From 2fc9fb86d2774875096fc70b6c54359136c8f5e0 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 9 Mar 2018 15:35:42 +0100 Subject: [PATCH] update GandCrab --- clusters/ransomware.json | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index fde2536f..b2a56ede 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -9241,11 +9241,18 @@ "date": "January 2018", "refs": [ "https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-distributed-by-exploit-kits-appends-gdcb-extension/", - "https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-being-distributed-via-malspam-disguised-as-receipts/" + "https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-being-distributed-via-malspam-disguised-as-receipts/", + "https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-version-2-released-with-new-crab-extension-and-other-changes/" ], "ransomnotes": [ "GDCB-DECRYPT.txt", - "---= GANDCRAB =---\n\nAttention!\nAll your files documents, photos, databases and other important files are encrypted and have the extension: .GDCB \nThe only method of recovering files is to purchase a private key. It is on our server and only we can recover your files.\nThe server with your key is in a closed network TOR. You can get there by the following ways:\n1. Download Tor browser - https://www.torproject.org/\n2. Install Tor browser\n3. Open Tor Browser\n4. Open link in tor browser:http://gdcbghvjyqy7jclk.onion/[id]\n5. Follow the instructions on this page\n\nIf Tor/Tor browser is locked in your country or you can not install it, open one of the following links in your regular browser:\n1. http://gdcbghvjyqy7jclk.onion.top/[id]\n2. http://gdcbghvjyqy7jclk.onion.casa/[id]\n3. http://gdcbghvjyqy7jclk.onion.guide/[id]\n4. http://gdcbghvjyqy7jclk.onion.rip/[id]\n5. http://gdcbghvjyqy7jclk.onion.plus/[id]\n\nOn our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.\n\nDANGEROUS!\nDo not try to modify files or use your own private key - this will result in the loss of your data forever!" + "CRAB-Decrypt.txt", + "---= GANDCRAB =---\n\nAttention!\nAll your files documents, photos, databases and other important files are encrypted and have the extension: .GDCB \nThe only method of recovering files is to purchase a private key. It is on our server and only we can recover your files.\nThe server with your key is in a closed network TOR. You can get there by the following ways:\n1. Download Tor browser - https://www.torproject.org/\n2. Install Tor browser\n3. Open Tor Browser\n4. Open link in tor browser:http://gdcbghvjyqy7jclk.onion/[id]\n5. Follow the instructions on this page\n\nIf Tor/Tor browser is locked in your country or you can not install it, open one of the following links in your regular browser:\n1. http://gdcbghvjyqy7jclk.onion.top/[id]\n2. http://gdcbghvjyqy7jclk.onion.casa/[id]\n3. http://gdcbghvjyqy7jclk.onion.guide/[id]\n4. http://gdcbghvjyqy7jclk.onion.rip/[id]\n5. http://gdcbghvjyqy7jclk.onion.plus/[id]\n\nOn our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.\n\nDANGEROUS!\nDo not try to modify files or use your own private key - this will result in the loss of your data forever!", + "---= GANDCRAB =---\nAttention!\nAll your files documents, photos, databases and other important files are encrypted and have the extension: .GDCB\nThe only method of recovering files is to purchase a private key. It is on our server and only we can recover your files.\nThe server with your key is in a closed network TOR. You can get there by the following ways:\n1. Download Tor browser - https://www.torproject.org/\n2. Install Tor browser\n3. Open Tor Browser\n4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/[id]\n5. Follow the instructions on this page\nOn our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.\nIf you can't download TOR and use it, or in your country TOR blocked, read it:\n1. Visit https://tox.chat/download.html\n2. Download and install qTOX on your PC.\n3. Open it, click \"New Profile\" and create profile.\n4. Search our contact - 6C5AD4057E594E090E0C987B3089F74335DA75F04B7403E0575663C26134956917D193B195A5\n5. In message please write your ID and wait our answer: 6361f798c4ba3647\nDANGEROUS!\nDo not try to modify files or use your own private key - this will result in the loss of your data forever!" + ], + "extensions" : [ + ".Crab", + ".CRAB" ] }, "uuid": "5920464b-e093-4fa0-a275-438dffef228f"