From 24c6c51e4d23e0ea61bde9fa63aaad691beeaa70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?D=C3=A9borah=20Servili?= Date: Tue, 2 May 2017 14:16:21 +0200 Subject: [PATCH] reformat ransomware galaxy - including http://pastebin.com/raw/GHgpWjar --- clusters/ransomware.json | 2279 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 2214 insertions(+), 65 deletions(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index edcee136..f5529772 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -1487,7 +1487,7 @@ }, { "value": "Evil Ransomware or File0Locked KZ Ransomware", - "description": "", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Domain KZ is used, therefore it is assumed that the decrypter is from Kazakhstan.", "meta": { "date": "January 2017", "extensions": [ @@ -1495,22 +1495,875 @@ ], "encryption": "AES", "ransomnotes": [ - "" + "HOW_TO_DECRYPT_YOUR_FILES.TXT", + "HOW_TO_DECRYPT_YOUR_FILES.HTML", + "https://3.bp.blogspot.com/-0NFy_yDghZ0/WHO_ClbPdMI/AAAAAAAADCQ/RX2cgYg3z381gro6UUQtAED7JgXHbvGLgCLcB/s1600/note-txt_2.png", + "https://4.bp.blogspot.com/-xxJ9xdRuWis/WHO_FL-hWcI/AAAAAAAADCU/VqI02AhzopQY1WKk-k6QYSdHFWFzg1NcACLcB/s1600/note_2.png" ], "refs": [ - "" + "https://id-ransomware.blogspot.co.il/2017/01/evil-ransomware.html", + "http://www.enigmasoftware.com/evilransomware-removal/", + "http://usproins.com/evil-ransomware-is-lurking/" ] } }, { - "value": "", - "description": "", + "value": "Ocelot Ransomware or Ocelot Locker Ransomware (FAKE RANSOMWARE)", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. This is a fake ransomware. Your files are not really encrypted, however the attacker does ask for a ransom of .03 bitcoins. It is still dangerous even though it is fake, he still go through to your computer.", "meta": { - "date": "", - "extensions": [ - "" + "date": "January 2017", + "ransomnotes": [ + "https://1.bp.blogspot.com/-3iMAtqvAmts/WHEyA_dW5OI/AAAAAAAADAY/tE5FtaVMJcc3aQQvWI4XOdjtvbXufFgywCLcB/s1600/lock1.jpg", + "https://3.bp.blogspot.com/-DMxJm5GT0VY/WHEyEOi_vZI/AAAAAAAADAc/6Zi3IBuBz1I7jdQHcSrzhUGagGCUfs6iACLcB/s1600/lock2.jpg" ], - "encryption": "", + "refs": [ + "https://id-ransomware.blogspot.co.il/2017/01/ocelot-ransomware.html" + ] + } + }, + { + "value": "SkyName Ransomware or Blablabla Ransomware", + "description": "It’s directed to Czechoslovakianspeaking users. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "January 2017", + "encryption": "AES", + "ransomnotes": [ + "INFOK1.txt", + "https://1.bp.blogspot.com/-i4ksJq-UzX8/WHFFXQL5wAI/AAAAAAAADA8/awfsqj1lr7IMBAPtE0tB44PNf1N6zkGDwCLcB/s1600/note_2.png", + "https://1.bp.blogspot.com/-OlKgHvtAUHg/WHFDCx4thaI/AAAAAAAADAw/wzBXV17Xh-saaFGlrxw3CDNhGSTaVe2dQCLcB/s1600/lock1.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2017/01/skyname-ransomware.html" + ] + } + }, + { + "value": "MafiaWare Ransomware or Depsex Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Ransom is 155$ inbitcoins. Creator of ransomware is called Mafia.", + "meta": { + "date": "January 2017", + "extensions": [ + ".locked-by-mafia" + ], + "encryption": "AES", + "ransomnotes": [ + "https://2.bp.blogspot.com/-BclLp7x1sUM/WG6acqtDBbI/AAAAAAAAC_I/ToVEXx-G2DcKD4d7TZ0RkVqA1wRicxnZQCLcB/s1600/note_2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2017/01/mafiaware.html", + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-6th-2017-fsociety-mongodb-pseudo-darkleech-and-more/" + ] + } + }, + { + "value": "Globe3 Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Ransom is 3 bitcoins.", + "meta": { + "date": "January 2017", + "extensions": [ + ".decrypt2017", + ".hnumkhotep", + ".badnews", + ".globe" + ], + "encryption": "AES-256+RSA", + "ransomnotes": [ + "How To Recover Encrypted Files.hta", + "https://2.bp.blogspot.com/-Wk1_IdcEHbk/WG6FVnoaKlI/AAAAAAAAC-4/WeHzJAUJ0goxxuAoGUUebSgzGHrnD6LQQCLcB/s1600/Globe-ransom-note_2.png.png", + "https://3.bp.blogspot.com/-lYkopoRH0wQ/WHOt1KhhzhI/AAAAAAAADCA/nPdhHK3wEucAK1GHodeh5w3HcpdugzSHwCLcB/s1600/globe3-9-1-17.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2017/01/globe3-ransomware.html", + "https://www.bleepingcomputer.com/forums/t/624518/globe-ransomware-help-and-support-purge-extension-how-to-restore-fileshta/", + "https://www.bleepingcomputer.com/news/security/the-globe-ransomware-wants-to-purge-your-files/", + "https://decryptors.blogspot.co.il/2017/01/globe3-decrypter.html" + ] + } + }, + { + "value": "BleedGreen Ransomware or FireCrypt Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Ransom is 500$ in bitcoins. Requires .NET Framework 4.0. Gets into your startup system and sends you notes like the one below: https://4.bp.blogspot.com/-xrr6aoB_giw/WG1UrGpmZJI/AAAAAAAAC-Q/KtKdQP6iLY4LHaHgudF5dKs6i1JHQOBmgCLcB/s1600/green1.jpg", + "meta": { + "date": "January 2017", + "extensions": [ + ".firecrypt" + ], + "encryption": "AES-256", + "ransomnotes": [ + "https://3.bp.blogspot.com/-np8abNpYeoU/WG1KX4_H0yI/AAAAAAAAC98/gxRJeDb01So5yTboXYP7sZWurJFBbWziACLcB/s1600/note-html.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2017/01/bleedgreen-ransomware.html", + "https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/" + ] + } + }, + { + "value": "BTCamant Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Original name is Mission 1996 or Mission: “Impossible” (1996) (like the movie)", + "meta": { + "date": "December 2016", + "extensions": [ + ".BTC" + ], + "encryption": "AES", + "ransomnotes": [ + "BTC_DECRYPT_FILES.txt", + "BTC_DECRYPT_FILES.html", + "https://2.bp.blogspot.com/-uiHluU553MU/WGzoFpEWkfI/AAAAAAAAC9o/M34ndwHUsoEfZiLJv9j4PCgBImS8oyYaACLcB/s1600/note_2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2017/01/btcamant.html" + ] + } + }, + { + "value": "X3M Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. It is also possible to break in using RDP Windows with the help of Pass-the-Hash system, PuTTY, mRemoteNG, TightVNC, Chrome Remote Desktop, modified version of TeamViewer, AnyDesk, AmmyyAdmin, LiteManager, Radmin and others. Ransom is 700$ in Bitcoins.", + "meta": { + "date": "January 2017", + "extensions": [ + "_x3m", + "_r9oj", + "_locked" + ], + "encryption": "AES", + "ransomnotes": [ + "https://4.bp.blogspot.com/-hMAakgAORvg/WG_i-lk09II/AAAAAAAADAI/Uq2iCHC5ngYzeVcuxQF0mcbrLqyOGcA_wCLcB/s1600/note.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2017/01/x3m-ransomware.html" + ] + } + }, + { + "value": "GOG Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "December 2016", + "extensions": [ + ".LOCKED" + ], + "encryption": "AES", + "ransomnotes": [ + "DecryptFile.txt", + "https://4.bp.blogspot.com/-cAnilnXjK7k/WG_OHhC_UdI/AAAAAAAAC_4/sdbzTx9hP4sryM7xE59ONdk7Zr8D_m6XwCLcB/s1600/note-txt_2.png", + "https://1.bp.blogspot.com/-TDK91s7FmNM/WGpcwq5HmwI/AAAAAAAAC8Q/i0Q66vE7m-0kmrKPXWdwnYQg6Eaw2KSDwCLcB/s1600/note-pay_2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2017/01/gog-ransomware.html" + ] + } + }, + { + "value": "EdgeLocker", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Ransom is 0.1 Bitcoins. Original name is TrojanRansom.", + "meta": { + "date": "December 2016", + "extensions": [ + ".edgel" + ], + "encryption": "AES", + "ransomnotes": [ + "https://3.bp.blogspot.com/-dNBgohC1UYg/WGnXhem546I/AAAAAAAAC7w/Wv0Jy4173xsBJDZPLMxe6lXBgI5BkY4BgCLcB/s1600/note-lock.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2017/01/edgelocker-ransomware.html" + ] + } + }, + { + "value": "Red Alert", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Fake name: Microsoft Corporation", + "meta": { + "date": "December 2016", + "extensions": [ + ".locked" + ], + "encryption": "AES", + "ransomnotes": [ + "MESSAGE.txt", + "https://1.bp.blogspot.com/-tDS74fDwB1Q/WGk2D5DcUYI/AAAAAAAAC6s/vahju5JD9B4chwnNDUvDPp4ejZOxnj_awCLcB/s1600/note-wallp.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2017/01/red-alert-ransomware.html" + ] + } + }, + { + "value": "First", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "December 2016", + "extensions": [ + ".locked" + ], + "encryption": "AES", + "ransomnotes": [ + "https://2.bp.blogspot.com/-T0PhVuoFSyA/WGk5mYkRFAI/AAAAAAAAC64/j14Pt84YUmQMNa_5LSEn6fZ5CoYqz60swCLcB/s1600/note-lock.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2017/01/first-ransomware.html" + ] + } + }, + { + "value": "XCrypt Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Written on Delphi. The user requests the victim to get in touch with him through ICQ to get the ransom and return the files.", + "meta": { + "date": "January 2017", + "encryption": "Twofish", + "ransomnotes": [ + "https://4.bp.blogspot.com/-XZNMg5P75r4/WI985j-EKHI/AAAAAAAADcw/jGdtXoq2pnwjlAbFAJia4UsXuJrV5AU3gCLcB/s1600/note.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2017/01/xcrypt-ransomware.html" + ] + } + }, + { + "value": "7Zipper Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "January 2017", + "extensions": [ + ".7zipper" + ], + "encryption": "Twofish", + "ransomnotes": [ + "https://3.bp.blogspot.com/-BR0DvtIft7g/WI95IF7IdUI/AAAAAAAADck/gzWAMbpFvaYicHFuMzvlM3YGJpgulMQBQCLcB/s1600/note_2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2017/01/7zipper-ransomware.html", + "https://1.bp.blogspot.com/-ClM0LCPjQuk/WI-BgHTpdNI/AAAAAAAADc8/JyEQ8-pcJmsXIntuP-MMdE-pohVncxTXQCLcB/s1600/7-zip-logo.png" + ] + } + }, + { + "value": "Zyka Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Ransom is 170$ or EUR in Bitcoins.", + "meta": { + "date": "January 2017", + "extensions": [ + ".lock" + ], + "encryption": "AES", + "ransomnotes": [ + "https://3.bp.blogspot.com/-SF4RsOANlI0/WJBQd4SJv6I/AAAAAAAADdY/hI-Ncw9FoFMi5jvljUftpzTgdykOfR3vgCLcB/s1600/lock-wallp_2.png.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2017/01/zyka-ransomware.html", + "https://www.pcrisk.com/removal-guides/10899-zyka-ransomware" + ] + } + }, + { + "value": "SureRansom Ransomeware (Fake)", + "description": "It’s directed to English speaking users, therefore is able to strike worldwide. This ransomware does not really encrypt your files. Ransom requested is £50 using credit card.", + "meta": { + "date": "January 2017", + "encryption": "AES-256 (fake)", + "ransomnotes": [ + "https://1.bp.blogspot.com/-zShnOIf3R_E/WJBfhC4CdSI/AAAAAAAADdo/6l4hwSOmI0Evj4W0Esj1S_uNOy5Yq6X0QCLcB/s1600/note1-2-3.gif" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2017/01/sureransom-ransomware.html", + "http://www.forbes.com/sites/leemathews/2017/01/27/fake-ransomware-is-tricking-people-into-paying/#777faed0381c" + ] + } + }, + { + "value": "Netflix Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. This ransomware uses the known online library as a decoy. It poses as Netflix Code generator for Netflix login, but instead encrypts your files. The ransom is 100$ in Bitcoins.", + "meta": { + "date": "January 2017", + "extensions": [ + ".se" + ], + "encryption": "AES-256", + "ransomnotes": [ + "https://3.bp.blogspot.com/-vODt2aB9Hck/WJCFc3g5eCI/AAAAAAAADe8/OrEVkqUHMU4swRWedoZuBu50AWoKR1FGACLcB/s1600/netflix-note.jpg", + "https://4.bp.blogspot.com/-Cw4e1drBKl4/WJCHmgp1vtI/AAAAAAAADfI/QqFxUsuad" + ], + "refs": [ + " Sources and more info: + https://id-ransomware.blogspot.co.il/2017/01/netflix-ransomware.html", + "http://blog.trendmicro.com/trendlabs-security-intelligence/netflix-scam-delivers-ransomware/", + "https://www.bleepingcomputer.com/news/security/rogue-netflix-app-spreads-netix-ransomware-that-targets-windows-7-and-10-users/", + "http://www.darkreading.com/attacks-breaches/netflix-scam-spreads-ransomware/d/d-id/1328012", + "https://4.bp.blogspot.com/-bQQ4DTIClvA/WJCIh6Uq2nI/AAAAAAAADfY/hB5HcjuGgh8rRJKeLHo__IRz3Ezth22-wCEw/s1600/form1.jpg", + "https://4.bp.blogspot.com/-ZnWdPDprJOg/WJCPeCtP4HI/AAAAAAAADfw/kR0ifI1naSwTAwSuOPiw8ZCPr0tSIz1CgCLcB/s1600/netflix-akk.png" + ] + } + }, + { + "value": "CryptoShield 1.0 Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. CryptoShield 1.0 is a ransomware from the CryptoMixfamily.", + "meta": { + "date": "January 2017", + "extensions": [ + ".CRYPTOSHIELD (The name is first changed using ROT-13, and after a new extension is added.)" + ], + "encryption": "AES-256", + "ransomnotes": [ + "# RESTORING FILES #.txt", + "# RESTORING FILES #.html", + "https://2.bp.blogspot.com/-A-N9zQgZrhE/WJHAHzuitvI/AAAAAAAADhI/AHkLaL9blZgqQWc-sTevVRTxVRttbugoQCLcB/s1600/note-2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2017/01/cryptoshield-ransomware.html", + "https://www.bleepingcomputer.com/news/security/cryptomix-variant-named-cryptoshield-1-0-ransomware-distributed-by-exploit-kits/" + ] + } + }, + { + "value": "Merry Christmas, Merry X-Mas or MRCR", + "description": "It’s directed to English and Italian speaking users, therefore is able to infect worldwide. Most attacks are on organizations and servers. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. They pose as a Consumer complaint notification that’s coming from Federal Trade Commission from USA, with an attached file called “complaint.pdf”. Written in Delphi by hacker MicrRP.", + "meta": { + "date": " December 2016", + "extensions": [ + ".MRCR1", + ".PEGS1", + ".RARE1", + ".RMCM1", + ".MERRY" + ], + "encryption": "AES-256", + "ransomnotes": [ + "YOUR_FILES_ARE_DEAD.HTA", + "https://2.bp.blogspot.com/-3F3QAZnDxsI/WGpvD4wZ2OI/AAAAAAAAC80/-2L6dIPqsgs8hZHOX0T6AFf5LwPwfZ-rwCLcB/s1600/note.png", + "https://4.bp.blogspot.com/-_w8peyLMcww/WHNJ1Gb0qeI/AAAAAAAADBw/EVbR-gKipYoNujo-YF6VavafsUfWDANEQCLcB/s1600/8-1-17.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/mrcr1-ransomware.html", + "https://www.bleepingcomputer.com/news/security/-merry-christmas-ransomware-now-steals-user-private-data-via-diamondfox-malware/", + "http://www.zdnet.com/article/not-such-a-merry-christmas-the-ransomware-that-also-steals-user-data/", + "https://www.bleepingcomputer.com/news/security/merry-christmas-ransomware-and-its-dev-comodosecurity-not-bringing-holiday-cheer/" + ] + } + }, + { + "value": "Seoirse Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Seoirse is how in Ireland people say the name George. Ransom is 0.5 Bitcoins.", + "meta": { + "date": "December 2016", + "extensions": [ + ".seoire" + ], + "encryption": "AES", + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/seoirse-ransomware.html" + ] + } + }, + { + "value": "KillDisk Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Every file is encrypted with a personal AES-key, and then AES-key encrypts with a RSA-1028 key. Hacking by TeleBots (Sandworm). Goes under a fake name: Update center or Microsoft Update center.", + "meta": { + "date": "November/December 2016", + "encryption": "AES+RSA", + "ransomnotes": [ + "https://1.bp.blogspot.com/-8MqANWraAgE/WGT7mj-XirI/AAAAAAAAC3g/H_f1hTxa7Sc_DEtllBe-vYaAfY-YqMelgCLcB/s1600/wallp.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/killdisk-ransomware.html", + "https://www.bleepingcomputer.com/news/security/killdisk-ransomware-now-targets-linux-prevents-boot-up-has-faulty-encryption/", + "https://www.bleepingcomputer.com/news/security/killdisk-disk-wiping-malware-adds-ransomware-component/", + "http://www.zdnet.com/article/247000-killdisk-ransomware-demands-a-fortune-forgets-to-unlock-files/ + http://www.securityweek.com/destructive-killdisk-malware-turns-ransomware", + "http://www.welivesecurity.com/2017/01/05/killdisk-now-targeting-linux-demands-250k-ransom-cant-decrypt/" + ] + } + }, + { + "value": "DeriaLock Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Maker is arizonacode and ransom amount is 20-30$. If the victim decides to pay the ransom, he will have to copy HWID and then speak to the hacker on Skype and forward him the payment.", + "meta": { + "date": "December 2016", + "extensions": [ + ".deria" + ], + "encryption": "AES", + "ransomnotes": [ + "https://3.bp.blogspot.com/-9vg_tRPq8rQ/WGOjf4ULuGI/AAAAAAAACzw/d16uRmEOotsCbRM4hwvzQ6bB8xAVNJ7ogCLcB/s1600/DeriaLock.gif" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/derialock-ransomware.html", + "https://www.bleepingcomputer.com/news/security/new-derialock-ransomware-active-on-christmas-includes-an-unlock-all-command/" + ] + } + }, + { + "value": "BadEncript Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "December 2016", + "extensions": [ + ".bript" + ], + "encryption": "AES", + "ransomnotes": [ + "More.html", + "https://3.bp.blogspot.com/-hApL-ObdWsk/WGAYUyCzPcI/AAAAAAAACyg/NuL26zNgRGcLnnF2BwgOEn3AYMgVu3gQACLcB/s1600/More-note.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/badencript-ransomware.html" + ] + } + }, + { + "value": "AdamLocker Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. The name of the creator is puff69.", + "meta": { + "date": "December 2016", + "extensions": [ + ".adam" + ], + "encryption": "AES", + "ransomnotes": [ + "https://3.bp.blogspot.com/-9IgXt6L0hLY/WGARdzJgfvI/AAAAAAAACyQ/1bfnX_We65AirDcAFpiG49NPuBMfGH9wwCLcB/s1600/note-adam.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/adamlocker-ransomware.html" + ] + } + }, + { + "value": "Alphabet Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. This ransomware poses as Windows 10 Critical Update Service. Offers you to update your Windows 10, but instead encrypts your files. For successful attack, the victim must have .NET Framework 4.5.2 installed on him computer.", + "meta": { + "date": "December 2016", + "extensions": [ + ".alphabet" + ], + "encryption": "AES", + "ransomnotes": [ + "https://1.bp.blogspot.com/-bFPI3O1BI3s/WGPpvnDvNNI/AAAAAAAAC10/mLUiFOCWnEkjbV91PmUGnc3qsFMv9um8QCLcB/s1600/wallp.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/alphabet-ransomware.html" + ] + } + }, + { + "value": "KoKoKrypt Ransomware or KokoLocker  Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread by its creator in forums. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files and documents and more. The ransom is 0.1 bitcoins within 72 hours. Uses Windows Update as a decoy. Creator: Talnaci Alexandru", + "meta": { + "date": "December 2016", + "extensions": [ + ".kokolocker" + ], + "encryption": "AES", + "ransomnotes": [ + "https://4.bp.blogspot.com/-NiQ6rSIprB8/WF-uxTMq6hI/AAAAAAAACyA/tA6qO3aJdGc0Dn_I-IOZOM3IwN5rgq9sACLcB/s1600/note-koko.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/kokokrypt-ransomware.html", + "http://removevirusadware.com/tips-for-removeing-kokokrypt-ransomware/" + ] + } + }, + { + "value": "L33TAF Locker Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Ransom is 0.5 bitcoins. The name of the creator is staffttt, he also created Fake CryptoLocker", + "meta": { + "date": "December 2016", + "extensions": [ + ".l33tAF" + ], + "encryption": "AES-256+RSA", + "ransomnotes": [ + "YOU_HAVE_BEEN_HACKED.txt", + "https://2.bp.blogspot.com/-yncl7-Jy198/WGDjdgNKXjI/AAAAAAAACzA/bfkDgwWEGKggUG3E1tgPBAWDXwi-p-7AwCLcB/s1600/note_2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/l33taf-locker-ransomware.html" + ] + } + }, + { + "value": "PClock4 Ransomware or PClock SysGop Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam (for example: “you have a criminal case against you”), fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "December 2016", + "encryption": "AES-256+RSA", + "ransomnotes": [ + "https://4.bp.blogspot.com/-T9Mt0pE7kwY/WF7NKAPfv1I/AAAAAAAACxw/gOjxeSR0x7EurKQTI2p6Ym70ViYuYdsvQCLcB/s1600/note_2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/pclock4-sysgop-ransomware.html" + ] + } + }, + { + "value": "Guster Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. This ransomware uses VBS-script to send a voice message as the first few lines of the note.", + "meta": { + "date": "December 2016", + "extensions": [ + ".locked" + ], + "encryption": "AES-256+RSA", + "ransomnotes": [ + "https://2.bp.blogspot.com/-0-kDVCM-kuI/WGVH-d2trGI/AAAAAAAAC4A/4LlxFpwkhEk89QcJ5ZhO1i-T6dQ_RcVegCEw/s1600/guster-note-2.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/guster-ransomware.html" + ] + } + }, + { + "value": "Roga", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. The hacker requests the ransom in Play Store cards. https://3.bp.blogspot.com/-ClUef8T55f4/WGKb8U4GeaI/AAAAAAAACzg/UFD0X2sORHYTVRNBSoqd5q7TBrOblQHmgCLcB/s1600/site.png", + "meta": { + "date": "December 2016", + "extensions": [ + ".madebyadam" + ], + "encryption": "AES", + "ransomnotes": [ + "https://2.bp.blogspot.com/-ZIWywQMf2mY/WGJD-rqLZYI/AAAAAAAACzQ/p5PWlpWyHjcVHKq74DOsE7yS-ornW48_QCLcB/s1600/note.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/roga-ransomware.html" + ] + } + }, + { + "value": "CryptoLocker3 Ransomware or Fake CryptoLocker", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Creator is staffttt and the ransom is 0.5 botcoins.", + "meta": { + "date": "December 2016", + "extensions": [ + ".cryptolocker" + ], + "encryption": "AES-128+RSA", + "ransomnotes": [ + "https://4.bp.blogspot.com/-LDSJ7rws1WI/WGDR-oDSshI/AAAAAAAACyw/_Kn0mnjpm2YN5tS9YldEnca-zOLJpXjcACLcB/s1600/crypto1-2.gif" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/cryptolocker3-ransomware.html" + ] + } + }, + { + "value": "ProposalCrypt Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. The ransom is 1.0 bitcoins.", + "meta": { + "date": "December 2016", + "extensions": [ + ".crypted" + ], + "encryption": "AES", + "ransomnotes": [ + "https://3.bp.blogspot.com/-TkMikT4PA3o/WFrb4it2u9I/AAAAAAAACww/_zZgu9EHBj8Ibar8i5ekwaowGBD8EoOygCLcB/s1600/note.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/proposalcrypt-ransomware.html", + "http://www.archersecuritygroup.com/what-is-ransomware/" + ] + } + }, + { + "value": "Manifestus Ransomware ", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. The hacker demands 0.2 bitcoins. The ransomware poses as a Window update.", + "meta": { + "date": "December 2016", + "encryption": "AES", + "ransomnotes": [ + "https://3.bp.blogspot.com/-85wiBKXIqro/WFrFOaNeSsI/AAAAAAAACwA/UyrPc2bKQCcznmtLTFkEfc6lEvhseyRYACLcB/s1600/lock1.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/manifestus-ransomware.html", + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-23rd-2016-cryptxxx-koolova-cerber-and-more/", + "https://twitter.com/struppigel/status/811587154983981056" + ] + } + }, + { + "value": "EnkripsiPC Ransomware ", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. The name of the hacker is humanpuff69 and he requests 0.5 bitcoins.", + "meta": { + "date": "December 2016", + "extensions": [ + ".fucked" + ], + "encryption": "AES", + "ransomnotes": [ + "https://4.bp.blogspot.com/-owEtII_eezA/WFmOp0ccjaI/AAAAAAAACvk/gjYcSeflS4AChm5cYO5c3EV4aSmzr14UwCLcB/s1600/enc100.gif" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/enkripsipc-ransomware.html" + ] + } + }, + { + "value": "BrainCrypt Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. So far the victims are from Belarus and Germany.", + "meta": { + "date": "December 2016", + "extensions": [ + ".braincrypt" + ], + "encryption": "AES", + "ransomnotes": [ + "https://1.bp.blogspot.com/-KrKO1vYs-1w/WFlw6bOfI_I/AAAAAAAACug/42w1VSl2GIoxRuA2SPKJr6xYp3c4OBnJQCLcB/s1600/note_2.png", + "https://3.bp.blogspot.com/-8bxTSAADM7M/WFmBEu-eUXI/AAAAAAAACvU/xaQBufV5a-4GWEJhXj2VVLqXnTjQJYNrwCLcB/s1600/note-brain2.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/braincrypt-ransomware.html" + ] + } + }, + { + "value": "MSN CryptoLocker Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Ransom is 0.2 bitcoins.", + "meta": { + "date": "December 2016", + "encryption": "AES", + "ransomnotes": [ + "https://2.bp.blogspot.com/-R-lKbH_tLvs/WGPRa-hCtqI/AAAAAAAAC1Y/zgKYZmys_jciaYhtTUsVLen5IHX8_LyiACLcB/s1600/note_2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/msn-cryptolocker-ransomware.html" + ] + } + }, + { + "value": "CryptoBlock Ransomware ", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. The ransom is in the amount is 0.3 bitcoins. The ransomware is disguises themselves as Adobe Systems, Incorporated.", + "meta": { + "date": "December 2016", + "encryption": "RSA-2048", + "ransomnotes": [ + "https://4.bp.blogspot.com/-4Y7GZEsWh7A/WFfnmQFF7nI/AAAAAAAACsQ/j3rXZmWrDxMM6xhV1s4YVl_WLDe28cpAwCLcB/s1600/001.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/cryptoblock-ransomware.html" + ] + } + }, + { + "value": "AES-NI Ransomware ", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "December 2016", + "extensions": [ + ".aes256" + ], + "encryption": "AES-256 (ECB) + RSA-2048", + "ransomnotes": [ + "!!! READ THIS -IMPORTANT !!!.txt", + "https://4.bp.blogspot.com/-GdF-kk1j9-8/WFl6NVm3PAI/AAAAAAAACvE/guFIi_FUpgIQNzX-usJ8CpofX45eXPvkQCLcB/s1600/note_2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/aes-ni-ransomware.html" + ] + } + }, + { + "value": "Koolova Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. The hacker of this ransomware tends to make lots of spelling errors in his requests.", + "meta": { + "date": "December 2016", + "extensions": [ + ".encrypted" + ], + "encryption": "AES-256", + "ransomnotes": [ + "https://2.bp.blogspot.com/-kz7PePfAiLI/WGTpY3us5LI/AAAAAAAAC3A/wu1rkx-BWlMzglJXXmCxeuYzbZKN5FP4gCLcB/s1600/koolova-v2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/koolova-ransomware.html" + ] + } + }, + { + "value": "Fake Globe Ransomware or Globe Imposter", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc… The ransom is 1bitcoin.", + "meta": { + "date": "December 2016", + "extensions": [ + ".crypt" + ], + "encryption": "AES", + "ransomnotes": [ + "https://1.bp.blogspot.com/-F8oAU82KnQ4/WFWgxjZz2vI/AAAAAAAACrI/J76wm21b5K4F9sjLF1VcEGoif3cS-Y-bwCLcB/s1600/note.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/fake-globe-ransomware.html", + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-30th-2016-infected-tvs-and-open-source-ransomware-sucks/", + "https://twitter.com/fwosar/status/812421183245287424" + ] + } + }, + { + "value": "V8Locker Ransomware ", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…", + "meta": { + "date": "December 2016", + "extensions": [ + ".v8" + ], + "encryption": "RSA", + "ransomnotes": [ + "https://3.bp.blogspot.com/-Acmbpw6fEaQ/WFUFKU9V9ZI/AAAAAAAACqc/47AceoWZzOwP9qO8uenjNVOVXeFJf7DywCLcB/s1600/note_2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/v8locker-ransomware.html" + ] + } + }, + { + "value": "Cryptorium (Fake Ransomware)", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It SUPPOSEDLY encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc., however your files are not really encrypted, only the names are changed.", + "meta": { + "date": "December 2016", + "extensions": [ + ".ENC" + ], + "encryption": "RSA", + "ransomnotes": [ + "https://4.bp.blogspot.com/-I0fsQu2YXMI/WFLb9LPdkFI/AAAAAAAACoY/xqRhgO1o98oruVDMC6rO4RxCk5MFDSTYgCLcB/s1600/lock.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/cryptorium-ransomware.html" + ] + } + }, + { + "value": "Antihacker2017 Ransomware", + "description": "It’s directed to Russian speaking users, there fore is able to infect mosty the old USSR countries. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc … The hacker goes by the nickname Antihacker and requests the victim to send him an email for the decryption. He does not request any money only a warning about looking at porn (gay, incest and rape porn to be specific).", + "meta": { + "date": "December 2016", + "extensions": [ + ".antihacker2017" + ], + "encryption": "XOR", + "ransomnotes": [ + "https://3.bp.blogspot.com/-k7iDPgj17Zo/WFKEfMvR4wI/AAAAAAAACn4/8irB4Tf1x_MjfTmWaAjuae6mFJbva6GcwCLcB/s1600/note.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/antihacker2017-ransomware.html" + ] + } + }, + { + "value": "CIA Special Agent 767 Ransomware (FAKE!!!)", + "description": "It’s directed to English speaking users, therefore is able to infect users all over the world. It is spread using email spam, fake updates, attachments and so on. It SUPPOSEDLY encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc… Your files are not really encrypted and nothing actually happens, however the hacker does ask the victim to pay a sum of 100$, after 5 days the sum goes up to 250$ and thereafter to 500$. After the payment is received, the victim gets the following message informing him that he has been fooled and he simply needed to delete the note. https://4.bp.blogspot.com/-T8iSbbGOz84/WFGZEbuRfCI/AAAAAAAACm0/SO8Srwx2UIM3FPZcZl7W76oSDCsnq2vfgCPcB/s1600/code2.jpg", + "meta": { + "date": "December 2016", + "ransomnotes": [ + "https://1.bp.blogspot.com/-6I7jtsp5Wi4/WFLqnfUvg5I/AAAAAAAACow/BCOv7etYxxwpIERR1Qs5fmJ2wKBx3sqmACLcB/s1600/screen-locker.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/cia-special-agent-767-ransomware.html", + "https://www.bleepingcomputer.com/virus-removal/remove-cia-special-agent-767-screen-locker", + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-16th-2016-samas-no-more-ransom-screen-lockers-and-more/", + "https://guides.yoosecurity.com/cia-special-agent-767-virus-locks-your-pc-screen-how-to-unlock/" + ] + } + }, + { + "value": "LoveServer Ransomware ", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc… This hacker request your IP address in return for the decryption.", + "meta": { + "date": "December 2016", + "ransomnotes": [ + "https://3.bp.blogspot.com/-LY1A0aeA_c0/WFEduvkiNQI/AAAAAAAACjk/B2-nFQoExscMVvZqvCaf9R4z_C6-rSdvACLcB/s1600/note2.png.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/loveserver-ransomware.html" + ] + } + }, + { + "value": "Kraken Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc… The hacker requests 2 bitcoins in return for the files.", + "meta": { + "date": "December 2016", + "extensions": [ + ".kraken" + ], + "encryption": "AES", + "ransomnotes": [ + "https://3.bp.blogspot.com/-E4brsgJRDHA/WFBU7wPaYLI/AAAAAAAACjU/sLEkzMiWp5wuc8hpFbylC7lLVMhftCLGgCLcB/s1600/111m.png", + "https://2.bp.blogspot.com/-b5caw8XAvIQ/WFBUuOto40I/AAAAAAAACjQ/_yzwIU17BHw4Ke4E3wM_XBI1XfnAvGSZQCLcB/s1600/005.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/kraken-ransomware.html" + ] + } + }, + { + "value": "Antix Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc… The ransom is 0.25 bitcoins and the nickname of the hacker is FRC 2016.", + "meta": { + "date": "December 2016", + "encryption": "AES", + "ransomnotes": [ + "https://1.bp.blogspot.com/-6iMtvGe3T58/WE8Ftx7zcUI/AAAAAAAACiE/2ISTxSYzgKEgnfQ7FSUWo3BiCeVLHH_uwCLcB/s1600/note.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/antix-ransomware.html" + ] + } + }, + { + "value": "PayDay Ransomware ", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc… The ransom is R$950 which is due in 5 days. (R$ is a Brazilian currency)", + "meta": { + "date": "December 2016", + "extensions": [ + ".sexy" + ], + "encryption": "AES-256", + "ransomnotes": [ + "https://3.bp.blogspot.com/-MWEyG49z2Qk/WE78wLqCXPI/AAAAAAAAChw/SIlQSe_o_wMars2egfZ7VqKfWuan6ThwQCLcB/s1600/note1.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/payday-ransomware.html" + ] + } + }, + { + "value": "Slimhem Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is NOT spread using email spam, fake updates, attachments and so on. It simply places a decrypt file on your computer.", + "meta": { + "date": "December 2016", + "extensions": [ + ".encrypted" + ], + "encryption": "AES-256", + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/slimhem-ransomware.html" + ] + } + }, + { + "value": "M4N1F3STO Ransomware (FAKE!!!!!)", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc… FILES DON’T REALLY GET DELETED NOR DO THEY GET ENCRYPTED!!!!!!!", + "meta": { + "date": "December 2016", + "encryption": "AES-256", + "ransomnotes": [ + "I want to play a game with you. Let me explain the rules. Your personal files are being deleted. Your photos, videos, documents, etc... But, don't worry! It will only happen if you don't comply. However I've already encrypted your personal files, so you cannot access therm. Every hour I select some of them to delete permanently, therefore I won't be able to access them, either. Are you familiar with the concept of exponential growth? Let me help you out. It starts out slowly then increases rapidly. During the first 24 hour you will only lose a few files, the second day a few hundred, the third day a few thousand, and so on. If you turn off your computer or try to close me, when i start the next time you will het 1000 files deleted as punishment. Yes you will want me to start next time, since I am the only one that is capable to decrypt your personal data for you. Now, let's start and enjoy our little game together! Send 0.3 bitcoins to this adress to unlock your Pc with your email adress Your can purchase bitcoins from localbitcoins", + "https://3.bp.blogspot.com/-9MsC3A3tuUA/WFGZM45Pw5I/AAAAAAAACms/NbDFma30D9MpK2Zc0O6NvDizU8vqUWWlwCLcB/s1600/M4N1F3STO.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/m4n1f3sto-ransomware.html" + ] + } + }, + { + "value": "Dale Ransomware or DaleLocker Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc… CHIP > DALE", + "meta": { + "date": "December 2016", + "extensions": [ + ".DALE" + ], + "encryption": "AES+RSA-512", "ransomnotes": [ "" ], @@ -1520,138 +2373,1434 @@ } }, { - "value": "", - "description": "", + "value": "UltraLocker Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…", "meta": { - "date": "", + "date": "December 2016", "extensions": [ - "" + ".locked (added before the ending, not to the ending, for example: file.locked.doc" ], - "encryption": "", + "encryption": "AES-256", "ransomnotes": [ - "" + "https://1.bp.blogspot.com/-DOjKnuzCMo8/WE1Xd8yksiI/AAAAAAAACfo/d93v2xn857gQDg4o5Rd4oZpP3q-Ipv9xgCLcB/s1600/UltraLocker.png" ], "refs": [ - "" + "https://id-ransomware.blogspot.co.il/2016/12/ultralocker-ransomware.html" ] } }, { - "value": "", - "description": "", + "value": "AES_KEY_GEN_ASSIST Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…", "meta": { - "date": "", + "date": "December 2016", "extensions": [ - "" + ".pre_alpha" ], - "encryption": "", + "encryption": "AES-256 and RSA-2048", "ransomnotes": [ - "" + "https://4.bp.blogspot.com/-6NIoKnSTwcs/WExcV900C_I/AAAAAAAACfI/_Hba3mOwk3UQ0T5rGercOglMsCTjVtCnQCLcB/s1600/note2.png" ], "refs": [ - "" + "https://id-ransomware.blogspot.co.il/2016/12/aeskeygenassist-ransomware.html", + "https://id-ransomware.blogspot.co.il/2016/09/dxxd-ransomware.html", + "https://www.bleepingcomputer.com/forums/t/634258/aes-key-gen-assistprotonmailcom-help-support/" ] } }, { - "value": "", - "description": "", + "value": "Code Virus Ransomware ", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", "meta": { - "date": "", + "date": "December 2016", "extensions": [ - "" + ".locky" ], - "encryption": "", + "encryption": "AES-256 and RSA-2048", "ransomnotes": [ - "" + "https://2.bp.blogspot.com/-Lyd1uRKG-94/WFJ3TbNqWfI/AAAAAAAACnc/4LoazYU0S1s1YRz3Xck3LN1vOm5RwIpugCLcB/s1600/note.jpg", + "https://4.bp.blogspot.com/-eBeh1lzEYsI/WFJ4l1oJ4fI/AAAAAAAACno/P5inceelNNk-zfkJGhE3XNamOGC8YmBwwCLcB/s1600/str123.gif" ], "refs": [ - "" + "https://id-ransomware.blogspot.co.il/2016/12/code-virus-ransomware.html" ] } }, { - "value": "", - "description": "", + "value": "FLKR Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", "meta": { - "date": "", + "date": "December 2016", "extensions": [ - "" + "_morf56@meta.ua_" ], - "encryption": "", + "encryption": "Blowfish", "ransomnotes": [ - "" + "https://3.bp.blogspot.com/-Fh2I6542zi4/WEpmphY0i1I/AAAAAAAACe4/FBP3J6UraBMkSMTWx2tm-FRYnmlYLtFWgCLcB/s1600/note2.png.png" ], "refs": [ - "" + "https://id-ransomware.blogspot.co.il/2016/12/flkr-ransomware.html" ] } }, { - "value": "", - "description": "", + "value": "PopCorn Time Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. These hackers claim to be students from Syria. This ransomware poses as the popular torrent movie screener called PopCorn. These criminals give you the chance to retrieve your files “for free” by spreading this virus to others. Like shown in the note bellow: https://www.bleepstatic.com/images/news/ransomware/p/Popcorn-time/refer-a-friend.png", "meta": { - "date": "", + "date": "December 2016", "extensions": [ - "" + ".kok", + ".filock" ], - "encryption": "", + "encryption": "AES-256", "ransomnotes": [ - "" + "https://3.bp.blogspot.com/-WxtRn5yVcNw/WEmgAPgO4AI/AAAAAAAACeo/M7iS6L8pSOEr8EUDkCK_g6h0aMKQQXfGwCLcB/s1600/note2.png", + "https://3.bp.blogspot.com/-sLwR-6y2M-I/WEmVIdJuPMI/AAAAAAAACeY/gpQDT-2-d7kkrfTHgiEZCfxViHu7dNE7ACLcB/s1600/med.jpg" ], "refs": [ - "" + "https://id-ransomware.blogspot.co.il/2016/12/popcorntime-ransomware.html", + "https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/" ] } }, { - "value": "", - "description": "", + "value": "HackedLocker Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc… NO POINT OF PAYING THE RANSOM—THE HACKER DOES NOT GIVE A DECRYPT AFTERWARDS.", "meta": { - "date": "", + "date": "December 2016", "extensions": [ - "" + ".hacked" ], - "encryption": "", + "encryption": "AES-256", "ransomnotes": [ - "" + "https://4.bp.blogspot.com/-G-xrI4N08hs/WFJjQgB3ojI/AAAAAAAACnM/DEfy_skSg044UmbBfNodiQY4OaLkkQPOwCLcB/s1600/note-hacked.jpg" ], "refs": [ - "" + "https://id-ransomware.blogspot.co.il/2016/12/hackedlocker-ransomware.html" ] } }, { - "value": "", - "description": "", + "value": "GoldenEye Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…", "meta": { - "date": "", + "date": "December 2016", "extensions": [ - "" + "." ], - "encryption": "", + "encryption": "AES(CBC)", "ransomnotes": [ - "" + "https://4.bp.blogspot.com/-qcJxWivTx1w/WEcEW14om5I/AAAAAAAACa4/xLAlsQGZjeg7Zlg3F2fQAcgQ_6b_cNQLACLcB/s1600/goldeneye-1.jpg", + "https://4.bp.blogspot.com/-avE8liOWdPY/WEcEbdTxx6I/AAAAAAAACa8/KOKgXzU1h2EJ0tTOKMdQzZ_JdWWNeFMdwCLcB/s1600/goldeneye-1-2.jpg" ], "refs": [ - "" + "https://id-ransomware.blogspot.co.il/2016/12/goldeneye-ransomware.html", + "https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/", + "https://www.bleepingcomputer.com/forums/t/634778/golden-eye-virus/" ] } }, { - "value": "", - "description": "", + "value": "Sage Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…", "meta": { - "date": "", + "date": "December 2016", "extensions": [ - "" + ".sage" ], - "encryption": "", + "encryption": "AES", "ransomnotes": [ - "" + "https://4.bp.blogspot.com/-GasUzax8cco/WEar0U0tPqI/AAAAAAAACZw/6V_1JFxLMH0UnmLa3-WZa_ML9JbxF0JYACEw/s1600/note-txt2.png" ], "refs": [ - "" + "https://id-ransomware.blogspot.co.il/2016/12/sage-ransomware.html", + "https://www.bleepingcomputer.com/forums/t/634978/sage-file-sample-extension-sage/", + "https://www.bleepingcomputer.com/forums/t/634747/sage-20-ransomware-sage-support-help-topic/" + ] + } + }, + { + "value": "SQ_ Ransomware or VO_ Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc… This hacker requests 4 bitcoins for ransom.", + "meta": { + "date": "December 2016", + "extensions": [ + ".VO_" + ], + "encryption": "AES and RSA-1024", + "ransomnotes": [ + "https://2.bp.blogspot.com/-Lhq40sgYUpI/WEWpGkkWOKI/AAAAAAAACZQ/iOp9g9Ya0Fk9vZrNKwTEMVcEOzKFIwqgACLcB/s1600/english-2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/12/sq-vo-ransomware.html" + ] + } + }, + { + "value": "Matrix or Malta Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc…", + "meta": { + "date": "December 2016", + "extensions": [ + ".MATRIX" + ], + "encryption": "AES and RSA", + "ransomnotes": [ + "https://4.bp.blogspot.com/-RGHgroHt5cU/WEUWnFBn2hI/AAAAAAAACYA/zwSf7rmfWdo4ESQ8kjwj6mJrfzL2V22mgCLcB/s1600/note-eng.png" + ], + "refs": [ + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2016-screenlockers-kangaroo-the-sfmta-and-more/", + "https://id-ransomware.blogspot.co.il/2016/12/matrix-ransomware.html" + ] + } + }, + { + "value": "Satan666 Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".locked" + ], + "encryption": "AES", + "ransomnotes": [ + "https://3.bp.blogspot.com/-anaLWyg_iJI/WFaxDs8KI3I/AAAAAAAACro/yGXh3AV-ZpAKmD4fpQbBkAyYXXnkqgR3ACLcB/s1600/note666_2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/satan666-ransomware.html" + ] + } + }, + { + "value": "RIP (Phoenix) Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".R.i.P" + ], + "encryption": "AES-256", + "ransomnotes": [ + "https://2.bp.blogspot.com/-D-j_9_LZen0/WEPq4G5w5FI/AAAAAAAACXs/GTnckI3CGYQxuDMPXBzpGXDtarPK8yJ5wCLcB/s1600/note_2.PNG" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/rip-ransomware.html" + ] + } + }, + { + "value": "Locked-In Ransomware or NoValid Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".novalid" + ], + "encryption": "AES-256", + "ransomnotes": [ + "https://3.bp.blogspot.com/-BK_31ORE0ZY/WD284cEVoLI/AAAAAAAACWA/bU0n3MBMD8Mbgzv9bD6VLJb51Q_kr5AJgCLcB/s1600/note.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/novalid-ransomware.html", + "https://www.bleepingcomputer.com/forums/t/634754/locked-in-ransomware-help-support-restore-corupted-fileshtml/" + ] + } + }, + { + "value": "Chartwig Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "encryption": "AES", + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/chartwig-ransomware.html" + ] + } + }, + { + "value": "RenLocker Ransomware (FAKE)", + "description": "It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. The files don’t actually get encrypted, their names get changed using this formula: [www-hash-part-]+[number]+[.crypter]", + "meta": { + "date": "November 2016", + "extensions": [ + ".crypter" + ], + "encryption": "Rename > Ren + Locker", + "ransomnotes": [ + "https://3.bp.blogspot.com/-281TI8xvMLo/WDw2Nl72OsI/AAAAAAAACTk/nT_rL0z-Exo93FzoOXnyaFgQ7wPe0r7IgCLcB/s1600/Crypter1.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/renlocker-ransomware.html" + ] + } + }, + { + "value": "Thanksgiving Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "encryption": "AES", + "ransomnotes": [ + "https://4.bp.blogspot.com/-2dC_gQTed4o/WDxRSh_R-MI/AAAAAAAACT4/yWxzCcMqN_8GLjd8dOPf6Mw16mkbfALawCLcB/s1600/lblMain.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/thanksgiving-ransomware.html", + "https://id-ransomware.blogspot.co.il/2016/07/stampado-ransomware-1.html" + ] + } + }, + { + "value": "CockBlocker Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".hannah" + ], + "encryption": "RSA", + "ransomnotes": [ + "https://1.bp.blogspot.com/--45C2Cr8sXc/WDiWLTvW-ZI/AAAAAAAACSA/JnJNRr8Kti0YqSnfhPQBF2rsFf-au1g9ACLcB/s1600/Cockblocke.gif" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/cockblocker-ransomware.html" + ] + } + }, + { + "value": "Lomix Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".encrypted" + ], + "encryption": "AES-256", + "ransomnotes": [ + "https://1.bp.blogspot.com/-nXv88GxxOvQ/WE1gqeD3ViI/AAAAAAAACf4/wcVwQ9Pi_JEP2iWNHoBGmeXKJFsfwmwtwCLcB/s1600/Lomix.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/lomix-ransomware.html" + ] + } + }, + { + "value": "OzozaLocker Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. https://3.bp.blogspot.com/--jubfYRaRmw/WDaOyZXkAaI/AAAAAAAACQE/E63a4FnaOfACZ07s1xUiv_haxy8cp5YCACLcB/s1600/ozoza2.png", + "meta": { + "date": "November 2016", + "extensions": [ + ".locked" + ], + "encryption": "AES", + "ransomnotes": [ + "https://2.bp.blogspot.com/-r-vBnl-wLwo/WDg7fHph9BI/AAAAAAAACRc/VuMxWa1nUPIGHCzhCf2AyL_uc7Z9iB6MACLcB/s1600/note_2.PNG" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/ozozalocker-ransomware.html" + ] + } + }, + { + "value": "Crypute Ransomware  or m0on Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".mo0n" + ], + "encryption": "AES", + "ransomnotes": [ + "https://3.bp.blogspot.com/-8-8X7Nd1MYs/WDSZN6NIT1I/AAAAAAAACNg/ltc7ppfZZL0vWn8BV3Mk9BVrdmJbcEnpgCLcB/s1600/222.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/crypute-ransomware-m0on.html", + "https://www.bleepingcomputer.com/virus-removal/threat/ransomware/" + ] + } + }, + { + "value": "NMoreira Ransomware or Fake Maktub Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".maktub" + ], + "encryption": "AES-256 + RSA", + "ransomnotes": [ + "https://4.bp.blogspot.com/-_i9AjhlvjB8/WDVuLKBnmlI/AAAAAAAACOA/xISXMTBLMbEH4PBS35DQ416woPpkuiVvQCLcB/s1600/note-2.PNG", + "https://2.bp.blogspot.com/-4HNc9S8SY4I/WBMkpdKyDsI/AAAAAAAAB0I/udESgro7YB4pF98Dv2KrrecyymFGsvV2QCLcB/s1600/note.JPG" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/nmoreira-ransomware.html", + "https://id-ransomware.blogspot.co.il/2016/10/airacrop-ransomware.html" + ] + } + }, + { + "value": "VindowsLocker Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. The ransom amount is 349.99$ and the hacker seems to be from India. He disguises himself as Microsoft Support.", + "meta": { + "date": "November 2016", + "extensions": [ + ".vindows" + ], + "encryption": "AES", + "ransomnotes": [ + "https://4.bp.blogspot.com/-61DcGSFljUk/WDM2UpFZ02I/AAAAAAAACMw/smvauQCvG3IPHOtEjPP4ocGKmBhVRBv-wCLcB/s1600/lock-note.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/vindowslocker-ransomware.html" + ] + } + }, + { + "value": "Donald Trump 2 Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Here is the original ransomware under this name: http://id-ransomware.blogspot.co.il/2016/09/donald-trump-ransomware.html", + "meta": { + "date": "November 2016", + "extensions": [ + ".ENCRYPTED" + ], + "encryption": "AES", + "ransomnotes": [ + "https://3.bp.blogspot.com/-RwJ6R-uvYg0/V-qfeRPz7GI/AAAAAAAABi8/7x4MxRP7Jp8edbTJqz4iuEye0q1u5k3pQCLcB/s1600/donald-trump-ransomware.jpg" + ], + "refs": [ + "http://id-ransomware.blogspot.co.il/2016/09/donald-trump-ransomware.html", + "https://www.bleepingcomputer.com/news/security/the-donald-trump-ransomware-tries-to-build-walls-around-your-files/" + ] + } + }, + { + "value": "Nagini Ransomware or Voldemort Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "encryption": "RSA", + "ransomnotes": [ + "https://2.bp.blogspot.com/-qJHhbtoL1Y4/V-lOClxieEI/AAAAAAAABis/IbnVAY8hnmEfU8_iU1CgQ3FWeX4YZOkBACLcB/s1600/Nagini.jpg" + ], + "refs": [ + "http://id-ransomware.blogspot.co.il/2016/09/nagini-voldemort-ransomware.html", + "https://www.bleepingcomputer.com/news/security/the-nagini-ransomware-sics-voldemort-on-your-files/" + ] + } + }, + { + "value": "ShellLocker Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".l0cked" + ], + "encryption": "AES", + "ransomnotes": [ + "https://4.bp.blogspot.com/-0N1ZUh4WcxQ/WDCfENY1eyI/AAAAAAAACKE/_RVIxRCwedMrD0Tj9o6-ew8u3pL0Y5w8QCLcB/s1600/lock-note2.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/shelllocker-ransomware.html" + ] + } + }, + { + "value": "Chip Ransomware or ChipLocker Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".CHIP" + ], + "encryption": "AES + RSA-512", + "ransomnotes": [ + "https://2.bp.blogspot.com/-OvB9TMJoimE/WC9QXRPFNwI/AAAAAAAACJU/iYcCC9tKvGIu4jH2bd6xLvmO7KMVVCLdgCLcB/s1600/note_2.PNG" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/chip-ransomware.html" + ] + } + }, + { + "value": "Dharma Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. CrySiS  > Dharma Note: ATTENTION! At the moment, your system is not protected. We can fix it and restore files. To restore the system write to this address: bitcoin143@india.com", + "meta": { + "date": "November 2016", + "extensions": [ + ".dharma" + ], + "encryption": "AES + RSA-512", + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/dharma-ransomware.html" + ] + } + }, + { + "value": "Angela Merkel Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".angelamerkel" + ], + "encryption": "AES", + "ransomnotes": [ + "https://3.bp.blogspot.com/-QaJ-Z27tL7s/WDCvwYY2UVI/AAAAAAAACKg/swpf1eKf1Y8oYIK5U8gbfi1H9AQ3Q3r8QCLcB/s1600/angela-merkel.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/angela-merkel-ransomware.html" + ] + } + }, + { + "value": "CryptoLuck Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + "._luck" + ], + "encryption": "AES-256 + RSA-2048", + "ransomnotes": [ + "https://2.bp.blogspot.com/-skwh_-RY50s/WDK2XLhtt3I/AAAAAAAACL0/CaZ0A_fl2Zk-YZYU9g4QCQZkODpicbXpQCLcB/s1600/note_2.PNG", + "https://4.bp.blogspot.com/-tCYSY5fpE5Q/WDLLZssImkI/AAAAAAAACMg/7TmWPW3k4jQuGIYZN_dCxcSGcY_c4po9wCLcB/s1600/note3_2.PNG" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/cryptoluck-ransomware.html" + ] + } + }, + { + "value": "Crypton Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + "_crypt" + ], + "encryption": "AES + RSA", + "ransomnotes": [ + "https://4.bp.blogspot.com/-2fAMkigwn4E/WCs1vKiB9UI/AAAAAAAACIs/_kgk8U9wfisV0MTYInIbArwL8zgLyBDIgCLcB/s1600/note-eng.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/crypton-ransomware.html" + ] + } + }, + { + "value": "Karma Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".karma" + ], + "encryption": "AES", + "ransomnotes": [ + "https://www.bleepstatic.com/images/news/ransomware/k/karma-ransomware/ransom-note.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/karma-ransomware.html", + "https://www.bleepingcomputer.com/news/security/researcher-finds-the-karma-ransomware-being-distributed-via-pay-per-install-network/", + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-18th-2016-crysis-cryptoluck-chip-and-more/" + ] + } + }, + { + "value": "WickedLocker HT Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".locked" + ], + "encryption": "AES", + "ransomnotes": [ + "https://2.bp.blogspot.com/-CTLT300bjNk/WCg9mrJArSI/AAAAAAAACGk/weWSqTMVS9AXdxJh_SA06SOH4kh2VGW1gCLcB/s1600/note_2.PNG.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/wickedlocker-ht-ransomware.html" + ] + } + }, + { + "value": "PClock3 Ransomware or PClock SuppTeam Ransomware ", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".locked" + ], + "encryption": "AES", + "refs": [ + "https://www.bleepingcomputer.com/news/security/old-cryptolocker-copycat-named-pclock-resurfaces-with-new-attacks/", + "https://id-ransomware.blogspot.co.il/2016/11/suppteam-ransomware-sysras.html", + "http://researchcenter.paloaltonetworks.com/2015/09/updated-pclock-ransomware-still-comes-up-short/" + ] + } + }, + { + "value": "Kolobo Ransomware or Kolobocheg Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".kolobocheg@aol.com_" + ], + "encryption": "XOR and RSA", + "ransomnotes": [ + "https://www.ransomware.wiki/tag/kolobo/" + ], + "refs": [ + "https://www.ransomware.wiki/tag/kolobo/", + "https://id-ransomware.blogspot.co.il/2016/11/kolobo-ransomware.html", + "https://forum.drweb.com/index.php?showtopic=315142" + ] + } + }, + { + "value": "PaySafeGen (German) Ransomware", + "description": "This is most likely to affect German speaking users, since the note is written in German. Mostly affects users in German speaking countries. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".cry_" + ], + "encryption": "AES-256", + "ransomnotes": [ + "https://3.bp.blogspot.com/-r2kaNLjBcEk/WCNCqrpHPZI/AAAAAAAACEE/eFSWuu4mUZoDV5AnduGR4KxHlFM--uIzACLcB/s1600/lock-screen.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/paysafegen-german-ransomware.html" + ] + } + }, + { + "value": "Telecrypt Ransomware", + "description": "This is most likely to affect Russian speaking users, since the note is written in Russian. Therefore, residents of Russian speaking country are affected. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc.. The ransomware’s authors would request around $75 from their victims to provide them with a decryptor (payments are accepted via Russian payment services Qiwi or Yandex.Money ). Right from the start, however, researchers suggested that TeleCrypt was written by cybercriminals without advanced skills.", + "meta": { + "date": "November 2016", + "extensions": [ + ".Xcri" + ], + "encryption": "AES", + "ransomnotes": [ + "https://4.bp.blogspot.com/-UFksnOoE4Ss/WCRUNbQuqyI/AAAAAAAACFI/Gs3Gkby335UmiddlYWJDkw8O-BBLt-BlQCLcB/s1600/telegram_rans.gif" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/telecrypt-ransomware.html", + "https://blog.malwarebytes.com/threat-analysis/2016/11/telecrypt-the-ransomware-abusing-telegram-api-defeated/", + "http://www.securityweek.com/telecrypt-ransomwares-encryption-cracked" + ] + } + }, + { + "value": "CerberTear Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".cerber" + ], + "encryption": "AES", + "ransomnotes": [ + "https://4.bp.blogspot.com/-ftA6aPEXwPM/WCDY3IiSq6I/AAAAAAAACCU/lnH25navXDkNccw5eQL9fkztRAeIqDYdQCLcB/s1600/note111.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/cerbertear-ransomware.html", + "https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/november-2016-month-ransomware/" + ] + } + }, + { + "value": "FuckSociety Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc.. Hidden Tear >> APT Ransomware + HYPERLINK \"https://id-ransomware.blogspot.ru/2016/05/remindme-ransomware-2.html" \t "_blank\" + RemindMe  > FuckSociety", + "meta": { + "date": "November 2016", + "extensions": [ + ".dll" + ], + "encryption": "RSA-4096", + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/fucksociety-ransomware.html" + ] + } + }, + { + "value": "PayDOS Ransomware  or Serpent Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".dng" + ], + "encryption": "AES", + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/paydos-ransomware-serpent.html", + "https://www.bleepingcomputer.com/news/security/ransomware-goes-retro-with-paydos-and-serpent-written-as-batch-files/", + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-4th-2016-cerber-paydos-alcatraz-locker-and-more/" + ] + } + }, + { + "value": "zScreenLocker Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".dng" + ], + "encryption": "AES", + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/zscreenlocker-ransomware.html", + "https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/november-2016-month-ransomware/", + "https://twitter.com/struppigel/status/794077145349967872" + ] + } + }, + { + "value": "Gremit Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".rnsmwr" + ], + "encryption": "AES", + "ransomnotes": [ + "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/11-4-16/CwZubUHW8AAE4qi[1].jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/gremit-ransomware.html", + "https://twitter.com/struppigel/status/794444032286060544", + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-4th-2016-cerber-paydos-alcatraz-locker-and-more/" + ] + } + }, + { + "value": "Hollycrypt Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".hollycrypt" + ], + "encryption": "AES", + "ransomnotes": [ + "https://1.bp.blogspot.com/-PdtXGwSTn24/WBxIoomzF4I/AAAAAAAAB-U/lxTwKWc7T9MJhUtcRMh1mn9m_Ftjox9XwCLcB/s1600/note_2.PNG" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/hollycrypt-ransomware.html" + ] + } + }, + { + "value": "BTCLocker Ransomware or BTC Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".BTC" + ], + "encryption": "AES", + "ransomnotes": [ + "https://4.bp.blogspot.com/--7M0dtKhOio/WBxJx1PflYI/AAAAAAAAB-g/DSdMjLDLnVwwaMBW4H_98SzSJupLYm9WgCLcB/s1600/note_2.PNG" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/btclocker-ransomware.html" + ] + } + }, + { + "value": "Kangaroo Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".crypted_file" + ], + "encryption": "AES", + "ransomnotes": [ + "https://1.bp.blogspot.com/-1jyI1HoqJag/WBzj9SLvipI/AAAAAAAAB_U/_sp8TglWEPQphG8neqrztfUUIjcBbVhDwCLcB/s1600/kangaroo-lock_2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/kangaroo-ransomware.html", + "https://www.bleepingcomputer.com/news/security/the-kangaroo-ransomware-not-only-encrypts-your-data-but-tries-to-lock-you-out-of-windows/" + ] + } + }, + { + "value": "DummyEncrypter Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".dCrypt" + ], + "encryption": "AES-256", + "ransomnotes": [ + "https://4.bp.blogspot.com/-2rS0Yq27wp0/WBtKfupZ2sI/AAAAAAAAB8I/0MR-9Xx0n-0zV_NBSScDCiYTp1KH-edtACLcB/s1600/Lockscreen_2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/dummyencrypter-ransomware.html" + ] + } + }, + { + "value": "Encryptss77 Ransomware or SFX Monster Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".dCrypt" + ], + "encryption": "AES-256", + "ransomnotes": [ + "YOUR FILES ARE ENCRYPTED THAT THEIR DECRYPT SEND EMAIL US AT encryptss77@gmail.com IN MESSAGE INDICATE IP ADDRESS OF COMPUTER WHERE YOU SAW THIS MESSAGE YOU CAN FIND IT ON 2IP.RU WE WILL REPLY TO YOU WITHIN 24 HOURS" + ], + "refs": [ + "http://virusinfo.info/showthread.php?t=201710", + "https://id-ransomware.blogspot.co.il/2016/11/encryptss77-ransomware.html" + ] + } + }, + { + "value": "WinRarer Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".ace" + ], + "encryption": "AES-256", + "ransomnotes": [ + "https://4.bp.blogspot.com/-zb0TP0wza7I/WBpShN0tCMI/AAAAAAAAB64/oTkSFwKFVx8hY1rEs5FQU6F7oaBW-LqHwCLcB/s1600/note_2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/winrarer-ransomware.html" + ] + } + }, + { + "value": "Russian Globe Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".blackblock" + ], + "encryption": "AES-256", + "ransomnotes": [ + "YOUR FILES HAVE BEEN ENCRYPTED! Your personal ID ***** Your file have been encrypted with a powerful strain of a virus called ransomware. Your files are encrypted using the same methods banks and the military use. There is currently no possible way to decrypt files with the private key. Lucky for you, we can help. We are willing to sell you a decryptor UNIQUELY made for your computer (meaning someone else's decryptor will not work for you). Once you pay a small fee, we will instantly send you the software/info necessary to decrypt all your files, quickly and easily." + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/russian-globe-ransomware.html" + ] + } + }, + { + "value": "ZeroCrypt Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "November 2016", + "extensions": [ + ".zn2016" + ], + "encryption": "AES-256", + "ransomnotes": [ + "https://1.bp.blogspot.com/-0AGEY4vAlA0/WBi_oChzFNI/AAAAAAAAB4w/8PrPRfFU30YFWCwHzqnsx4bYISVNFyesQCLcB/s1600/note.PNG" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/11/zerocrypt-ransomware.html" + ] + } + }, + { + "value": "RotorCrypt(RotoCrypt, Tar) Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".c400", + ".c300" + ], + "encryption": "RSA", + "ransomnotes": [ + "Good day Your files were encrypted/locked As evidence can decrypt file 1 to 3 1-30MB The price of the transcripts of all the files on the server: 7 Bitcoin Recommend to solve the problem quickly and not to delay Also give advice on how to protect Your server against threats from the network (Files sql mdf backup decryption strictly after payment)!" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/rotorcrypt-ransomware.html" + ] + } + }, + { + "value": "Ishtar Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc.", + "meta": { + "date": "October 2016", + "extensions": [ + "ISHTAR-. (prefix)" + ], + "encryption": "AES-256 + RSA-2048", + "ransomnotes": [ + "FOR FILE DISCRIPTION, PLEASE CONTACT YOU@edtonmail@protonmail.com Or BM-NBYR3ctSgr67iciT43rRNmHdHPAYBBK7 USING BITMESSAGE DESKTOP OR https://bitmsg.me/ BASIC TECHNICAL DETAILS: > Standard encryption order: AES 256 + RSA 2048. > A unique AES key is created for each file. > Decryption is impossible without the ISHTAR.DATA file (see% APPDATA% directory). ----- TO DECRYPT YOUR FILES PLEASE WRITE TO youneedmail@protonmail.com OR TO BM-NBYR3ctSgr67iciT43rRNmHdHPAYBBK7 USING BITMESSAGE DESKTOP OR https://bitmsg.me/ BASIC TECHNICAL DETAILS: > Standart encryption routine: AES 256 + RSA 2048. > Every AES key is unique per file. > Decryption is impossible without ISHTAR.DATA file (see% APPDATA% path)." + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/ishtar-ransomware.html" + ] + } + }, + { + "value": "MasterBuster Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".hcked" + ], + "ransomnotes": [ + "IMPORTANT!!!! All of your computer files have been encrypted. DO NOT CHANGE ANY FILES! We can restore all the files. How to restore files: - \n1) Follow this link: - http://goo.gl/forms/VftoBRppkJ \n2) Fill out the form above. \n3) For 24 hours on your email + mobile SMS will come instructions for solving the problem. Thank you! DarkWing020", + "https://3.bp.blogspot.com/-gqEyoqXbZnE/WBXoF5bPZZI/AAAAAAAAB2U/YGpgIdjXyQQeDnwc9PlJs37YWtWTnH_wgCLcB/s1600/note.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/masterbuster-ransomware.html" + ] + } + }, + { + "value": "JackPot Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".coin" + ], + "ransomnotes": [ + "https://3.bp.blogspot.com/-oaElZvUqbfo/WBUOGdD8unI/AAAAAAAAB1w/Ya1_qq0gfa09AhRddUITQNRxKloXgD_BwCLcB/s1600/wallp.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/jackpot-ransomware.html", + "https://twitter.com/struppigel/status/791639214152617985", + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28-2016-locky-angry-duck-and-more/" + ] + } + }, + { + "value": "ONYX Ransomeware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".Encryption:" + ], + "ransomnotes": [ + "All your files are encrypted, but do not worry, they have not been removed. (for now) You have 24 hours to pay $100. Money move to the specified Bitcoin -account. Otherwise, all files will be destroyed. Do not turn off the computer and/or do not attempt to disable me. When disobedience will be deleted 100 files.", + "https://1.bp.blogspot.com/-cukkC4KAhZE/WBY1jJbcQoI/AAAAAAAAB3I/p8p-iNQRnQwnP6c6H77h_SHMQNAlkJ1CgCLcB/s1600/onyx.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/onyx-ransomware.html", + "https://twitter.com/struppigel/status/791557636164558848", + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28-2016-locky-angry-duck-and-more/" + ] + } + }, + { + "value": "IFN643 Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".inf643" + ], + "encryption": "AES", + "ransomnotes": [ + "https://4.bp.blogspot.com/-JuBZKpEHV0Q/WBYNHFlW7pI/AAAAAAAAB20/z0DPYA_8l6U8tB6pbgo8ZwyIJRcrIVy2ACLcB/s1600/Note1.JPG" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/ifn643-ransomware.html", + "https://twitter.com/struppigel/status/791576159960072192", + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28-2016-locky-angry-duck-and-more/" + ] + } + }, + { + "value": "Alcatraz Locker Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".Alcatraz" + ], + "encryption": "AES", + "ransomnotes": [ + "https://3.bp.blogspot.com/-b0-Uvnz703Q/WBcMGkZqtwI/AAAAAAAAB3Y/a6clIjdp_tI2T-OE_ykyjvB2qNY3gqWdQCLcB/s1600/Screenshot_1.jpg", + "https://2.bp.blogspot.com/-y5a6QnjAiv0/WBcMKV0zDDI/AAAAAAAAB3c/ytOQHJgmy30H_jEWPcfht7RRsh4NhcrvACLcB/s1600/Screenshot_2.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/alcatraz-locker-ransomware.html", + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-4th-2016-cerber-paydos-alcatraz-locker-and-more/", + "https://twitter.com/PolarToffee/status/792796055020642304" + ] + } + }, + { + "value": "Esmeralda Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".encrypted" + ], + "encryption": "AES", + "ransomnotes": [ + "Windows has encountered a critical problem and needs your immediate action to recover your data. The system access is locked and all the data have been encrypted to avoid the information be published or misused. You will not be able to access to your files and ignoring this message may cause the total loss of the data. We are sorry for the inconvenience. You need to contact the email below to restore the data of your system. Email: esmeraldaencryption@mail.ru You will have to order the Unlock-Password and the Esmeralda Decryption Software. All the instructions will be sent to you by email.", + "https://2.bp.blogspot.com/-vaWu8OjSiXE/WBzkLBdB8DI/AAAAAAAAB_Y/k8vvtYEIdTkFJhruRJ6qDNAujAn4Ph-xACLcB/s1600/esmeralda-lock_2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/esmeralda-ransomware.html", + "https://www.bleepingcomputer.com/forums/t/630835/esmeralda-ransomware/" + ] + } + }, + { + "value": "EncrypTile Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".encrypted" + ], + "encryption": "AES", + "ransomnotes": [ + "https://2.bp.blogspot.com/-_jxt6kCRnwM/WBNf7mi92nI/AAAAAAAAB0g/homx8Ly379oUKAOIhZU6MxCiWX1gA_TkACLcB/s1600/wallp.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/encryptile-ransomware.html" + ] + } + }, + { + "value": "Fileice Ransomware Survey Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc.. Sample of how the hacker tricks the user using the survey method. https://1.bp.blogspot.com/-72ECd1vsUdE/WBMSzPQEgzI/AAAAAAAABzA/i8V-Kg8Gstcn_7-YZK__PDC2VgafWcfDgCLcB/s1600/survey-screen.png The hacker definatly has a sense of humor: https://1.bp.blogspot.com/-2AlvtcvdyUY/WBMVptG_V5I/AAAAAAAABzc/1KvAMeDmY2w9BN9vkqZO8LWkBu7T9mvDACLcB/s1600/ThxForYurTyme.JPG", + "meta": { + "date": "October 2016", + "extensions": [ + ".encrypted" + ], + "encryption": "AES", + "ransomnotes": [ + "https://3.bp.blogspot.com/-GAPCc3ITdQY/WBMTmJ4NaRI/AAAAAAAABzM/XPbPZvZ8vbUrOWxtwPmfHFJiNT_2gfaOgCLcB/s1600/fileice-source.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/fileice-ransomware-survey.html", + "https://www.bleepingcomputer.com/news/security/in-dev-ransomware-forces-you-do-to-survey-before-unlocking-computer/" + ] + } + }, + { + "value": "CryptoWire Ransomeware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".encrypted" + ], + "encryption": "AES-256", + "ransomnotes": [ + "https://4.bp.blogspot.com/-vIMgkn8WVJM/WBJAxkbya7I/AAAAAAAABys/tCpaTOxfGDw8A611gudDh46mhZT70dURwCLcB/s1600/lock-screen.jpg", + "https://1.bp.blogspot.com/-b0QiEQec0Pg/WBMf2HG6hjI/AAAAAAAABz8/BtN2-INZ2KQ4W2_iPqvDZTtlA0Aq_4gVACLcB/s1600/Screenshot_2.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/cryptowire-ransomware.html" + ] + } + }, + { + "value": "Hucky Ransomware or Hungarian Locky Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".locky" + ], + "encryption": "AES-128+RSA", + "ransomnotes": [ + "https://1.bp.blogspot.com/-lLZZBScC27U/WBmkDQzl9FI/AAAAAAAAB5Y/gozOy17Yv0EWNCQVSOXn-PkTccYZuMmPQCLcB/s1600/note-bmp_2.png", + "!!! IMPORTANT INFORMATION !!!! All files are encrypted using RSA-3072 and AES128 encryption. You can learn more about RSA and AES ciphers here: Https://hu.wikipedia.org/wiki/RSA-eljárás Https://hu.wikipedia.org/wiki/Advanced_Encryption_Standard To return files, you need to get a secret key and decryption program. To get the key, please follow these steps: \n1. Send an identification code to the email address locky@mail2tor.com! If you want, send a 1 MB file for decryption. In order to prove that we can recover data. (Please, email must contain only the identification code, as well as the attachment) \n3. Please note, check the mail, we will send you an email within 24 hours! You will receive a decrypted file and decryption program in the attachment. Follow the instructions in the email.!!! Your identification code !!!" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/hucky-ransomware-hungarian-locky.html" + ] + } + }, + { + "value": "Winnix Cryptor Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".wnx" + ], + "encryption": "AES", + "ransomnotes": [ + "Your files are encrypted! Your files have been safely encrypted on this PC: photos, documents, databases, etc. Encryption was produced using a unique public key generated for this computer. To decrypt files you need to obtain the private key. The only way to get the private key is to pay 4 BTC. You saved it on qualified system administrator who could make your network safe and secure. In order to decrypt the files send your bitcoins to the following address: 13gYXFxpzm7hAd4esdnJGt9JvYqyD1Y6by After you complete your payment, send an email to 6214ssxpvo@sigaint.org with YOUR ID as subject (ID is in the end of the file) and you'll receive private key, needed software and step by step guide in 1 business day. Offer is valid for 5 business days (expiration date is in the end of the file). AFTER TIME IS UP, PRICE DOUBLES. No discounts, no other payment methods. How to buy bitcoins? \n1. Create a Bitcoin Wallet (we recommend Blockchain.info) \n2. Buy necessary amount of Bitcoins Do not forget about the transaction commission in the Bitcoin network (= 0.0005). Here are our recommendations: LocalBitcoins.com – the fastest and easiest way to buy and sell Bitcoins; CoinCafe.com – the simplest and fastest way to buy, sell and use Bitcoins; BTCDirect.eu – the best for Europe; CEX.IO – Visa / MasterCard; CoinMama.com – Visa / MasterCard; HowToBuyBitcoins.info – discover quickly how to buy and sell bitcoins in your local currency. More questions? Send an email to 6214ssxpvo@sigaint.org ID: *** EXP DATE: Sept. 12 2016 Winnix Cryptor Team" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/winnix-cryptor-ransomware.html" + ] + } + }, + { + "value": "AngryDuck Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".adk" + ], + "encryption": "AES-512", + "ransomnotes": [ + "https://3.bp.blogspot.com/-k3s85Fx9N_E/WBIfuUNTMmI/AAAAAAAAByM/rQ10tKuXTlEJfLTOoBwJPo7rhhaiK2OoQCLcB/s1600/screen-lock.jpg", + "ANGRY DUCK! All your important files have been encrypted using very string cryptography (AES-512 With RSA-64 FIPS grade encryption). To recover your files, send 10 BTC to my private wallet DON'T MESS WITH THE DUCKS!!!" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/angryduck-ransomware.html" + ] + } + }, + { + "value": "Lock93 Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".lock93" + ], + "encryption": "AES-512", + "ransomnotes": [ + "https://3.bp.blogspot.com/-WuD2qaaNIb0/WA4_g_FnIfI/AAAAAAAABx4/pn6VNqMXMzI_ryvKUruY3ctYtzomT1I4gCLcB/s1600/note3.jpg", + "https://1.bp.blogspot.com/-S6M83oFxSdM/WA4_ak9WATI/AAAAAAAABx0/3FL3q21FdxMQvAgrr2FORQIaNtq2-P2jACLcB/s1600/note2.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/lock93-ransomware.html" + ] + } + }, + { + "value": "ASN1 Encoder Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "encryption": "AES-512", + "ransomnotes": [ + "https://2.bp.blogspot.com/-5gZpxeEWqZg/WBeNnEP9GzI/AAAAAAAAB4g/ELCCp88whLMI6CzpGTjlxbmXBMFIKhwtwCLcB/s1600/onion-site.JPG" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/asn1-encoder-ransomware.html" + ] + } + }, + { + "value": "Click Me Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc.. The hacker tries to get the user to play a game and when the user clicks the button, there is no game, just 20 pictures in a .gif below: https://3.bp.blogspot.com/-1zgO3-bBazs/WAkPYqXuayI/AAAAAAAABxI/DO3vycRW-TozneSfRTdeKyXGNEtJSMehgCLcB/s1600/all-images.gif", + "meta": { + "date": "October 2016", + "extensions": [ + ".hacked" + ], + "encryption": "AES", + "ransomnotes": [ + "All right my dear brother!!! Enough free playing. Your files have been encrypted. Pay so much this much money so I can send you the password for your files. I can be paid this much too cause I am very kind. So move on I didn't raise the price." + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/click-me-ransomware.html" + ] + } + }, + { + "value": "AiraCrop Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".hacked" + ], + "encryption": "AES-256 + RSA-2048", + "ransomnotes": [ + "https://2.bp.blogspot.com/-4HNc9S8SY4I/WBMkpdKyDsI/AAAAAAAAB0I/udESgro7YB4pF98Dv2KrrecyymFGsvV2QCLcB/s1600/note.JPG" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/airacrop-ransomware.html" + ] + } + }, + { + "value": "JapanLocker Ransomware & SHC Ransomware, SHCLocker", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + "#LOCK#" + ], + "encryption": "AES-256 & RSA-2048", + "ransomnotes": [ + "https://2.bp.blogspot.com/-sdlDK4OIuPA/WAehWZYHaMI/AAAAAAAABvc/TcAcLG2lw10aOFY3FbP1A5EuLjL6LR62ACLcB/s1600/note.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/japanlocker-ransomware.html", + "https://www.cyber.nj.gov/threat-profiles/ransomware-variants/japanlocker" + ] + } + }, + { + "value": "Anubis Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".coded" + ], + "encryption": "AES", + "ransomnotes": [ + "https://4.bp.blogspot.com/-0YMsPH5WuTk/WAepI4BnqZI/AAAAAAAABv0/yXt4tdrmmAIf-N9KUmehY6mK1kTV-eFFQCLcB/s1600/note-wal2.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/anubis-ransomware.html" + ] + } + }, + { + "value": "XTPLocker 5.0 Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "encryption": "AES-256", + "ransomnotes": [ + "Attention! ! ! All of your copies of your system have been permanently deleted and the data on all partitions and workstations have been encrypted! Stay calm. You can recover all your data by making a payment of 2 BTC (1200 USD) in Bitcoin currency to receive a decryption key. To purchase Bitcions you can use www.coinbase.com After buying BTC send the equivalent of 2 BTC (1200 USD) to our BTC adress : 16jX5RbF2pEcLYHPukazWhDCkxXTs7ZCxB After payment contact us to receive your decryption key. In mail title write your unique ID: {custom id visually resembling a MAC address} Our e-mail: crypt302@gmx.com" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/xtplocker-ransomware.html" + ] + } + }, + { + "value": "Exotic Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".exotic" + ], + "encryption": "AES-128", + "ransomnotes": [ + "https://4.bp.blogspot.com/-WJYR7LkWHWY/WAaCYScljOI/AAAAAAAABuo/j18AGhzv7WUPb2r4HWkYm4TPgYw9S5PUwCLcB/s1600/note1-1.jpg", + "https://4.bp.blogspot.com/-2QxJ3KCRimI/WAaCcWcE2uI/AAAAAAAABus/9SGRY5iQT-ITfG_JrY7mn6-PUpQrSKg7gCLcB/s1600/note1-2.jpg", + "https://3.bp.blogspot.com/-SMXOoWiGkxw/WAaGOMdecrI/AAAAAAAABu8/S-YjlWlPKbItSN_fe8030tMDHWzouHsIgCLcB/s1600/note2.jpg" + ], + "refs": [ + "https://www.bleepingcomputer.com/news/security/eviltwins-exotic-ransomware-targets-executable-files/", + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-14-2016-exotic-lockydump-comrade-and-more/", + "https://www.cyber.nj.gov/threat-profiles/ransomware-variants/exotic-ransomware", + "https://id-ransomware.blogspot.co.il/2016/10/exotic-ransomware.html" + ] + } + }, + { + "value": "APT Ransomware v.2", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc.. NO POINT TO PAY THE RANSOM, THE FILES ARE COMPLETELY DESTROYED", + "meta": { + "date": "October 2016", + "extensions": [ + ".dll" + ], + "encryption": "AES-128", + "ransomnotes": [ + "https://2.bp.blogspot.com/-VTUhk_Py2FA/WAVCO1Yn69I/AAAAAAAABuI/N71wo2ViOE0UjrIdbeulBRTJukHtA2TdACLcB/s1600/ransom-note.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/apt-ransomware-2.html" + ] + } + }, + { + "value": "Windows_Security Ransonware or WS Go Ransonware, Trojan.Encoder.6491", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".enc" + ], + "encryption": "AES-256", + "ransomnotes": [ + "https://2.bp.blogspot.com/-NfRePJbfjbY/WAe5LHFsWaI/AAAAAAAABwE/1Pk116TDqAYEDYvnu2vzim1l-H5seW9mQCLcB/s1600/note.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/ws-go-ransonware.html", + "https://www.cyber.nj.gov/threat-profiles/ransomware-variants/apt-ransomware-v2" + ] + } + }, + { + "value": "NCrypt Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".NCRYPT",  + ".ncrypt" + ], + "encryption": "AES", + "ransomnotes": [ + "https://2.bp.blogspot.com/-k7T79DnBk8w/WBc67QXyjWI/AAAAAAAAB3w/QbA-E9lYdSMOg3PcG9Vz8fTc_OhmACObACLcB/s1600/note-html.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/ncrypt-ransomware.html" + ] + } + }, + { + "value": "Venis Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".venis" + ], + "encryption": "AES-2048", + "ransomnotes": [ + "https://3.bp.blogspot.com/-IFEOWjw-aaQ/WAXTu9oEN4I/AAAAAAAABuY/APqBiaHn3pAX8404Noyuj7tnFJDf2m_XACLcB/s1600/note1.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/venis-ransomware.html" + ] + } + }, + { + "value": "Enigma 2 Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".1txt" + ], + "encryption": "AES-128", + "ransomnotes": [ + "We encrypt important files on your computer: documents, databases, photos, videos and keys. Files encryption algorithm AES 128 (https://ru.wikipedia.org/wiki/Advanced_Encryption_Standard) with a private key that only we know. Encrypted files have .1txt extension. It decrypts files without the private key IMPOSSIBLE. \nIf you want to get the files back: \n1) Install the Tor Browser http://www.torproject.org/ \n2) Locate the desktop key to access E_N_I_G_M_A.RSA site (password is encrypted in the key of your files) \n3) Go to the website http://kf2uimw5omtgveu6.onion/ into a torus-browser and log in using E_N_I_G_M_A.RSA \n4) Follow the instructions on the website and download the decoder \nC:\\Documents and Settings\\Администратор\\Рабочийстол\\E_N_I_G_M_A.RSA - The path to the key file on the desktop C:\\DOCUME~1\\9335~1\\LOCALS~1\\Temp\\E_N_I_G_M_A.RSA - The path to the key file in TMP directory" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/enigma-2-ransomware.html" + ] + } + }, + { + "value": "Deadly Ransomware or Deadly for a Good Purpose Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "encryption": "AES-256", + "ransomnotes": [ + "https://4.bp.blogspot.com/-XZiiaCYM9Bk/WAUsUkrCJEI/AAAAAAAABtk/z-sMHflz3Q8_aWc-K9PD0N5TGkSGwwQnACLcB/s1600/note-html.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/deadly-ransomware.html" + ] + } + }, + { + "value": "Comrade Circle Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".comrade" + ], + "encryption": "AES-256", + "ransomnotes": [ + "https://3.bp.blogspot.com/-MmzOC__9qPA/V__t2kNX-SI/AAAAAAAABrc/t8ypPa1jCIUbPfvR7UGbdGzdvKrbAv_DgCLcB/s1600/wallpaper.jpg", + "https://4.bp.blogspot.com/-hRoC-UFr-7o/V__tAEFuZWI/AAAAAAAABrQ/xDawlulx8Bg4uEtX4bU2ezPMY-x6iFiuQCLcB/s1600/note-1ch.JPG", + "https://4.bp.blogspot.com/-PdYtm6sRHAI/WAEngHQBg_I/AAAAAAAABsA/nh8m7__b0wgviTEBahyNYK4HFhF1v7rOQCLcB/s1600/icon-stalin-2.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/comrade-circle-ransomware.html" + ] + } + }, + { + "value": "Globe2 Ransomwar", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".raid10", + ".[random].raid10", + ".blt", + ".globe", + ".[random].blt", + ".encrypted", + ".[random].globe", + ".[random].encrypted", + ".mia.kokers@aol.com", + ".[mia.kokers@aol.com]" + ], + "encryption": "AES-256", + "ransomnotes": [ + "https://3.bp.blogspot.com/-MYI30xhrcZU/V_qcDyASJsI/AAAAAAAABpU/Pej5jDk_baYBByLx1cXwFL8LBiT8Vj3xgCLcB/s1600/note22.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/globe2-ransomware.html" + ] + } + }, + { + "value": "Kostya Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".k0stya" + ], + "encryption": "AES-256", + "ransomnotes": [ + "https://2.bp.blogspot.com/-E_MI2fT33J0/V_k_9Gjkj4I/AAAAAAAABpA/-30UT5HhPAAR9YtVkFwgrYqLIdWPprZ9gCLcB/s1600/lock-screen.jpg", + "https://2.bp.blogspot.com/-4YmIkWfYfRA/V_lAALhfSvI/AAAAAAAABpE/Dj35aroKXSwbLXrSPqGCzbvhsTNHdsbAgCLcB/s1600/kostya.jpg" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/kostya-ransomware.html" + ] + } + }, + { + "value": "Fs0ciety Locker Ransomware", + "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..", + "meta": { + "date": "October 2016", + "extensions": [ + ".comrade" + ], + "encryption": "AES-256 CBC", + "ransomnotes": [ + "https://4.bp.blogspot.com/-nskzYgbg7Ac/V_jpJ3GApqI/AAAAAAAABos/EbG_-BLDPqA9bRVOWdzHjPnDWFiHYlsJwCLcB/s1600/ransom-note.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/10/fs0ciety-locker-ransomware.htm" + ] + } + }, + { + "value": "Erebus Ransomware", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. After the files are decrypted, the shadow files are deleted using the following command: vssadmin.exe Delete Shadows /All /Quiet", + "meta": { + "date": "September 2016", + "extensions": [ + ".ecrypt" + ], + "encryption": "AES", + "ransomnotes": [ + "https://4.bp.blogspot.com/-E9WbSxLgaYs/WGn8gC6EfvI/AAAAAAAAC8A/bzd7uP9fcxU6Fyq1n6-9ZbUUGWlls9lrwCLcB/s1600/note-txt_2.png" + ], + "refs": [ + "https://id-ransomware.blogspot.co.il/2016/09/erebus-ransomware.html" ] } }