 +12075,12 @@ "meta": { "refs": [ "https://twitter.com/Damian1338B/status/1005411102660923392", - "https://www.bleepingcomputer.com/news/security/nemes1s-raas-is-padcrypt-ransomwares-affiliate-system/" - ] + "https://www.bleepingcomputer.com/news/security/nemes1s-raas-is-padcrypt-ransomwares-affiliate-system/", + +"https://id-ransomware.blogspot.com/2017/01/nemesis-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "10" }, "uuid": "3ac0f41e-72e0-11e8-85a8-f7ae254ab629", "value": "NemeS1S Ransomware" @@ -10832,8 +12096,11 @@ ], "refs": [ "https://twitter.com/malwrhunterteam/status/1005420103415017472", - "https://twitter.com/malwrhunterteam/status/993499349199056897" - ] + "https://twitter.com/malwrhunterteam/status/993499349199056897", + +"http://id-ransomware.blogspot.com/2017/09/paradise-ransomware.html" + ], + "payement method": "Bitcoin Email" }, "uuid": "db06d2e0-72f9-11e8-9413-73999e1a9373", "value": "Paradise Ransomware" @@ -10852,8 +12119,12 @@ "Your files were encrypted with AES-256.\n\nAsk how to restore your files by email ssananunak1987@protonmail.com\n\nUse only gmail.com, yahoo.com, protonmail.com.\nMessages written from other mail services we can not get.\n\nWe always respond to messages. If there is no answer within 24 hours, then write us with another email service.\n\n[OR]\n\nIf within 24 hours you have not received a response, you need to follow the following instructions:\n\na) Download and install TOR browser: https://www.torproject.org/download/download-easy.html.en\nb) From the TOR browser, follow the link: torbox3uiot6wchz.onion\nc) Register your e-mail (Sign Up)\nd) Write us on e-mail: ssananunak1987@torbox3uiot6wchz.onion\nATTENTION: e-mail (ssananunak1987@torbox3uiot6wchz.onion) accepts emails, only with e-mail registered in the TOR browser at torbox3uiot6wchz.onion\n\n################################\n\nAny actions on your part over encrypted files can damage them. Be sure to make backups!\n\n################################\n\nIn the message write us this ID:\n[redacted base64]" ], "refs": [ - "https://twitter.com/demonslay335/status/1006220895302705154" - ] + "https://twitter.com/demonslay335/status/1006220895302705154", + +"https://id-ransomware.blogspot.com/2018/03/b2dr-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.1 - 0.3" }, "uuid": "4a341cf4-72ff-11e8-8371-b74902a1dff3", "value": "B2DR Ransomware" @@ -10869,8 +12140,11 @@ "Hello. Your files have been encrypted.\n\nFor help, write to this e-mail: codyprince92@mail.com\nAttach to the letter 1-2 files (no more than 3 MB) and your personal key.\n\n\nIf within 24 hours you have not received a response, you need to follow the following instructions:\n\n\na) Download and install TOR browser: https://www.torproject.org/download/download-easy.html.en\nb) From the TOR browser, follow the link: torbox3uiot6wchz.onion\nc) Register your e-mail (Sign Up)\nd) Write us on e-mail: codyprince@torbox3uiot6wchz.onion\n\n\nATTENTION: e-mail (codyprince@torbox3uiot6wchz.onion) accepts emails, only with e-mail registered in the TOR browser at torbox3uiot6wchz.onion\n\n\n\nYour personal key:\n\n[redacted hex]" ], "refs": [ - "https://twitter.com/demonslay335/status/1006237353474756610" - ] + "https://twitter.com/demonslay335/status/1006237353474756610", + +"http://id-ransomware.blogspot.com/2017/05/yyto-ransomware.html" + ], + "payement method": "Email Tor" }, "uuid": "ef38d8b4-7392-11e8-ba1e-cfb37f0b9c73", "value": "YYTO Ransomware" @@ -10886,7 +12160,8 @@ ], "refs": [ "https://twitter.com/demonslay335/status/1007334654918250496" - ] + ], + "payement method": "Email" }, "uuid": "53e6e068-739c-11e8-aae4-df58f7f27ee5", "value": "Unnamed ramsomware 2" @@ -10905,8 +12180,12 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/decryptor-released-for-the-everbe-ransomware/", "https://twitter.com/malwrhunterteam/status/1065675918000234497", - "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/" - ] + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/", + +"http://id-ransomware.blogspot.com/2018/03/everbe-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "3003 $" }, "uuid": "9d09ac4a-73a0-11e8-b71c-63b86eedf9a2", "value": "Everbe Ransomware" @@ -10915,7 +12194,8 @@ "meta": { "refs": [ "https://www.johannesbader.ch/2015/03/the-dga-of-dircrypt/" - ] + ], + "payement method": "Bitcoin" }, "related": [ { @@ -10938,11 +12218,16 @@ "ransomnotes": [ "_How_to_decrypt_files.txt", "Some files have been encrypted\nPlease send ( 1 ) bitcoins to my wallet address\nIf you paid, send the machine code to my email\nI will give you the key\nIf there is no payment within three days,\nwe will no longer support decryption\nIf you exceed the payment time, your data will be open to the public download\nWe support decrypting the test file.\nSend three small than 3 MB files to the email address\n\nBTC Wallet : [redacted]\nEmail: dbger@protonmail.com\nYour HardwareID:", - "https://www.bleepstatic.com/images/news/u/986406/Ransomware/DBGer/DBGer-ransom-note.png" + "https: +//www.bleepstatic.com/images/news/u/986406/Ransomware/DBGer/DBGer-ransom-note.png" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/dbger-ransomware-uses-eternalblue-and-mimikatz-to-spread-across-networks/" - ] + "https://www.bleepingcomputer.com/news/security/dbger-ransomware-uses-eternalblue-and-mimikatz-to-spread-across-networks/", + +"http://id-ransomware.blogspot.com/2018/06/dbger-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "541a479c-73a5-11e8-9d70-47736508231f", "value": "DBGer Ransomware" @@ -10951,8 +12236,12 @@ "description": "Hidden Tear variant discovered in October 2016. After activation, provides victims with an unlimited amount of time to gather the requested ransom money and pay it. Related unlock keys and the response sent to and from a Gmail addres", "meta": { "refs": [ - "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf" - ] + "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf", + +"https://id-ransomware.blogspot.com/2017/11/rastakhiz-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "250 $" }, "uuid": "884eaa14-9ba8-11e8-a6ec-7f903f720e60", "value": "RASTAKHIZ" @@ -10961,11 +12250,15 @@ "description": "DUMB variant discovered on November 16, 2017. Disguised itself as a popular virtual private network (VPN) in Iran known as Psiphon and infected Iranian users. Included Farsi-language ransom note, decryptable in the same way as previous DUMB-based variants. Message requested only US$15 for unlock key. Advertised two local and Iran-based payment processors: exchange.ir and webmoney.ir.Shared unique and specialized indicators with RASTAKHIZ; iDefense threat intelligence analysts believe this similarity confirms that the same actor was behind the repurposing of both types of ransomware.", "meta": { "refs": [ - "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf" + "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf", + +"http://id-ransomware.blogspot.com/2017/10/tyrant-ransomware.html" ], "synonyms": [ "Crypto Tyrant" - ] + ], + "payement method": "Bitcoin", + "price": "15 $" }, "uuid": "701f2a3e-9baa-11e8-a044-4b8bc49ea971", "value": "TYRANT" @@ -10974,8 +12267,12 @@ "description": "zCrypt variant discovered on November 17, 2017, one day after the discovery of TYRANT. Used Farsi-language ransom note asking for a staggering 20 Bitcoin ransom payment. Also advertised local Iran-based payment processors and exchanges—www.exchangeing[.]ir, www.payment24[.]ir, www.farhadexchange.net, and www.digiarz.com)—through which Bitcoins could be acquired.", "meta": { "refs": [ - "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf" - ] + "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf", + +"https://id-ransomware.blogspot.com/2017/11/wannasmile-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "20" }, "uuid": "b3f04486-9bc4-11e8-bbfe-cf096483b45e", "value": "WannaSmile" @@ -10985,7 +12282,8 @@ "meta": { "refs": [ "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf" - ] + ], + "payement method": "Email" }, "uuid": "b48a7d62-9bc4-11e8-a7c5-47d13fad265f", "value": "Unnamed Android Ransomware" @@ -11001,11 +12299,14 @@ "Attention!\n\nAll your files, documents, photos, databases and other important files are encrypted and have the extension: .KEYPASS\n\nThe only method of recovering files is to purchase an decrypt software and unique private key.\n\nAfter purchase you will start decrypt software, enter your unique private key and it will decrypt all your data.\n\nOnly we can give you this key and only we can recover your files.\n\nYou need to contact us by e-mail keypass@bitmessage.ch send us your personal ID and wait for further instructions.\n\nFor you to be sure, that we can decrypt your files - you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.\n\nPrice for decryption $300.\n\nThis price avaliable if you contact us first 72 hours.\n\nE-mail address to contact us:\n\nkeypass@bitmessage.ch\n\n\n\nReserve e-mail address to contact us:\n\nkeypass@india.com\n\n\n\nYour personal id:\n[id]" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/new-keypass-ransomware-campaign-underway/" + "https://www.bleepingcomputer.com/news/security/new-keypass-ransomware-campaign-underway/", + "https://www.kaspersky.com/blog/keypass-ransomware/23447/" ], "synonyms": [ "KeyPass" - ] + ], + "payement method": "Bitcoin", + "price": "300 $" }, "uuid": "22b4070e-9efe-11e8-b617-ab269f54596c", "value": "KEYPASS" @@ -11026,8 +12327,12 @@ "refs": [ "https://twitter.com/Emm_ADC_Soft/status/1064459080016760833", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/", - "https://twitter.com/MarceloRivero/status/1065694365056679936" - ] + "https://twitter.com/MarceloRivero/status/1065694365056679936", + +"http://id-ransomware.blogspot.com/2017/12/stop-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "200 - 600 $" }, "uuid": "c76c4d24-9f99-11e8-808d-a7f1c66a53c5", "value": "STOP Ransomware" @@ -11041,11 +12346,14 @@ ], "refs": [ "https://twitter.com/malwrhunterteam/status/1032242391665790981", - "https://www.bleepingcomputer.com/news/security/barack-obamas-blackmail-virus-ransomware-only-encrypts-exe-files/" + "https://www.bleepingcomputer.com/news/security/barack-obamas-blackmail-virus-ransomware-only-encrypts-exe-files/", + +"https://id-ransomware.blogspot.com/2018/08/barack-obamas-ransomware.html" ], "synonyms": [ "Barack Obama's Blackmail Virus Ransomware" - ] + ], + "payement method": "Bitcoin" }, "uuid": "1a98f5ca-b024-11e8-b828-1fb7dbd6619e", "value": "Barack Obama's Everlasting Blue Blackmail Virus Ransomware" @@ -11063,8 +12371,12 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/cryptonar-ransomware-discovered-and-quickly-decrypted/", - "https://twitter.com/malwrhunterteam/status/1034492151541977088" - ] + "https://twitter.com/malwrhunterteam/status/1034492151541977088", + +"https://id-ransomware.blogspot.com/2018/08/cryptonar-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "200 $" }, "related": [ { @@ -11086,8 +12398,11 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-31st-2018-devs-on-vacation/", - "https://twitter.com/JakubKroustek/status/1033656080839139333" - ] + "https://twitter.com/JakubKroustek/status/1033656080839139333", + +"https://id-ransomware.blogspot.com/2018/08/creampie-ransomware.html" + ], + "payement method": "Bitcoin" }, "uuid": "1b5a756e-b034-11e8-9e7d-c3271796acab", "value": "CreamPie Ransomware" @@ -11117,7 +12432,11 @@ "refs": [ "https://twitter.com/demonslay335/status/1034213399922524160", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-31st-2018-devs-on-vacation/" - ] + +"https://id-ransomware.blogspot.com/2018/08/cassetto-ransomware.html" + ], + "payement method": "Bitcoin", + "price": "0.5" }, "uuid": "7d3287f0-b03d-11e8-b1ef-23485f43e7f9", "value": "Cassetto Ransomware" @@ -11134,7 +12453,9 @@ ], "synonyms": [ "Acroware Screenlocker" - ] + ], + "payement method": "Bitcoin", + "price": "80 $" }, "uuid": "f1b76b66-b044-11e8-8ae7-cbe7e28dd584", "value": "Acroware Cryptolocker Ransomware" @@ -11151,7 +12472,9 @@ "refs": [ "https://twitter.com/B_H101/status/1034379267956715520", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-31st-2018-devs-on-vacation/" - ] + ], + "payement method": "Bitcoin", + "price": "100 - 500 $" }, "uuid": "a8a772b4-b04d-11e8-ad94-ab9124dff412", "value": "Termite Ransomware" @@ -11172,7 +12495,9 @@ ], "synonyms": [ "Pico Ransomware" - ] + ], + "payement method": "Bitcoin", + "price": "100 $" }, "uuid": "5d0c28f6-b050-11e8-95a8-7b8e480b9bd2", "value": "PICO Ransomware" @@ -11188,7 +12513,9 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/sigma-ransomware-being-distributed-using-fake-craigslist-malspam/" - ] + ], + "payement method": "Bitcoin", + "price": "400 $" }, "uuid": "df025902-b29e-11e8-a2ab-739167419c52", "value": "Sigma Ransomware" @@ -11205,7 +12532,9 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/mongo-lock-attack-ransoming-deleted-mongodb-databases/" - ] + ], + "payement method": "Bitcoin", + "price": "0.1" }, "uuid": "2aa481fe-c254-11e8-ad1c-efee78419960", "value": "Mongo Lock" @@ -11221,7 +12550,9 @@ "https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/", "https://twitter.com/MarceloRivero/status/1059575186117328898", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-9th-2018-mostly-dharma-variants/" - ] + ], + "payement method": "Dollars", + "price": "80" }, "uuid": "c49f88f6-c87d-11e8-b005-d76e8162ced5", "value": "Kraken Cryptor Ransomware" @@ -11237,7 +12568,8 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/fallout-exploit-kit-pushing-the-savefiles-ransomware/" - ] + ], + "payement method": "Email" }, "uuid": "76bfb132-cc70-11e8-8623-bb3f209be6c9", "value": "SAVEfiles" @@ -11255,7 +12587,9 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/file-locker-ransomware-targets-korean-victims-and-asks-for-50k-won/" - ] + ], + "payement method": "Won", + "price": "50 000 (50 $)" }, "uuid": "c06a1938-dcee-11e8-bc74-474b0080f0e5", "value": "File-Locker" @@ -11273,7 +12607,9 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/commonransom-ransomware-demands-rdp-access-to-decrypt-files/" - ] + ], + "payement method": "Bitcoin", + "price": "0.1" }, "uuid": "c0dffb94-dcee-11e8-81b9-3791d1c6638f", "value": "CommonRansom" @@ -11288,7 +12624,8 @@ "synonyms": [ "Godsomware v1.0", "Ransomware God Crypt" - ] + ], + "payement method": "Bitcoin Website" }, "uuid": "7074f228-e0ee-11e8-9c49-7fc798e92ddbx§", "value": "God Crypt Joke Ransomware" @@ -11306,7 +12643,8 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-12th-2018-notpetya-gandcrab-and-more/", "https://twitter.com/demonslay335/status/1049325784979132417" - ] + ], + "payement method": "Email" }, "uuid": "a920dea5-9f30-4fa2-9665-63f306874381", "value": "DecryptFox Ransomware" @@ -11321,8 +12659,11 @@ "#RECOVERY_FILES#.txt" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-12th-2018-notpetya-gandcrab-and-more/" - ] + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-12th-2018-notpetya-gandcrab-and-more/", + "https://www.bleepingcomputer.com/news/security/ransomware-pretends-to-be-proton-security-team-securing-data-from-hackers/" + ], + "payement method": "Bitcoin", + "price": "780 $" }, "uuid": "f251740b-1594-460a-a378-371f3a2ae92c", "value": "garrantydecrypt" @@ -11339,7 +12680,9 @@ "refs": [ "https://twitter.com/siri_urz/status/1039077365039673344", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-14th-2018-kraken-dharma-and-matrix/" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "ea643bfd-613e-44d7-9408-4991d53e08fa", "value": "MVP Ransomware" @@ -11354,7 +12697,9 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-14th-2018-kraken-dharma-and-matrix/", "" - ] + ], + "payement method": "Bitcoin", + "price": "0.8" }, "uuid": "3675e50d-3f76-45f8-b3f3-4a645779e14d", "value": "StorageCrypter" @@ -11368,7 +12713,8 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-14th-2018-kraken-dharma-and-matrix/", "https://twitter.com/GrujaRS/status/1040677247735279616" - ] + ], + "payement method": "Email" }, "uuid": "e90a57b5-cd17-4dce-b83f-d007053c7b35", "value": "Rektware" @@ -11388,7 +12734,9 @@ "synonyms": [ "M@r1a", "BlackHeart" - ] + ], + "payement method": "Bitcoin", + "price": "0.002 (50 $)" }, "uuid": "1009b7f3-e737-49fd-a872-1e0fd1df4c00", "value": "M@r1a ransomware" @@ -11405,7 +12753,9 @@ "refs": [ "https://twitter.com/demonslay335/status/1059470985055875074", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-9th-2018-mostly-dharma-variants/" - ] + ], + "payement method": "Bitcoin", + "price": "25 000 sek (sweden)" }, "uuid": "ad600737-6d5f-4771-ae80-3e434e29c749", "value": "\"prepending (enc) ransomware\" (Not an official name)" @@ -11422,7 +12772,9 @@ ], "refs": [ "https://twitter.com/demonslay335/status/1060921043957755904" - ] + ], + "payement method": "Bitcoin", + "price": "300 $" }, "uuid": "f7fa6978-c932-4e62-b4fc-3fbbbc195602", "value": "PyCL Ransomware" @@ -11439,7 +12791,8 @@ "refs": [ "https://twitter.com/malwrhunterteam/status/1063769884608348160", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/" - ] + ], + "payement method": "Email" }, "uuid": "f53205a0-7a8f-41d1-a427-bf3ab9bd77bb", "value": "Vapor Ransomware" @@ -11456,7 +12809,9 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/", "https://twitter.com/GrujaRS/status/1063930127610986496" - ] + ], + "payement method": "Bitcoin", + "price": "0.00000001" }, "uuid": "677aeb47-587d-40a4-80b7-22672ba1160c", "value": "EnyBenyHorsuke Ransomware" @@ -11479,7 +12834,9 @@ ], "synonyms": [ "DelphiMorix" - ] + ], + "payement method": "Bitcoin", + "price": "999999.5" }, "uuid": "7f82fb04-1bd2-40a1-9baa-895b53c6f7d4", "value": "DeLpHiMoRix" @@ -11499,7 +12856,9 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-30th-2018-indictments-sanctions-and-more/", "https://twitter.com/GrujaRS/status/1066799421080461312", "https://www.youtube.com/watch?v=_aaFon7FVbc" - ] + ], + "payement method": "Bitcoin", + "price": "0.00000001" }, "uuid": "950d5501-b5eb-4f53-b33d-76e789912c16", "value": "EnyBeny Nuclear Ransomware" @@ -11517,7 +12876,9 @@ "refs": [ "https://twitter.com/demonslay335/status/1067109661076262913", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-30th-2018-indictments-sanctions-and-more/" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "a8eb9743-dfb6-4e13-a95e-e68153df94e9", "value": "Lucky Ransomware" @@ -11531,7 +12892,9 @@ ], "synonyms": [ "UNNAMED1989" - ] + ], + "payement method": "Yuan", + "price": "110 (16 $)" }, "uuid": "b2aa807d-98fa-48e4-927b-4e81a50736e5", "value": "WeChat Ransom" @@ -11549,7 +12912,8 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-7th-2018-wechat-ransomware-scammers-and-more/", "https://www.youtube.com/watch?v=QevoUzbqNTQ", "https://twitter.com/GrujaRS/status/1070011234521673728" - ] + ], + "payement method": "Politic" }, "uuid": "3ade75c8-6ef7-4c54-84d0-cab0161d3415", "value": "IsraBye" @@ -11566,16 +12930,17 @@ "https://twitter.com/struppigel/status/1069905624954269696", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-7th-2018-wechat-ransomware-scammers-and-more/" ], - "related": [ - { - "dest-uuid": "c71819a4-f6ce-4265-b0cd-24a98d84321c", - "tags": [ - "estimative-language:likelihood-probability=\"likely\"" - ], - "type": "similar" - } - ] + "payement method": "Bitcoin Website" }, + "related": [ + { + "dest-uuid": "c71819a4-f6ce-4265-b0cd-24a98d84321c", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], "uuid": "d3337bec-fd4e-11e8-a3ad-e799cc59c59c", "value": "Dablio Ransomware" }, @@ -11595,7 +12960,8 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-7th-2018-wechat-ransomware-scammers-and-more/", "https://twitter.com/petrovic082/status/1071003939015925760", "https://twitter.com/Emm_ADC_Soft/status/1071716275590782976" - ] + ], + "payement method": "Email" }, "uuid": "3bcc725f-6b89-4350-ad79-f50daa30f74e", "value": "Gerber Ransomware 1.0" @@ -11616,7 +12982,9 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-7th-2018-wechat-ransomware-scammers-and-more/", "https://twitter.com/GrujaRS/status/1071153192975642630", "https://www.youtube.com/watch?v=iB019lDvArs" - ] + ], + "payement method": "Bitcoin", + "price": "900 $" }, "uuid": "9ebfa028-a9dd-46ec-a915-1045fb297824", "value": "Outsider" @@ -11627,7 +12995,9 @@ "refs": [ "https://twitter.com/demonslay335/status/1071123090564923393", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-7th-2018-wechat-ransomware-scammers-and-more/" - ] + ], + "payement method": "Bitcoin", + "price": "0.3" }, "uuid": "23fcbbf1-93ee-4baf-9082-67ca26553643", "value": "JungleSec" @@ -11646,7 +13016,9 @@ "https://twitter.com/GrujaRS/status/1071349228172124160", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-14th-2018-slow-week/", "https://www.youtube.com/watch?v=uHYY6XZZEw4" - ] + ], + "payement method": "Bitcoin", + "price": "1" }, "uuid": "edd4c8d0-d971-40a6-b7c6-5c57a4b51e48", "value": "EQ Ransomware" @@ -11663,7 +13035,8 @@ ], "refs": [ "https://twitter.com/demonslay335/status/1072164314608480257" - ] + ], + "payement method": "Email" }, "uuid": "968cf828-0653-4d86-a01d-186db598f391", "value": "Mercury Ransomware" @@ -11679,7 +13052,8 @@ ], "refs": [ "https://twitter.com/GrujaRS/status/1072468548977680385" - ] + ], + "payement method": "Email" }, "uuid": "ea390fa7-94ac-4287-8a2d-c211330671b0", "value": "Forma Ransomware" @@ -11695,11 +13069,88 @@ ], "refs": [ "https://twitter.com/demonslay335/status/1072907748155842565" - ] + ], + "payement method": "Email" }, "uuid": "e37ddc9e-8ceb-4817-a17e-755aa379ed14", "value": "Djvu" + }, + { + "description": "Similar to Samas and BitPaymer, Ryuk is specifically used to target enterprise environments. Code comparison between versions of Ryuk and Hermes ransomware indicates that Ryuk was derived from the Hermes source code and has been under steady development since its release. Hermes is commodity ransomware that has been observed for sale on forums and used by multiple threat actors. However, Ryuk is only used by GRIM SPIDER and, unlike Hermes, Ryuk has only been used to target enterprise environments. Since Ryuk’s appearance in August, the threat actors operating it have netted over 705.80 BTC across 52 transactions for a total current value of $3,701,893.98 USD.", + "meta": { + "ransomnotes-filenames": [ + "RyukReadMe.txt" + ], + "ransomnotes-refs": [ + "https://www.crowdstrike.com/blog/wp-content/uploads/2019/01/RansomeNote-fig3.png", + "https://www.crowdstrike.com/blog/wp-content/uploads/2019/01/RansomeNote-fig4.png" + ], + "refs": [ + "https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/" + ], + "payement method": "Bitcoin", + "price": "13.57" + }, + "uuid": "f9464c80-b776-4f37-8682-ffde0cf8f718", + "value": "Ryuk ransomware" + }, + { + "description": "In August 2017, a new ransomware variant identified as BitPaymer was reported to have ransomed the U.K.’s National Health Service (NHS), with a high ransom demand of 53 BTC (approximately $200,000 USD). The targeting of an organization rather than individuals, and the high ransom demands, made BitPaymer stand out from other contemporary ransomware at the time. Though the encryption and ransom functionality of BitPaymer was not technically sophisticated, the malware contained multiple anti-analysis features that overlapped with Dridex. Later technical analysis of BitPaymer indicated that it had been developed by INDRIK SPIDER, suggesting the group had expanded its criminal operation to include ransomware as a monetization strategy.", + "meta": { + "refs": [ + "https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/" + ], + "payement method": "Bitcoin Email" + }, + "uuid": "09fa0e0a-f0b2-46ea-8477-653e627b1c22", + "value": "BitPaymer" + }, + { + "meta": { + "extensions": [ + ".locked" + ], + "ransomnotes-filenames": [ + "README-NOW.txt" + ], + "ransomnotes-refs": [ + "https://www.bleepstatic.com/images/news/u/1100723/Ransomware/LockerGoga-ransom-note.png" + ], + "refs": [ + "https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-allegedly-used-in-altran-attack/" + ], + "payement method": "Email" + }, + "uuid": "1e19dae5-80c3-4358-abcd-2bf0ba4c76fe", + "value": "LockerGoga" + }, + { + "description": "We have been observing a malvertising campaign via Rig exploit kit delivering a cryptocurrency-mining malware and the GandCrab ransomware since July 25. On August 1, we found Rig’s traffic stream dropping a then-unknown ransomware. Delving into this seemingly new ransomware, we checked its ransom payment page in the Tor network and saw it was called Princess Evolution (detected by Trend Micro as RANSOM_PRINCESSLOCKER.B), and was actually a new version of the Princess Locker ransomware that emerged in 2016. Based on its recent advertisement in underground forums, it appears that its operators are peddling Princess Evolution as a ransomware as a service (RaaS) and are looking for affiliates.\nThe new malvertising campaign we observed since July 25 is notable in that the malvertisements included Coinhive (COINMINER_MALXMR.TIDBF). Even if users aren’t diverted to the exploit kit and infected with the ransomware, the cybercriminals can still earn illicit profit through cryptocurrency mining. Another characteristic of this new campaign is that they hosted their malvertisement page on a free web hosting service and used domain name system canonical name (DNS CNAME) to map their advertisement domain on a malicious webpage on the service.", + "meta": { + "refs": [ + "https://blog.trendmicro.com/trendlabs-security-intelligence/ransomware-as-a-service-princess-evolution-looking-for-affiliates/" + ], + "payement method": "Bitcoin", + "price": "0.12 (773 $)" + }, + "uuid": "53da7991-62b7-4fe2-af02-447a0734f41d", + "value": "Princess Evolution" + }, + { + "description": "A new Ransomware-as-a-Service called Jokeroo is being promoted on underground hacking sites and via Twitter that allows affiliates to allegedly gain access to a fully functional ransomware and payment server.\nAccording to a malware researcher named Damian, the Jokeroo RaaS first started promoting itself as a GandCrab Ransomware RaaS on the underground hacking forum Exploit.in. ", + "meta": { + "refs": [ + "https://www.bleepingcomputer.com/news/security/jokeroo-ransomware-as-a-service-offers-multiple-membership-packages/" + ], + "synonyms": [ + "Fake GandCrab" + ], + "payement method": "Bitcoin", + "price": "0.0077" + }, + "uuid": "8cfa694b-3e6b-410a-828f-037d981870b2", + "value": "Jokeroo" } ], - "version": 48 + "version": 54 }