MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

add razor ransomware

pull/517/head
Deborah Servili 2020-02-19 15:55:29 +01:00
parent c98093e6fe
commit 29bf20e89b
No known key found for this signature in database
GPG Key ID: 7E3A832850D4D7D1
1 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
clusters/ransomware.json
View File

@ -13709,7 +13709,29 @@
},
"uuid": "05d5263f-ec23-4279-bb98-55fc233d7e89",
"value": "Bart ransomware"
},
{
"description": "Razor was discovered by dnwls0719, it is a part of Garrantydecrypt ransomware family. Like many other programs of this type, Razor is designed to encrypt files (make them unusable/inaccessible), change their filenames, create a ransom note and change victim's desktop wallpaper. Razor renames files by appending the \".razor\" extension to their filenames. For example, it renames \"1.jpg\" to \"1.jpg.razor\", and so on. It creates a ransom note which is a text file named \"#RECOVERY#.txt\", this file contains instructions on how to contact Razor's developers (cyber criminals) and other details.\nAs stated in the \"#RECOVERY#.txt\" file, this ransomware encrypts all files and information about how to purchase a decryption tool can be received by contacting Razor's developers. Victims supposed to contact them via razor2020@protonmail.ch, Jabber client (razor2020@jxmpp.jp) or ICQ client (@razor2020) and wait for further instructions. It is very likely that they will name a price of a decryption tool and/or key and provide cryptocurrency wallet's address that should be used to make a transaction. However, it is never a good idea to trust (pay) any cyber criminals/ransomware developers. It is common that they do not provide decryption tools even after a payment. Another problem is that ransomware-type programs encrypt files with strong encryption algorithms and their developers are the only ones who have tools that can decrypt files encrypted by their ransomware. In most cases victims have the only free and safe option: to restore files from a backup. Also, it is worth mentioning that files remain encrypted even after uninstallation of ransomware, its removal only prevents it from causing further encryptions.",
"meta": {
"extensions": [
".razor"
],
"ransomnotes": [
"All your files have been ENCRYPTED!!!\nWrite to our email: \n razor2020@protonmail.ch\n ICQ:\n @razor2020\n Or contact us via jabber:\n razor2020@jxmpp.jp\nJabber (Pidgin) client installation instructions, you can find on youtube - hxxps://www.youtube.com/results?search_query=pidgin+jabber+install\nAttention!\nDo not rename encrypted files.\nDo not try to decrypt your data using third party software, it may cause permanent data loss.\ntell your unique ID"
],
"ransomnotes-filenames": [
"#RECOVERY#.txt"
],
"ransomnotes-refs": [
"https://www.pcrisk.com/images/stories/screenshots202002/razor-ransom-note.jpg"
],
"refs": [
"https://www.pcrisk.com/removal-guides/17016-razor-ransomware"
]
},
"uuid": "ea35282c-0686-4115-a001-bc4203549418",
"value": "Razor"
}
],
"version": 80
"version": 81
}