diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 7c124ce..750cb65 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -23,7 +23,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/nhtnwcuf-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "1(300$)" }, "uuid": "81b4e3ac-aa83-4616-9899-8e19ee3bb78b", "value": "Nhtnwcuf Ransomware (Fake)" @@ -42,7 +44,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/cryptojacky-ransomware.html", "https://twitter.com/jiriatvirlab/status/838779371750031360" - ] + ], + "payment-method": "Bitcoin", + "price": "250 €" }, "uuid": "a8187609-329a-4de0-bda7-7823314e7db9", "value": "CryptoJacky Ransomware" @@ -57,7 +61,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/kaenlupuf-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "b97f07c4-136a-488a-9fa0-35ab45fbfe36", "value": "Kaenlupuf Ransomware" @@ -77,7 +83,8 @@ "https://id-ransomware.blogspot.co.il/2017/03/enjey-crypter-ransomware.html", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-10th-2017-spora-cerber-and-technical-writeups/", "https://www.bleepingcomputer.com/news/security/embittered-enjey-ransomware-developer-launches-ddos-attack-on-id-ransomware/" - ] + ], + "payment-method": "Bitcoin" }, "uuid": "e98e6b50-00fd-484e-a5c1-4b2363579447", "value": "EnjeyCrypter Ransomware" @@ -113,7 +120,9 @@ ], "synonyms": [ "Ŧl๏tєгค гคภร๏๓ฬคгє" - ] + ], + "payment-method": "Dollars", + "price": "199" }, "uuid": "04a5889d-b97d-4653-8a0f-d2df85f93430", "value": "Vortex Ransomware" @@ -131,7 +140,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/gc47-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0,0361312 (50$)" }, "uuid": "2069c483-4701-4a3b-bd51-3850c7aa59d2", "value": "GC47 Ransomware" @@ -151,7 +162,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/rozalocker-ransomware.html", "https://twitter.com/jiriatvirlab/status/840863070733885440" - ] + ], + "payment-method": "Bitcoin", + "price": "10000 Rubles (135€)" }, "uuid": "f158ea74-c8ba-4e5a-b07f-52bd8fe30888", "value": "RozaLocker Ransomware" @@ -169,7 +182,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/cryptomeister-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.1" }, "uuid": "4c76c845-c5eb-472c-93a1-4178f86c319b", "value": "CryptoMeister Ransomware" @@ -203,7 +218,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/project34-ransomware.html" - ] + ], + "payment-method": "MoneyPak", + "price": "300$" }, "uuid": "4af0d2bd-46da-44da-b17e-987f86957c1d", "value": "Project34 Ransomware" @@ -221,7 +238,9 @@ "https://www.bleepingcomputer.com/news/security/petrwrap-ransomware-is-a-petya-offspring-used-in-targeted-attacks/", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-17th-2017-revenge-petrwrap-and-captain-kirk/", "https://securelist.com/blog/research/77762/petrwrap-the-new-petya-based-ransomware-used-in-targeted-attacks/" - ] + ], + "payment-method": "Bitcoin", + "price": "300$" }, "uuid": "e11da570-e38d-4290-8a2c-8a31ae832ffb", "value": "PetrWrap Ransomware" @@ -241,7 +260,9 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-17th-2017-revenge-petrwrap-and-captain-kirk/", "https://id-ransomware.blogspot.co.il/2017/03/karmen-ransomware.html", "https://twitter.com/malwrhunterteam/status/841747002438361089" - ] + ], + "payment-method": "Bitcoin", + "price": "1.2683" }, "uuid": "da7de60e-0725-498d-9a35-303ddb5bf60a", "value": "Karmen Ransomware" @@ -286,7 +307,9 @@ ], "synonyms": [ "Fake CTB-Locker" - ] + ], + "payment-method": "Bitcoin", + "price": "150$" }, "uuid": "a291ac4c-7851-480f-b317-e977a616ac9d", "value": "Turkish FileEncryptor Ransomware" @@ -317,7 +340,9 @@ "http://www.securityweek.com/star-trek-themed-kirk-ransomware-emerges", "https://www.grahamcluley.com/kirk-ransomware-sports-star-trek-themed-decryptor-little-known-crypto-currency/", "https://www.virustotal.com/en/file/39a2201a88f10d81b220c973737f0becedab2e73426ab9923880fb0fb990c5cc/analysis/" - ] + ], + "payment-method": "Monero", + "price": "1100 roupies (14€)" }, "uuid": "6e442a2e-97db-4a7b-b4a1-9abb4a7472d8", "value": "Kirk Ransomware & Spock Decryptor" @@ -338,7 +363,8 @@ "https://id-ransomware.blogspot.co.il/2017/03/zinocrypt-ransomware.html", "https://twitter.com/demonslay335?lang=en", "https://twitter.com/malwrhunterteam/status/842781575410597894" - ] + ], + "payment-method": "Bitcoin" }, "uuid": "719c8ba7-598e-4511-a851-34e651e301fa", "value": "ZinoCrypt Ransomware" @@ -380,7 +406,9 @@ "https://id-ransomware.blogspot.co.il/2017/03/motd-ransomware.html", "https://www.bleepingcomputer.com/forums/t/642409/motd-of-ransome-hostage/", "https://www.bleepingcomputer.com/forums/t/642409/motd-ransomware-help-support-topics-motdtxt-and-enc-extension/" - ] + ], + "payment-method": "Bitcoin", + "price": "2" }, "uuid": "5d1a3631-165c-4091-ba55-ac8da62efadf", "value": "MOTD Ransomware" @@ -400,7 +428,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/cryptodevil-ransomware.html", "https://twitter.com/PolarToffee/status/843527738774507522" - ] + ], + "payment-method": "Dollars", + "price": "20 - 100" }, "uuid": "f3ead274-6c98-4532-b922-03d5ce4e7cfc", "value": "CryptoDevil Ransomware" @@ -419,7 +449,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/fabsyscrypto-ransomware.html", "https://twitter.com/struppigel/status/837565766073475072" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "e4d36930-2e00-4583-b5f5-d8f83736d3ce", "value": "FabSysCrypto Ransomware" @@ -452,7 +484,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/redants-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "dd3601f1-df0a-4e67-8a20-82e7ba0ed13c", "value": "RedAnts Ransomware" @@ -467,7 +501,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/consoleapplication1-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "4c3788d6-30a9-4cad-af33-81f9ce3a0d4f", "value": "ConsoleApplication1 Ransomware" @@ -483,7 +519,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/03/krider-ransomware.html", "https://twitter.com/malwrhunterteam/status/836995570384453632" - ] + ], + "payment-method": "no ransom" }, "uuid": "f5ac03f1-4f6e-43aa-836a-cc7ece40aaa7", "value": "KRider Ransomware" @@ -494,7 +531,9 @@ "date": "February 2017", "refs": [ "https://id-ransomware.blogspot.co.il/search?updated-min=2017-01-01T00:00:00-08:00&updated-max=2018-01-01T00:00:00-08:00&max-results=50" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5 (300$)" }, "uuid": "44f6d489-f376-4416-9ba4-e153472f75fc", "value": "CYR-Locker Ransomware (FAKE)" @@ -513,7 +552,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/dotransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.1" }, "uuid": "0570e09d-10b9-448c-87fd-c1c4063e6592", "value": "DotRansomware" @@ -534,7 +575,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/unlock26-ransomware.html", "https://www.bleepingcomputer.com/news/security/new-raas-portal-preparing-to-spread-unlock26-ransomware/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.01 - 0.06" }, "uuid": "37b9a28d-8554-4233-b130-efad4be97bc0", "value": "Unlock26 Ransomware" @@ -553,7 +596,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/pickles-ransomware.html", "https://twitter.com/JakubKroustek/status/834821166116327425" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "87171865-9fc9-42a9-9bd4-a453f556f20c", "value": "PicklesRansomware" @@ -569,7 +614,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/vanguard-ransomware.html", "https://twitter.com/JAMESWT_MHT/status/834783231476166657" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "6a6eed70-3f90-420b-9e4a-5cce9428dc06", "value": "Vanguard Ransomware" @@ -611,7 +658,9 @@ "https://www.bleepingcomputer.com/news/security/new-trump-locker-ransomware-is-a-fraud-just-venuslocker-in-disguise/", "https://id-ransomware.blogspot.co.il/2017/02/trumplocker.html", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-24th-2017-trump-locker-macos-rw-and-cryptomix/" - ] + ], + "payment-method": "Bitcoin", + "price": "1(50 - 165$)" }, "uuid": "63bd845c-94f6-49dc-8f0c-22e6f67820f7", "value": "TrumpLocker Ransomware" @@ -650,7 +699,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/xyzware-ransomware.html", "https://twitter.com/malwrhunterteam/status/833636006721122304" - ] + ], + "payment-method": "Bitcoin", + "price": "0.1 - 0.2" }, "uuid": "f0652feb-a104-44e8-91c7-b0435253352b", "value": "XYZWare Ransomware" @@ -668,7 +719,9 @@ ], "refs": [ "https://www.enigmasoftware.com/youarefuckedransomware-removal/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.1 (250$)" }, "uuid": "912af0ef-2d78-4a90-a884-41f3c37c723b", "value": "YouAreFucked Ransomware" @@ -685,7 +738,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/cryptconsole-2-ransomware.html", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5 - 0.7" }, "uuid": "7343da8f-fe18-46c9-8cda-5b04fb48e97d", "value": "CryptConsole 2.0 Ransomware" @@ -705,7 +760,9 @@ ], "synonyms": [ "BarRaxCrypt Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "c0ee166e-273f-4940-859c-ba6f8666247c", "value": "BarRax Ransomware" @@ -742,7 +799,9 @@ ], "synonyms": [ "CzechoSlovak Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "0.8 - 2" }, "uuid": "c9e29151-7eda-4192-9c34-f9a81b2ef743", "value": "UserFilesLocker Ransomware" @@ -758,7 +817,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017_03_01_archive.html", "https://id-ransomware.blogspot.co.il/2017/03/avastvirusinfo-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "6" }, "uuid": "78649172-cf5b-4e8a-950b-a967ff700acf", "value": "AvastVirusinfo Ransomware" @@ -791,7 +852,9 @@ ], "synonyms": [ "VHDLocker Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "9de7a1f2-cc21-40cf-b44e-c67f0262fbce", "value": "PleaseRead Ransomware" @@ -811,7 +874,9 @@ "https://id-ransomware.blogspot.co.il/2017/02/kasiski-ransomware.html", "https://twitter.com/MarceloRivero/status/832302976744173570", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-17th-2017-live-hermes-reversing-and-scada-poc-ransomware/" - ] + ], + "payment-method": "Dollars", + "price": "500" }, "uuid": "59b537dc-3764-42fc-a416-92d2950aaff1", "value": "Kasiski Ransomware" @@ -834,7 +899,9 @@ ], "synonyms": [ "Locky Impersonator Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "26a34763-a70c-4877-b99f-ae39decd2107", "value": "Fake Locky Ransomware" @@ -855,7 +922,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/cryptoshield-2-ransomware.html", "https://www.bleepingcomputer.com/news/security/cryptomix-variant-named-cryptoshield-1-0-ransomware-distributed-by-exploit-kits/" - ] + ], + "payment-method": "Email" }, "uuid": "1f915f16-2e2f-4681-a1e8-e146a0a4fcdf", "value": "CryptoShield 1.0 Ransomware" @@ -879,7 +947,8 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-17th-2017-live-hermes-reversing-and-scada-poc-ransomware/", "https://www.bleepingcomputer.com/forums/t/642019/hermes-ransomware-help-support-decrypt-informationhtml/", "https://www.bleepingcomputer.com/news/security/hermes-ransomware-decrypted-in-live-video-by-emsisofts-fabian-wosar/" - ] + ], + "payment-method": "Email - Bitcoin" }, "related": [ { @@ -924,7 +993,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/wcry-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.1" }, "uuid": "0983bdda-c637-4ad9-a56f-615b2b052740", "value": "Wcry Ransomware" @@ -941,7 +1012,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/dumb-ransomware.html", "https://twitter.com/bleepincomputer/status/816053140147597312?lang=en" - ] + ], + "payment-method": "Bitcoin", + "price": "0,3169" }, "uuid": "27feba66-e9c7-4414-a560-1e5b7da74d08", "value": "DUMB Ransomware" @@ -958,7 +1031,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017_02_01_archive.html", "https://id-ransomware.blogspot.co.il/2017/02/x-files-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0,2" }, "uuid": "c24f48ca-060b-4164-aafe-df7b3f43f40e", "value": "X-Files" @@ -976,7 +1051,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/polski-ransomware.html" - ] + ], + "payment-method": "Dollars", + "price": "249" }, "uuid": "b50265ac-ee45-4f5a-aca1-fabe3157fc14", "value": "Polski Ransomware" @@ -997,7 +1074,8 @@ "https://id-ransomware.blogspot.co.il/2017/02/yourransom-ransomware.html", "https://www.bleepingcomputer.com/news/security/yourransom-is-the-latest-in-a-long-line-of-prank-and-educational-ransomware/", "https://twitter.com/_ddoxer/status/827555507741274113" - ] + ], + "payment-method": "Email" }, "uuid": "908b914b-6744-4e16-b014-121cf2106b5f", "value": "YourRansom Ransomware" @@ -1013,7 +1091,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/ranion-raas.html", "https://www.bleepingcomputer.com/news/security/ranion-ransomware-as-a-service-available-on-the-dark-web-for-educational-purposes/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.6 - 0.95" }, "uuid": "b4de724f-add4-4095-aa5a-e4d039322b59", "value": "Ranion RaasRansomware" @@ -1034,7 +1114,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/polato-ransomware.html" - ] + ], + "payment-method": "Email" }, "uuid": "378cb77c-bb89-4d32-bef9-1b132343f3fe", "value": "Potato Ransomware" @@ -1056,7 +1137,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/opentodecrypt-ransomware.html" - ] + ], + "payment-method": "Email" }, "uuid": "e290fa29-6fc1-4fb5-ac98-44350e508bc1", "value": "of Ransomware: OpenToYou (Formerly known as OpenToDecrypt)" @@ -1078,7 +1160,9 @@ "http://www.2-spyware.com/remove-ransomplus-ransomware-virus.html", "https://id-ransomware.blogspot.co.il/2017/01/ransomplus-ransomware.html", "https://twitter.com/jiriatvirlab/status/825411602535088129" - ] + ], + "payment-method": "Bitcoin", + "price": "0.25" }, "uuid": "c039a50b-f5f9-4ad0-8b66-e1d8cc86717b", "value": "RansomPlus" @@ -1102,7 +1186,9 @@ "https://twitter.com/PolarToffee/status/824705553201057794", "https://twitter.com/demonslay335/status/1004351990493741057", "https://twitter.com/demonslay335/status/1004803373747572736" - ] + ], + "payment-method": "Bitcoin", + "price": "0.2" }, "uuid": "42508fd8-3c2d-44b2-9b74-33c5d82b297d", "value": "CryptConsole" @@ -1117,7 +1203,8 @@ "refs": [ "https://www.bleepingcomputer.com/forums/t/638191/zxz-ransomware-support-help-topic-zxz/?hl=%2Bzxz#entry4168310", "https://id-ransomware.blogspot.co.il/2017/01/zxz-ransomware.html" - ] + ], + "payment-method": "Email" }, "uuid": "e4932d1c-2f97-474d-957e-c7df87f9591e", "value": "ZXZ Ramsomware" @@ -1149,7 +1236,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/funfact.html", "http://www.enigmasoftware.com/funfactransomware-removal/" - ] + ], + "payment-method": "Bitcoin", + "price": "0,65806" }, "uuid": "2bfac605-a2c5-4742-92a2-279a08a4c575", "value": "FunFact Ransomware" @@ -1171,7 +1260,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/06/zekwacrypt-ransomware.html", "http://www.2-spyware.com/remove-zekwacrypt-ransomware-virus.html" - ] + ], + "payment-method": "Email" }, "uuid": "89d5a541-ef9a-4b18-ac04-2e1384031a2d", "value": "ZekwaCrypt Ransomware" @@ -1195,7 +1285,9 @@ "http://www.securityweek.com/sage-20-ransomware-demands-2000-ransom", "https://www.bleepingcomputer.com/news/security/sage-2-0-ransomware-gearing-up-for-possible-greater-distribution/", "https://www.govcert.admin.ch/blog/27/sage-2.0-comes-with-ip-generation-algorithm-ipga" - ] + ], + "payment-method": "Bitcoin", + "price": "2,15555 (2000$)" }, "uuid": "9174eef3-65f7-4ab5-9b55-b323b36fb962", "value": "Sage 2.0 Ransomware" @@ -1213,7 +1305,8 @@ "https://id-ransomware.blogspot.co.il/2017/01/cloudsword.html", "http://bestsecuritysearch.com/cloudsword-ransomware-virus-removal-steps-protection-updates/", "https://twitter.com/BleepinComputer/status/822653335681593345" - ] + ], + "payment-method": "Bitcoin" }, "uuid": "a89e0ae0-e0e2-40c5-83ff-5fd672aaa2a4", "value": "CloudSword Ransomware" @@ -1235,13 +1328,15 @@ ], "synonyms": [ "Fake" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "327eb8b4-5793-42f0-96c0-7f651a0debdc", "value": "DN" }, { - "description": "It’s directed to English speaking users, therefore is able to infect worldwide. Its original name is FileSpy and FileSpy Application. It is spread using email spam, fake updates, infected attachments and so on. It encryps all your files, including: music, MS Office, Open Office, pictures etc..", + "description": "It’s directed to English speaking users, therefore is able to infect worldwide. Its original name is FileSpy and FileSpy Application. It is spread using email spam, fake updates, infected attachments and so on. It encryps all your files, including: music, MS Office, etc..", "meta": { "date": "January 2017", "encryption": "AES", @@ -1254,7 +1349,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/garryweber.html" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "b6e6da33-bf23-4586-81cf-dcfe10e13a81", "value": "GarryWeber Ransomware" @@ -1277,7 +1374,9 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-20th-2017-satan-raas-spora-locky-and-more/", "https://www.bleepingcomputer.com/news/security/new-satan-ransomware-available-through-a-ransomware-as-a-service-/", "https://twitter.com/Xylit0l/status/821757718885236740" - ] + ], + "payment-method": "Bitcoin", + "price": "0.1 - your choice" }, "related": [ { @@ -1307,7 +1406,9 @@ ], "synonyms": [ "HavocCrypt Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "150 $" }, "uuid": "c6bef9c8-becb-4bee-bd97-c1c655133396", "value": "Havoc" @@ -1328,7 +1429,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/cryptosweettooth.html", "http://sensorstechforum.com/remove-cryptosweettooth-ransomware-restore-locked-files/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "ca831782-fcbf-4984-b04e-d79b14e48a71", "value": "CryptoSweetTooth Ransomware" @@ -1352,7 +1455,9 @@ "synonyms": [ "RansomTroll Ransomware", "Käändsõna Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "aed61a0a-dc48-43ac-9c33-27e5a286899e", "value": "Kaandsona Ransomware" @@ -1372,7 +1477,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/lambdalocker.html", "http://cfoc.org/how-to-restore-files-affected-by-the-lambdalocker-ransomware/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5 - 1" }, "uuid": "0d1b35e9-c87a-4972-8c27-a11c13e351d7", "value": "LambdaLocker Ransomware" @@ -1395,7 +1502,8 @@ ], "synonyms": [ "HakunaMatataRansomware" - ] + ], + "payment-method": "Website (onion)" }, "uuid": "0645cae2-bda9-4d68-8bc3-c3c1eb9d1801", "value": "NMoreia 2.0 Ransomware" @@ -1417,7 +1525,9 @@ "https://id-ransomware.blogspot.co.il/2017/01/marlboro.html", "https://decrypter.emsisoft.com/marlboro", "https://www.bleepingcomputer.com/news/security/marlboro-ransomware-defeated-in-one-day/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.2" }, "uuid": "4ae98da3-c667-4c6e-b0fb-5b52c667637c", "value": "Marlboro Ransomware" @@ -1435,7 +1545,9 @@ "https://id-ransomware.blogspot.co.il/2017/01/spora-ransomware.html", "https://blog.gdatasoftware.com/2017/01/29442-spora-worm-and-ransomware", "http://blog.emsisoft.com/2017/01/10/from-darknet-with-love-meet-spora-ransomware/" - ] + ], + "payment-method": "Bitcoin", + "price": "79$" }, "uuid": "46601172-d938-47af-8cf5-c5a796ab68ab", "value": "Spora Ransomware" @@ -1450,7 +1562,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/cryptokill-ransomware.html" - ] + ], + "payment-method": "Bitcoin" }, "uuid": "7ae2f594-8a72-4ba8-a37a-32457d1d3fe8", "value": "CryptoKill Ransomware" @@ -1467,7 +1580,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/allyourdocuments-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.35" }, "uuid": "62120e20-21f6-474b-9dc1-fc871d25c798", "value": "All_Your_Documents Ransomware" @@ -1489,7 +1604,9 @@ "https://www.bleepingcomputer.com/news/security/ultranationalist-developer-behind-serbransom-ransomware/", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-10th-2017-serpent-spora-id-ransomware/", "https://twitter.com/malwrhunterteam/status/830116190873849856" - ] + ], + "payment-method": "Bitcoin", + "price": "500$" }, "uuid": "fb1e99cb-73fa-4961-a052-c90b3f383542", "value": "SerbRansom 2017 Ransomware" @@ -1506,7 +1623,9 @@ "https://id-ransomware.blogspot.co.il/2017/02/fadesoft-ransomware.html", "https://twitter.com/malwrhunterteam/status/829768819031805953", "https://twitter.com/malwrhunterteam/status/838700700586684416" - ] + ], + "payment-method": "Bitcoin", + "price": "0.33" }, "uuid": "ccfe7f6a-9c9b-450a-a4c7-5bbaf4a82e37", "value": "Fadesoft Ransomware" @@ -1526,7 +1645,9 @@ "https://id-ransomware.blogspot.co.il/2017/02/hugeme-ransomware.html", "https://www.ozbargain.com.au/node/228888?page=3", "https://id-ransomware.blogspot.co.il/2016/04/magic-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "681ad7cc-fda0-40dc-83b3-91fdfdec81e1", "value": "HugeMe Ransomware" @@ -1548,7 +1669,9 @@ ], "synonyms": [ "DynA CryptoLocker Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "50$" }, "uuid": "9979ae53-98f7-49a2-aa1e-276973c2b44f", "value": "DynA-Crypt Ransomware" @@ -1569,7 +1692,9 @@ ], "synonyms": [ "Serpent Danish Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "0.75 (787.09$) - 2.25 (2366.55$ after 7 days)" }, "uuid": "3b472aac-085b-409e-89f1-e8c766f7c401", "value": "Serpent 2017 Ransomware" @@ -1586,7 +1711,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/erebus-2017-ransomware.html", "https://www.bleepingcomputer.com/news/security/erebus-ransomware-utilizes-a-uac-bypass-and-request-a-90-ransom-payment/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.085" }, "uuid": "c21e637c-6611-47e1-a191-571409b6669a", "value": "Erebus 2017 Ransomware" @@ -1606,7 +1733,9 @@ ], "synonyms": [ "Ransomuhahawhere" - ] + ], + "payment-method": "Bitcoin", + "price": "0.085" }, "uuid": "dcb183d1-11b5-464c-893a-21e132cb7b51", "value": "Cyber Drill Exercise " @@ -1624,7 +1753,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/cancer-ransomware.html", "https://www.bleepingcomputer.com/news/security/watch-your-computer-go-bonkers-with-cancer-trollware/" - ] + ], + "payment-method": "no ransom" }, "uuid": "ef747d7f-894e-4c0c-ac0f-3fa1ef3ef17f", "value": "Cancer Ransomware FAKE" @@ -1643,7 +1773,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/02/updatehost-ransomware.html", "https://www.bleepingcomputer.com/startups/Windows_Update_Host-16362.html" - ] + ], + "payment-method": "Email - Bitcoin" }, "uuid": "ed5b30b0-2949-410a-bc4c-3d90de93d033", "value": "UpdateHost Ransomware" @@ -1661,7 +1792,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/nemesis-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "10" }, "uuid": "b5942085-c9f2-4d1a-aadf-1061ad38fb1d", "value": "Nemesis Ransomware" @@ -1690,7 +1823,8 @@ ], "synonyms": [ "File0Locked KZ Ransomware" - ] + ], + "payment-method": "Email" }, "uuid": "57933295-4a0e-4f6a-b06b-36807ff150cd", "value": "Evil Ransomware" @@ -1709,7 +1843,9 @@ ], "synonyms": [ "Ocelot Locker Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "0.03" }, "uuid": "054b9fbd-72fa-464f-a683-a69ab3936d69", "value": "Ocelot Ransomware (FAKE RANSOMWARE)" @@ -1730,7 +1866,9 @@ ], "synonyms": [ "Blablabla Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "1000 CZK" }, "uuid": "00b8ff33-1504-49a4-a025-b761738eed68", "value": "SkyName Ransomware" @@ -1754,7 +1892,9 @@ ], "synonyms": [ "Depsex Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "155$" }, "uuid": "e5a60429-ae5d-46f4-a731-da9e2fcf8b92", "value": "MafiaWare Ransomware" @@ -1792,7 +1932,9 @@ ], "synonyms": [ "Purge Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "3" }, "related": [ { @@ -1823,7 +1965,9 @@ ], "synonyms": [ "FireCrypt Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "500$" }, "uuid": "fbb3fbf9-50d7-4fe1-955a-fd4defa0cb08", "value": "BleedGreen Ransomware" @@ -1843,7 +1987,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/btcamant.html" - ] + ], + "payment-method": "Email" }, "uuid": "a5826bd3-b457-4aa9-a2e7-f0044ad9992f", "value": "BTCamant Ransomware" @@ -1863,7 +2008,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/x3m-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "700$" }, "uuid": "192bc3e8-ace8-4229-aa88-37034a11ef5b", "value": "X3M Ransomware" @@ -1884,7 +2031,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/gog-ransomware.html", "https://twitter.com/BleepinComputer/status/816112218815266816" - ] + ], + "payment-method": "Bitcoin - WebSite (onion)" }, "uuid": "c3ef2acd-cc5d-4240-80e7-47e85b46db96", "value": "GOG Ransomware" @@ -1903,7 +2051,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/edgelocker-ransomware.html", "https://twitter.com/BleepinComputer/status/815392891338194945" - ] + ], + "payment-method": "Bitcoin", + "price": "0.1" }, "uuid": "ecfa106d-0aff-4f7e-a259-f00eb14fc245", "value": "EdgeLocker" @@ -1923,7 +2073,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/red-alert-ransomware.html", "https://twitter.com/JaromirHorejsi/status/815557601312329728" - ] + ], + "payment-method": "Website" }, "related": [ { @@ -1950,7 +2101,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/first-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "1.5" }, "uuid": "ed26fcf3-47fb-45cc-b5f9-de18f6491934", "value": "First" @@ -1967,7 +2120,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/xcrypt-ransomware.html", "https://twitter.com/JakubKroustek/status/825790584971472902" - ] + ], + "payment-method": "Email" }, "uuid": "fd5bb71f-80dc-4a6d-ba8e-ed74999700d3", "value": "XCrypt Ransomware" @@ -1986,7 +2140,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/7zipper-ransomware.html", "https://1.bp.blogspot.com/-ClM0LCPjQuk/WI-BgHTpdNI/AAAAAAAADc8/JyEQ8-pcJmsXIntuP-MMdE-pohVncxTXQCLcB/s1600/7-zip-logo.png" - ] + ], + "payment-method": "Email" }, "uuid": "d8ec9e54-a4a4-451e-9f29-e7503174c16e", "value": "7Zipper Ransomware" @@ -2008,7 +2163,9 @@ "https://www.pcrisk.com/removal-guides/10899-zyka-ransomware", "https://download.bleepingcomputer.com/demonslay335/StupidDecrypter.zip", "https://twitter.com/GrujaRS/status/826153382557712385" - ] + ], + "payment-method": "Bitcoin", + "price": "170€/$" }, "uuid": "7b7c8124-c679-4201-b5a5-5e66e6d52b70", "value": "Zyka Ransomware" @@ -2024,7 +2181,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2017/01/sureransom-ransomware.html", "http://www.forbes.com/sites/leemathews/2017/01/27/fake-ransomware-is-tricking-people-into-paying/#777faed0381c" - ] + ], + "payment-method": "Bitcoin", + "price": "50£" }, "uuid": "a9365b55-acd8-4b70-adac-c86d121b80b3", "value": "SureRansom Ransomeware (Fake)" @@ -2048,7 +2207,9 @@ "http://www.darkreading.com/attacks-breaches/netflix-scam-spreads-ransomware/d/d-id/1328012", "https://4.bp.blogspot.com/-bQQ4DTIClvA/WJCIh6Uq2nI/AAAAAAAADfY/hB5HcjuGgh8rRJKeLHo__IRz3Ezth22-wCEw/s1600/form1.jpg", "https://4.bp.blogspot.com/-ZnWdPDprJOg/WJCPeCtP4HI/AAAAAAAADfw/kR0ifI1naSwTAwSuOPiw8ZCPr0tSIz1CgCLcB/s1600/netflix-akk.png" - ] + ], + "payment-method": "Bitcoin", + "price": "0.18 (100$)" }, "uuid": "1317351f-ec8f-4c76-afab-334e1384d3d3", "value": "Netflix Ransomware" @@ -2081,7 +2242,8 @@ "synonyms": [ "Merry X-Mas", "MRCR" - ] + ], + "payment-method": "Email" }, "uuid": "72cbed4e-b26a-46a1-82be-3d0154fdd2e5", "value": "Merry Christmas" @@ -2096,7 +2258,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/seoirse-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "bdf807c2-74ec-4802-9907-a89b1d910296", "value": "Seoirse Ransomware" @@ -2117,7 +2281,9 @@ "http://www.securityweek.com/destructive-killdisk-malware-turns-ransomware", "http://www.welivesecurity.com/2017/01/05/killdisk-now-targeting-linux-demands-250k-ransom-cant-decrypt/", "https://cyberx-labs.com/en/blog/new-killdisk-malware-brings-ransomware-into-industrial-domain/" - ] + ], + "payment-method": "Bitcoin", + "price": "222 (200 000$)" }, "uuid": "8e067af6-d1f7-478a-8a8e-5154d2685bd1", "value": "KillDisk Ransomware" @@ -2137,7 +2303,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/derialock-ransomware.html", "https://www.bleepingcomputer.com/news/security/new-derialock-ransomware-active-on-christmas-includes-an-unlock-all-command/" - ] + ], + "payment-method": "Bitcoin", + "price": "20 - 30$" }, "uuid": "c0d7acd4-5d64-4571-9b07-bd4bd0d27ee3", "value": "DeriaLock Ransomware" @@ -2157,7 +2325,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/badencript-ransomware.html", "https://twitter.com/demonslay335/status/813064189719805952" - ] + ], + "payment-method": "Email - Bitcoin" }, "uuid": "43bfbb2a-9416-44da-81ef-03d6d3a3923f", "value": "BadEncript Ransomware" @@ -2175,7 +2344,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/adamlocker-ransomware.html" - ] + ], + "payment-method": "Website" }, "uuid": "5e7d10b7-18ec-47f7-8f13-6fd03d10a8bc", "value": "AdamLocker Ransomware" @@ -2194,7 +2364,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/alphabet-ransomware.html", "https://twitter.com/PolarToffee/status/812331918633172992" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "related": [ { @@ -2225,7 +2397,9 @@ ], "synonyms": [ "KokoLocker Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "0.1" }, "uuid": "d672fe4f-4561-488e-bca6-20385b53d77f", "value": "KoKoKrypt Ransomware" @@ -2244,7 +2418,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/l33taf-locker-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "791a6720-d589-4cf7-b164-08b35b453ac7", "value": "L33TAF Locker Ransomware" @@ -2262,7 +2438,9 @@ ], "synonyms": [ "PClock SysGop Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "0.6 - 1.6" }, "uuid": "b78be3f4-e39b-41cc-adc0-5824f246959b", "value": "PClock4 Ransomware" @@ -2281,7 +2459,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/guster-ransomware.html", "https://twitter.com/BleepinComputer/status/812131324979007492" - ] + ], + "payment-method": "Bitcoin", + "price": "0.4" }, "uuid": "ffa7ac2f-b216-4fac-80be-e859a0e0251f", "value": "Guster Ransomware" @@ -2299,7 +2479,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/roga-ransomware.html" - ] + ], + "payment-method": "Website (gift card)" }, "related": [ { @@ -2329,7 +2510,9 @@ ], "synonyms": [ "Fake CryptoLocker" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "4094b021-6654-49d5-9b80-a3666a1c1e44", "value": "CryptoLocker3 Ransomware" @@ -2350,7 +2533,9 @@ "http://www.archersecuritygroup.com/what-is-ransomware/", "https://twitter.com/demonslay335/status/812002960083394560", "https://twitter.com/malwrhunterteam/status/811613888705859586" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "4cf270e7-e4df-49d5-979b-c13d8ce117cc", "value": "ProposalCrypt Ransomware" @@ -2367,7 +2552,9 @@ "https://id-ransomware.blogspot.co.il/2016/12/manifestus-ransomware.html", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-23rd-2016-cryptxxx-koolova-cerber-and-more/", "https://twitter.com/struppigel/status/811587154983981056" - ] + ], + "payment-method": "Bitcoin", + "price": "0.2 (160$)" }, "uuid": "e62ba8f5-e7ce-44ab-ac33-713ace192de3", "value": "Manifestus Ransomware " @@ -2392,7 +2579,9 @@ "synonyms": [ "IDRANSOMv3", "Manifestus" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "related": [ { @@ -2420,7 +2609,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/braincrypt-ransomware.html" - ] + ], + "payment-method": "Email" }, "uuid": "ade6ec5e-e082-43cb-9b82-ff8c0f4d7e56", "value": "BrainCrypt Ransomware" @@ -2437,7 +2627,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/msn-cryptolocker-ransomware.html", "https://twitter.com/struppigel/status/810766686005719040" - ] + ], + "payment-method": "Bitcoin", + "price": "0.2" }, "uuid": "7de27419-9874-4c3f-b75f-429a507ed7c5", "value": "MSN CryptoLocker Ransomware" @@ -2453,7 +2645,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/cryptoblock-ransomware.html", "https://twitter.com/drProct0r/status/810500976415281154" - ] + ], + "payment-method": "Bitcoin", + "price": "0.3" }, "uuid": "7b0df78e-8f00-468f-a6ef-3e1bda2a344c", "value": "CryptoBlock Ransomware " @@ -2472,7 +2666,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/aes-ni-ransomware.html" - ] + ], + "payment-method": "Email" }, "uuid": "69c9b45f-f226-485f-9033-fcb796c315cf", "value": "AES-NI Ransomware " @@ -2491,7 +2686,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/koolova-ransomware.html", "https://www.bleepingcomputer.com/news/security/koolova-ransomware-decrypts-for-free-if-you-read-two-articles-about-ransomware/" - ] + ], + "payment-method": "Game" }, "uuid": "ff6b8fc4-cfe0-45c1-9814-3261e39b4c9a", "value": "Koolova Ransomware" @@ -2521,7 +2717,9 @@ "synonyms": [ "Globe Imposter", "GlobeImposter" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "related": [ { @@ -2548,7 +2746,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/v8locker-ransomware.html" - ] + ], + "payment-method": "Email" }, "uuid": "45862a62-4cb3-4101-84db-8e338d17e283", "value": "V8Locker Ransomware" @@ -2566,7 +2765,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/cryptorium-ransomware.html" - ] + ], + "payment-method": "Website" }, "uuid": "96bd63e5-99bd-490c-a23a-e0092337f6e6", "value": "Cryptorium (Fake Ransomware)" @@ -2584,7 +2784,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/antihacker2017-ransomware.html" - ] + ], + "payment-method": "Email" }, "uuid": "efd64e86-611a-4e10-91c7-e741cf0c58d9", "value": "Antihacker2017 Ransomware" @@ -2601,7 +2802,9 @@ "https://www.bleepingcomputer.com/virus-removal/remove-cia-special-agent-767-screen-locker", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-16th-2016-samas-no-more-ransom-screen-lockers-and-more/", "https://guides.yoosecurity.com/cia-special-agent-767-virus-locks-your-pc-screen-how-to-unlock/" - ] + ], + "payment-method": "Dollars", + "price": "100 - 250 - 500" }, "uuid": "e479e32e-c884-4ea0-97d3-3c3356135719", "value": "CIA Special Agent 767 Ransomware (FAKE!!!)" @@ -2615,7 +2818,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/loveserver-ransomware.html" - ] + ], + "payment-method": "Email" }, "uuid": "d1698a73-8be8-4c10-8114-8cfa1c399eb1", "value": "LoveServer Ransomware " @@ -2636,7 +2840,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/kraken-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "2" }, "uuid": "51737c36-11a0-4c25-bd87-a990bd479aaf", "value": "Kraken Ransomware" @@ -2651,7 +2857,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/antix-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.25" }, "uuid": "8a7e0615-b9bd-41ab-89f1-62d041350e99", "value": "Antix Ransomware" @@ -2671,7 +2879,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/payday-ransomware.html", "https://twitter.com/BleepinComputer/status/808316635094380544" - ] + ], + "payment-method": "Bitcoin", + "price": "950 bresilian real ($)" }, "uuid": "70324b69-6076-4d00-884e-7f9d5537a65a", "value": "PayDay Ransomware " @@ -2686,7 +2896,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/slimhem-ransomware.html" - ] + ], + "payment-method": "no ransom" }, "uuid": "76b14980-e53c-4209-925e-3ab024210734", "value": "Slimhem Ransomware" @@ -2702,7 +2913,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/m4n1f3sto-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.3" }, "uuid": "94a3be6b-3a83-40fb-85b2-555239260235", "value": "M4N1F3STO Ransomware (FAKE!!!!!)" @@ -2717,7 +2930,8 @@ ], "synonyms": [ "DaleLocker Ransomware" - ] + ], + "payment-method": "Email" }, "uuid": "abe6cbe4-9031-46da-9e1c-89d9babe6449", "value": "Dale Ransomware" @@ -2736,7 +2950,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/ultralocker-ransomware.html", "https://twitter.com/struppigel/status/807161652663742465" - ] + ], + "payment-method": "Bitcoin", + "price": "1000 $" }, "uuid": "3a66610b-5197-4af9-b662-d873afc81b2e", "value": "UltraLocker Ransomware" @@ -2756,7 +2972,8 @@ "https://id-ransomware.blogspot.co.il/2016/12/aeskeygenassist-ransomware.html", "https://id-ransomware.blogspot.co.il/2016/09/dxxd-ransomware.html", "https://www.bleepingcomputer.com/forums/t/634258/aes-key-gen-assistprotonmailcom-help-support/" - ] + ], + "payment-method": "Email" }, "uuid": "d755510f-d775-420c-83a0-b0fe9e483256", "value": "AES_KEY_GEN_ASSIST Ransomware" @@ -2775,7 +2992,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/code-virus-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5 - 1" }, "uuid": "a23d7c45-7200-4074-9acf-8789600fa145", "value": "Code Virus Ransomware " @@ -2793,7 +3012,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/flkr-ransomware.html" - ] + ], + "payment-method": "Email" }, "uuid": "1cdc34ce-43b7-4df1-ae8f-ae0acbe5e4ad", "value": "FLKR Ransomware" @@ -2816,7 +3036,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/popcorntime-ransomware.html", "https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5 - 1" }, "uuid": "c1b3477b-cd7f-4726-8744-a2c44275dffd", "value": "PopCorn Time Ransomware" @@ -2834,7 +3056,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/12/hackedlocker-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.33 - 0.5" }, "uuid": "c2624d8e-da7b-4d94-b06f-363131ddb6ac", "value": "HackedLocker Ransomware" @@ -2855,7 +3079,9 @@ "https://id-ransomware.blogspot.co.il/2016/12/goldeneye-ransomware.html", "https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/", "https://www.bleepingcomputer.com/forums/t/634778/golden-eye-virus/" - ] + ], + "payment-method": "Bitcoin", + "price": "1.33 - 1.34" }, "uuid": "ac7affb8-971d-4c05-84f0-172b61d007d7", "value": "GoldenEye Ransomware" @@ -2875,7 +3101,9 @@ "https://id-ransomware.blogspot.co.il/2016/12/sage-ransomware.html", "https://www.bleepingcomputer.com/forums/t/634978/sage-file-sample-extension-sage/", "https://www.bleepingcomputer.com/forums/t/634747/sage-20-ransomware-sage-support-help-topic/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.74 (545 $)" }, "uuid": "3e5a475f-7467-49ab-917a-4d1f590ad9b4", "value": "Sage Ransomware" @@ -2896,7 +3124,9 @@ ], "synonyms": [ "VO_ Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "4(1040 $)" }, "uuid": "5024f328-2595-4dbd-9007-218147e55d5f", "value": "SQ_ Ransomware" @@ -2954,7 +3184,8 @@ "synonyms": [ "Malta Ransomware", "Matrix Ransomware" - ] + ], + "payment-method": "Email" }, "uuid": "42ee85b9-45f8-47a3-9bab-b695ac271544", "value": "Matrix" @@ -2972,7 +3203,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/satan666-ransomware.html" - ] + ], + "payment-method": "Email" }, "uuid": "03d92e7b-95ae-4c5b-8b58-daa2fd98f7a1", "value": "Satan666 Ransomware" @@ -2992,7 +3224,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/rip-ransomware.html", "https://twitter.com/BleepinComputer/status/804810315456200704" - ] + ], + "payment-method": "Bitcoin", + "price": "0.2" }, "uuid": "5705df4a-42b0-4579-ad9f-8bfa42bae471", "value": "RIP (Phoenix) Ransomware" @@ -3013,7 +3247,8 @@ "https://id-ransomware.blogspot.co.il/2016/11/novalid-ransomware.html", "https://www.bleepingcomputer.com/forums/t/634754/locked-in-ransomware-help-support-restore-corupted-fileshtml/", "https://twitter.com/struppigel/status/807169774098796544" - ] + ], + "payment-method": "Bitcoin - Link WebSite" }, "uuid": "777f0b78-e778-435f-b4d5-e40f0b7f54c3", "value": "Locked-In Ransomware or NoValid Ransomware" @@ -3043,7 +3278,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/renlocker-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "957850f7-081a-4191-9e5e-cf9ff27584ac", "value": "RenLocker Ransomware (FAKE)" @@ -3060,7 +3297,8 @@ "https://id-ransomware.blogspot.co.il/2016/11/thanksgiving-ransomware.html", "https://id-ransomware.blogspot.co.il/2016/07/stampado-ransomware-1.html", "https://twitter.com/BleepinComputer/status/801486420368093184" - ] + ], + "payment-method": "Email" }, "uuid": "459ea908-e39e-4274-8866-362281e24911", "value": "Thanksgiving Ransomware" @@ -3079,7 +3317,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/cockblocker-ransomware.html", "https://twitter.com/jiriatvirlab/status/801910919739674624" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "3a40c5ae-b117-45cd-b674-a7750e3f3082", "value": "CockBlocker Ransomware" @@ -3098,7 +3338,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/lomix-ransomware.html", "https://twitter.com/siri_urz/status/801815087082274816" - ] + ], + "payment-method": "Bitcoin", + "price": "0.68096697 (500$)" }, "uuid": "e721b7c5-df07-4e26-b375-fc09a4911451", "value": "Lomix Ransomware" @@ -3120,7 +3362,9 @@ "https://id-ransomware.blogspot.co.il/2016/11/ozozalocker-ransomware.html", "https://decrypter.emsisoft.com/ozozalocker", "https://twitter.com/malwrhunterteam/status/801503401867673603" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "d20b0d12-1a56-4339-b02b-eb3803dc3e6e", "value": "OzozaLocker Ransomware" @@ -3142,7 +3386,8 @@ ], "synonyms": [ "m0on Ransomware" - ] + ], + "payment-method": "WebSite link" }, "uuid": "5539c8e7-2058-4757-b9e3-71ff7d41db31", "value": "Crypute Ransomware" @@ -3165,7 +3410,9 @@ ], "synonyms": [ "Fake Maktub Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "0,5 - 1,5" }, "uuid": "9490641f-6a51-419c-b3dc-c6fa2bab4ab3", "value": "NMoreira Ransomware" @@ -3187,7 +3434,9 @@ "https://rol.im/VindowsUnlocker.zip", "https://twitter.com/JakubKroustek/status/800729944112427008", "https://www.bleepingcomputer.com/news/security/vindowslocker-ransomware-mimics-tech-support-scam-not-the-other-way-around/" - ] + ], + "payment-method": "Call Number", + "price": "349.99$" }, "uuid": "b58e1265-2855-4c8a-ac34-bb1504086084", "value": "VindowsLocker Ransomware" @@ -3207,7 +3456,8 @@ "refs": [ "http://id-ransomware.blogspot.co.il/2016/09/donald-trump-ransomware.html", "https://www.bleepingcomputer.com/news/security/the-donald-trump-ransomware-tries-to-build-walls-around-your-files/" - ] + ], + "payment-method": "no ransom" }, "uuid": "96c10791-258f-4b2b-a2cc-b5abddbdb285", "value": "Donald Trump 2 Ransomware" @@ -3226,7 +3476,8 @@ ], "synonyms": [ "Voldemort Ransomware" - ] + ], + "payment-method": "CreditCard" }, "uuid": "46a35af7-9d05-4de4-a955-41ccf3d3b83b", "value": "Nagini Ransomware" @@ -3246,7 +3497,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/shelllocker-ransomware.html", "https://twitter.com/JakubKroustek/status/799388289337671680" - ] + ], + "payment-method": "Bitcoin", + "price": "100$" }, "uuid": "a8ea7a67-c019-4c6c-8061-8614c47f153e", "value": "ShellLocker Ransomware" @@ -3271,7 +3524,8 @@ ], "synonyms": [ "ChipLocker Ransomware" - ] + ], + "payment-method": "Tor WebSite" }, "uuid": "7487fd37-d4ba-4c85-b6f8-8d4d7d5b74d7", "value": "Chip Ransomware" @@ -3336,7 +3590,8 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/", "https://www.youtube.com/watch?v=qjoYtwLx2TI", "https://twitter.com/GrujaRS/status/1072139616910757888" - ] + ], + "payment-method": "Bitcoin - Email" }, "uuid": "2b365b2c-4a9a-4b66-804d-3b2d2814fe7b", "value": "Dharma Ransomware" @@ -3355,7 +3610,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/angela-merkel-ransomware.html", "https://twitter.com/malwrhunterteam/status/798268218364358656" - ] + ], + "payment-method": "Bitcoin", + "price": "1200€" }, "uuid": "a9bb4ae1-b4da-49bb-aeeb-3596cb883860", "value": "Angela Merkel Ransomware" @@ -3380,7 +3637,9 @@ ], "synonyms": [ "YafunnLocker" - ] + ], + "payment-method": "Bitcoin", + "price": "0.7 - 2.1" }, "uuid": "615b682d-4746-464d-8091-8869d0e6ea2c", "value": "CryptoLuck Ransomware" @@ -3416,7 +3675,9 @@ "synonyms": [ "Nemesis", "X3M" - ] + ], + "payment-method": "Bitcoin", + "price": "0.2 - 2" }, "uuid": "117693d2-1551-486e-93e5-981945eecabd", "value": "Crypton Ransomware" @@ -3438,7 +3699,9 @@ "https://id-ransomware.blogspot.co.il/2016/11/karma-ransomware.html", "https://www.bleepingcomputer.com/news/security/researcher-finds-the-karma-ransomware-being-distributed-via-pay-per-install-network/", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-18th-2016-crysis-cryptoluck-chip-and-more/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "51596eaa-6df7-4aa3-8df4-cec3aeffb1b5", "value": "Karma Ransomware" @@ -3456,7 +3719,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/wickedlocker-ht-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "878c06be-95d7-4a0d-9dba-178ffc1d3e5e", "value": "WickedLocker HT Ransomware" @@ -3486,7 +3751,9 @@ "PClock SuppTeam Ransomware", "WinPlock", "CryptoLocker clone" - ] + ], + "payment-method": "Bitcoin", + "price": "0.55 - 0.65" }, "uuid": "6c38f175-b32a-40ef-8cad-33c2c8840d51", "value": "PClock3 Ransomware" @@ -3509,7 +3776,8 @@ ], "synonyms": [ "Kolobocheg Ransomware" - ] + ], + "payment-method": "Email" }, "uuid": "f32f0bec-961b-4c01-9cc1-9cf409efd598", "value": "Kolobo Ransomware" @@ -3531,7 +3799,9 @@ ], "synonyms": [ "Paysafecard Generator 2016" - ] + ], + "payment-method": "PaySafeCard", + "price": "100€" }, "uuid": "379d5258-6f11-4c41-a685-c2ff555c0cb9", "value": "PaySafeGen (German) Ransomware" @@ -3553,7 +3823,9 @@ "https://malwarebytes.app.box.com/s/kkxwgzbpwe7oh59xqfwcz97uk0q05kp3", "https://blog.malwarebytes.com/threat-analysis/2016/11/telecrypt-the-ransomware-abusing-telegram-api-defeated/", "https://securelist.com/blog/research/76558/the-first-cryptor-to-exploit-telegram/" - ] + ], + "payment-method": "Qhvi-wallet / Yandex-wallet", + "price": "5000 rubles" }, "uuid": "2f362760-925b-4948-aae5-dd0d2fc21002", "value": "Telecrypt Ransomware" @@ -3573,7 +3845,9 @@ "https://id-ransomware.blogspot.co.il/2016/11/cerbertear-ransomware.html", "https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/november-2016-month-ransomware/", "https://twitter.com/struppigel/status/795630452128227333" - ] + ], + "payment-method": "Bitcoin", + "price": "0.4" }, "uuid": "28808e63-e71f-4aaa-b203-9310745f87b6", "value": "CerberTear Ransomware" @@ -3588,7 +3862,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/fucksociety-ransomware.html" - ] + ], + "payment-method": "Bitcoin" }, "uuid": "81c476c3-3190-440d-be4a-ea875e9415aa", "value": "FuckSociety Ransomware" @@ -3614,7 +3889,9 @@ ], "synonyms": [ "Serpent Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "0.33" }, "uuid": "4818a48a-dfc2-4f35-a76d-e4fb462d6c94", "value": "PayDOS Ransomware" @@ -3651,7 +3928,9 @@ "https://id-ransomware.blogspot.co.il/2016/11/gremit-ransomware.html", "https://twitter.com/struppigel/status/794444032286060544", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-4th-2016-cerber-paydos-alcatraz-locker-and-more/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.03" }, "uuid": "47512afc-ecf2-4766-8487-8f3bc8dddbf3", "value": "Gremit Ransomware" @@ -3669,7 +3948,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/hollycrypt-ransomware.html" - ] + ], + "payment-method": "Bitcoin Email" }, "uuid": "b77298c1-3f84-4ffb-a81b-36eab5c10881", "value": "Hollycrypt Ransomware" @@ -3690,7 +3970,8 @@ ], "synonyms": [ "BTC Ransomware" - ] + ], + "payment-method": "Email" }, "uuid": "3f461284-85a1-441c-b07d-8b547be43ca2", "value": "BTCLocker Ransomware" @@ -3710,7 +3991,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/kangaroo-ransomware.html", "https://www.bleepingcomputer.com/news/security/the-kangaroo-ransomware-not-only-encrypts-your-data-but-tries-to-lock-you-out-of-windows/" - ] + ], + "payment-method": "Bitcoin", + "price": "2" }, "uuid": "5ab1449f-7e7d-47e7-924a-8662bc2df805", "value": "Kangaroo Ransomware" @@ -3728,7 +4011,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/dummyencrypter-ransomware.html" - ] + ], + "payment-method": "Email" }, "uuid": "6bf055c6-acb2-4459-92b0-70d61616ab62", "value": "DummyEncrypter Ransomware" @@ -3750,7 +4034,8 @@ ], "synonyms": [ "SFX Monster Ransomware" - ] + ], + "payment-method": "Email" }, "uuid": "317cab8a-31a1-4a82-876a-94edc7afffba", "value": "Encryptss77 Ransomware" @@ -3768,7 +4053,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/winrarer-ransomware.html" - ] + ], + "payment-method": "Website (onion)" }, "uuid": "7ee22340-ed89-4e22-b085-257bde4c0fc5", "value": "WinRarer Ransomware" @@ -3786,7 +4072,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/russian-globe-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5 - 1" }, "uuid": "30771cde-2543-4c13-b722-ff940f235b0f", "value": "Russian Globe Ransomware" @@ -3804,7 +4092,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/11/zerocrypt-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "10 (7300 $)" }, "uuid": "e999ca18-61cb-4419-a2fa-ab8af6ebe8dc", "value": "ZeroCrypt Ransomware" @@ -3835,7 +4125,9 @@ "RotorCrypt", "RotoCrypt", "Tar Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "7 (2000 - 5000 $)" }, "uuid": "63991ed9-98dc-4f24-a0a6-ff58e489c263", "value": "RotorCrypt(RotoCrypt, Tar) Ransomware" @@ -3853,7 +4145,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/ishtar-ransomware.html" - ] + ], + "payment-method": "Email - rubles", + "price": "15 000" }, "uuid": "30cad868-b2f1-4551-8f76-d17695c67d52", "value": "Ishtar Ransomware" @@ -3873,7 +4167,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/masterbuster-ransomware.html", "https://twitter.com/struppigel/status/791943837874651136" - ] + ], + "payment-method": "rupies", + "price": "3500 - 5000 - 10 000" }, "uuid": "07f859cd-9c36-4dae-a6fc-fa4e4aa36176", "value": "MasterBuster Ransomware" @@ -3895,7 +4191,9 @@ ], "synonyms": [ "Jack.Pot Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "3" }, "uuid": "04f1772a-053e-4f6e-a9af-3f83ab312633", "value": "JackPot Ransomware" @@ -3915,7 +4213,9 @@ "https://id-ransomware.blogspot.co.il/2016/10/onyx-ransomware.html", "https://twitter.com/struppigel/status/791557636164558848", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28-2016-locky-angry-duck-and-more/" - ] + ], + "payment-method": "Bitcoin", + "price": "100 $" }, "uuid": "927a4150-9380-4310-9f68-cb06d8debcf2", "value": "ONYX Ransomeware" @@ -3935,7 +4235,9 @@ "https://id-ransomware.blogspot.co.il/2016/10/ifn643-ransomware.html", "https://twitter.com/struppigel/status/791576159960072192", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28-2016-locky-angry-duck-and-more/" - ] + ], + "payment-method": "Bitcoin", + "price": "1000 $" }, "uuid": "ddeab8b3-5df2-414e-9c6b-06b309e1fcf4", "value": "IFN643 Ransomware" @@ -3957,7 +4259,8 @@ "https://id-ransomware.blogspot.co.il/2016/10/alcatraz-locker-ransomware.html", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-4th-2016-cerber-paydos-alcatraz-locker-and-more/", "https://twitter.com/PolarToffee/status/792796055020642304" - ] + ], + "payment-method": "Email" }, "uuid": "2ad63264-8f52-4ab4-ad26-ca8c3bcc066e", "value": "Alcatraz Locker Ransomware" @@ -3977,7 +4280,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/esmeralda-ransomware.html", "https://www.bleepingcomputer.com/forums/t/630835/esmeralda-ransomware/" - ] + ], + "payment-method": "Email" }, "uuid": "ff5a04bb-d412-4cb3-9780-8d3488b7c268", "value": "Esmeralda Ransomware" @@ -3995,7 +4299,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/encryptile-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.053773" }, "uuid": "56e49b84-a250-4aaf-9f65-412616709652", "value": "EncrypTile Ransomware" @@ -4014,7 +4320,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/fileice-ransomware-survey.html", "https://www.bleepingcomputer.com/news/security/in-dev-ransomware-forces-you-do-to-survey-before-unlocking-computer/" - ] + ], + "payment-method": "Game" }, "uuid": "ca5d0e52-d0e4-4aa9-872a-0669433c0dcc", "value": "Fileice Ransomware Survey Ransomware" @@ -4035,7 +4342,9 @@ "https://id-ransomware.blogspot.co.il/2016/10/cryptowire-ransomware.html", "https://twitter.com/struppigel/status/791554654664552448", "https://www.bleepingcomputer.com/news/security/-proof-of-concept-cryptowire-ransomware-spawns-lomix-and-ultralocker-families/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.29499335" }, "uuid": "4e6e45c2-8e13-49ad-8b27-e5aeb767294a", "value": "CryptoWire Ransomeware" @@ -4062,7 +4371,8 @@ ], "synonyms": [ "Hungarian Locky Ransomware" - ] + ], + "payment-method": "Email" }, "uuid": "74f91a93-4f1e-4603-a6f5-aaa40d2dd311", "value": "Hucky Ransomware" @@ -4082,7 +4392,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/winnix-cryptor-ransomware.html", "https://twitter.com/PolarToffee/status/811940037638111232" - ] + ], + "payment-method": "Bitcoin", + "price": "2 - 4" }, "uuid": "e30e663d-d8c8-44f2-8da7-03b1a9c52376", "value": "Winnix Cryptor Ransomware" @@ -4102,7 +4414,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/angryduck-ransomware.html", "https://twitter.com/demonslay335/status/790334746488365057" - ] + ], + "payment-method": "Bitcoin", + "price": "10 (7300 $)" }, "uuid": "2813a5c7-530b-492f-8d77-fe7b1ed96a65", "value": "AngryDuck Ransomware" @@ -4122,7 +4436,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/lock93-ransomware.html", "https://twitter.com/malwrhunterteam/status/789882488365678592" - ] + ], + "payment-method": "Email", + "price": "1000 rubles" }, "uuid": "2912426d-2a26-4091-a87f-032a6d3d28c1", "value": "Lock93 Ransomware" @@ -4139,7 +4455,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/asn1-encoder-ransomware.html", "https://malwarebreakdown.com/2017/03/02/rig-ek-at-92-53-105-43-drops-asn1-ransomware/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.25 - 0.5" }, "uuid": "dd99cc50-91f7-4375-906a-7d09c76ee9f7", "value": "ASN1 Encoder Ransomware" @@ -4158,7 +4476,8 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/click-me-ransomware.html", "https://www.youtube.com/watch?v=Xe30kV4ip8w" - ] + ], + "payment-method": "Email Bitcoin" }, "uuid": "97bdadda-e874-46e6-8672-11dbfe3958c4", "value": "Click Me Ransomware" @@ -4176,7 +4495,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/airacrop-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "e7a5c384-a93c-4ed4-8411-ca1e52396256", "value": "AiraCrop Ransomware" @@ -4202,7 +4523,8 @@ "SHC Ransomware", "SHCLocker", "SyNcryption" - ] + ], + "payment-method": "Email" }, "uuid": "d579e5b6-c6fd-43d9-9213-7591cd324f94", "value": "JapanLocker Ransomware" @@ -4222,7 +4544,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/anubis-ransomware.html", "http://nyxbone.com/malware/Anubis.html" - ] + ], + "payment-method": "Bitcoin", + "price": "1 - 2.5 - 3" }, "uuid": "a6215279-37d8-47f7-9b1b-efae4178c738", "value": "Anubis Ransomware" @@ -4237,7 +4561,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/xtplocker-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "2" }, "uuid": "eef4bf49-5b1d-463a-aef9-538c5dc2f71f", "value": "XTPLocker 5.0 Ransomware" @@ -4261,7 +4587,9 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-14-2016-exotic-lockydump-comrade-and-more/", "https://www.cyber.nj.gov/threat-profiles/ransomware-variants/exotic-ransomware", "https://id-ransomware.blogspot.co.il/2016/10/exotic-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "50 $" }, "uuid": "eb22cb8d-763d-4cac-af35-46dc4f85317b", "value": "Exotic Ransomware" @@ -4279,7 +4607,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/apt-ransomware-2.html" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "6ec0f43c-6b73-4f5e-bee7-a231572eb994", "value": "APT Ransomware v.2" @@ -4302,7 +4632,9 @@ "synonyms": [ "WS Go Ransonware", "Trojan.Encoder.6491" - ] + ], + "payment-method": "Bitcoin", + "price": "0.0523" }, "related": [ { @@ -4330,7 +4662,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/ncrypt-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.2" }, "uuid": "d590865e-f3ae-4381-9d82-3f540f9818cb", "value": "NCrypt Ransomware" @@ -4350,7 +4684,8 @@ "https://id-ransomware.blogspot.co.il/2016/10/venis-ransomware.html", "https://twitter.com/Antelox/status/785849412635521024", "http://pastebin.com/HuK99Xmj" - ] + ], + "payment-method": "Email" }, "uuid": "b9cfe6f3-5970-4283-baf4-252e0491b91c", "value": "Venis Ransomware" @@ -4368,7 +4703,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/enigma-2-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "200 $" }, "uuid": "507506a3-3745-47fd-8d31-ef122317c0c2", "value": "Enigma 2 Ransomware" @@ -4387,7 +4724,9 @@ ], "synonyms": [ "Deadly for a Good Purpose Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "500$" }, "uuid": "a25e39b0-b601-403c-bba8-2f595e221269", "value": "Deadly Ransomware" @@ -4407,7 +4746,9 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/comrade-circle-ransomware.html" - ] + ], + "payment-method": "Bitcoin", + "price": "~2" }, "uuid": "db23145a-e15b-4cf7-9d2c-ffa9928750d5", "value": "Comrade Circle Ransomware" @@ -4441,7 +4782,9 @@ ], "synonyms": [ "Purge Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "0.8 - 1" }, "related": [ { @@ -4470,7 +4813,9 @@ "refs": [ "https://id-ransomware.blogspot.co.il/2016/10/kostya-ransomware.html", "http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-14-2016-exotic-lockydump-comrade-and-more/" - ] + ], + "payment-method": "PaySafe", + "price": "300 CZK - 2000 CZK after 12 hours" }, "uuid": "7d6f02d2-a626-40f6-81c3-14e3a9a2aea5", "value": "Kostya Ransomware" @@ -4487,8 +4832,10 @@ "https://4.bp.blogspot.com/-nskzYgbg7Ac/V_jpJ3GApqI/AAAAAAAABos/EbG_-BLDPqA9bRVOWdzHjPnDWFiHYlsJwCLcB/s1600/ransom-note.png" ], "refs": [ - "https://id-ransomware.blogspot.co.il/2016/10/fs0ciety-locker-ransomware.htm" - ] + "https://id-ransomware.blogspot.co.il/2016/10/fs0ciety-locker-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1.5" }, "uuid": "ed3a4f8a-49de-40c3-9acb-da1b78f89c4f", "value": "Fs0ciety Locker Ransomware" @@ -4506,7 +4853,8 @@ ], "refs": [ "https://id-ransomware.blogspot.co.il/2016/09/erebus-ransomware.html" - ] + ], + "payment-method": "Tor WebSite" }, "uuid": "6a77c96b-1814-427f-83ca-fe7e0e40b1c0", "value": "Erebus Ransomware" @@ -4524,7 +4872,9 @@ "WanaCrypt0r", "WCrypt", "WCRY" - ] + ], + "payment-method": "Bitcoin", + "price": "0.1781 (300$ - $600)" }, "related": [ { @@ -4550,7 +4900,8 @@ ], "refs": [ "http://www.nyxbone.com/malware/CryptoHasYou.html" - ] + ], + "payment-method": "Email" }, "uuid": "a0ce5d94-a22a-40db-a09f-a796d0bb4006", "value": ".CryptoHasYou." @@ -4572,7 +4923,9 @@ ], "synonyms": [ "Sevleg" - ] + ], + "payment-method": "Bitcoin", + "price": "0.1 (37$)" }, "uuid": "cd9e9eaa-0895-4d55-964a-b53eacdfd36a", "value": "777" @@ -4594,7 +4947,9 @@ ], "synonyms": [ "7ev3n-HONE$T" - ] + ], + "payment-method": "Bitcoin", + "price": "13 (4980$)" }, "related": [ { @@ -4636,7 +4991,8 @@ ], "refs": [ "https://twitter.com/PolarToffee/status/796079699478900736" - ] + ], + "payment-method": "WebSite (onion) - Email" }, "uuid": "77919c1f-4ef8-41cd-a635-2d3118ade1f3", "value": "AiraCrop" @@ -4653,7 +5009,8 @@ ], "refs": [ "https://decrypter.emsisoft.com/al-namrood" - ] + ], + "payment-method": "Email" }, "uuid": "0040dca4-bf2e-43cb-89ae-ab1b50f1183d", "value": "Al-Namrood" @@ -4668,8 +5025,11 @@ "README HOW TO DECRYPT YOUR FILES.HTML" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/new-alfa-or-alpha-ransomware-from-the-same-devs-as-cerber/" - ] + "http://www.bleepingcomputer.com/news/security/new-alfa-or-alpha-ransomware-from-the-same-devs-as-cerber/", + "https://news.softpedia.com/news/cerber-devs-create-new-ransomware-called-alfa-506165.shtml" + ], + "payment-method": "Bitcoin", + "price": "1 (650$)" }, "uuid": "888abc95-9e01-4cbc-a6e5-058eb9314f51", "value": "ALFA Ransomware" @@ -4689,7 +5049,9 @@ "https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=d4173312-989b-4721-ad00-8308fff353b3&placement_guid=22f2fe97-c748-4d6a-9e1e-ba3fb1060abe&portal_id=326665&redirect_url=APefjpGnqFjmP_xzeUZ1Y55ovglY1y1ch7CgMDLit5GTHcW9N0ztpnIE-ZReqqv8MDj687_4Joou7Cd2rSx8-De8uhFQAD_Len9QpT7Xvu8neW5drkdtTPV7hAaou0osAi2O61dizFXibewmpO60UUCd5OazCGz1V6yT_3UFMgL0x9S1VeOvoL_ucuER8g2H3f1EfbtYBw5QFWeUmrjk-9dGzOGspyn303k9XagBtF3SSX4YWSyuEs03Vq7Fxb04KkyKc4GJx-igK98Qta8iMafUam8ikg8XKPkob0FK6Pe-wRZ0QVWIIkM&hsutk=34612af1cd87864cf7162095872571d1&utm_referrer=https%3A%2F%2Finfo.phishlabs.com%2Fblog%2Falma-ransomware-analysis-of-a-new-ransomware-threat-and-a-decrypter&canon=https%3A%2F%2Finfo.phishlabs.com%2Fblog%2Falma-ransomware-analysis-of-a-new-ransomware-threat-and-a-decrypter&__hstc=61627571.34612af1cd87864cf7162095872571d1.1472135921345.1472140656779.1472593507113.3&__hssc=61627571.1.1472593507113&__hsfp=1114323283", "https://info.phishlabs.com/blog/alma-ransomware-analysis-of-a-new-ransomware-threat-and-a-decrypter", "http://www.bleepingcomputer.com/news/security/new-alma-locker-ransomware-being-distributed-via-the-rig-exploit-kit/" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "76a08868-345f-4566-a403-5f5e575dfee5", "value": "Alma Ransomware" @@ -4711,7 +5073,9 @@ ], "synonyms": [ "AlphaLocker" - ] + ], + "payment-method": "Itunes Gift Cards", + "price": "400$" }, "related": [ { @@ -4736,8 +5100,11 @@ "READ_ME.txt" ], "refs": [ - "https://twitter.com/benkow_/status/747813034006020096" - ] + "https://twitter.com/benkow_/status/747813034006020096", + "https://www.enigmasoftware.com/ambaransomware-removal/" + ], + "payment-method": "Bitcoin", + "price": "Depending on the victim’s situation" }, "uuid": "8dd289d8-71bc-42b0-aafd-540dafa93343", "value": "AMBA" @@ -4753,7 +5120,9 @@ ], "refs": [ "https://twitter.com/BleepinComputer/status/844531418474708993" - ] + ], + "payment-method": "Bitcoin", + "price": "3" }, "uuid": "e06526ac-0083-44ab-8787-dd7278746bb6", "value": "AngleWare" @@ -4766,7 +5135,8 @@ ], "synonyms": [ "ngocanh" - ] + ], + "payment-method": "Write a FaceBook message" }, "uuid": "5b94100d-83bb-4e30-be7a-6015c00356e0", "value": "Anony" @@ -4797,7 +5167,8 @@ ], "synonyms": [ "Fabiansomeware" - ] + ], + "payment-method": "Email - WebSite (onion)" }, "related": [ { @@ -4830,7 +5201,8 @@ ], "refs": [ "http://decrypter.emsisoft.com/download/apocalypsevm" - ] + ], + "payment-method": "Email - WebSite (onion)" }, "uuid": "5bc9c3a5-a35f-43aa-a999-fc7cd0685994", "value": "ApocalypseVM" @@ -4847,7 +5219,9 @@ ], "refs": [ "https://decrypter.emsisoft.com/autolocky" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5 - 1" }, "uuid": "803fa9e2-8803-409a-b455-3a886c23fae4", "value": "AutoLocky" @@ -4875,7 +5249,9 @@ "https://decrypter.emsisoft.com/badblock", "http://www.nyxbone.com/malware/BadBlock.html", "http://www.nyxbone.com/images/articulos/malware/badblock/5.png" - ] + ], + "payment-method": "Bitcoin", + "price": "2 (888,4$)" }, "uuid": "f1a30552-21c1-46be-8b5f-64bd62b03d35", "value": "BadBlock" @@ -4911,7 +5287,8 @@ ], "synonyms": [ "Rakhni" - ] + ], + "payment-method": "Email - Telegram" }, "related": [ { @@ -4944,7 +5321,9 @@ ], "synonyms": [ "BaCrypt" - ] + ], + "payment-method": "Bitcoin", + "price": "3" }, "related": [ { @@ -4965,8 +5344,11 @@ ".clf" ], "refs": [ - "https://noransom.kaspersky.com/" - ] + "https://noransom.kaspersky.com/", + "https://id-ransomware.blogspot.com/2016/05/bitcryptor-ransomware-aes-256-1-btc.html" + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "b5e9a802-cd17-4cd6-b83d-f36cce009808", "value": "BitCryptor" @@ -4979,8 +5361,11 @@ ".bitstak" ], "refs": [ - "https://download.bleepingcomputer.com/demonslay335/BitStakDecrypter.zip" - ] + "https://download.bleepingcomputer.com/demonslay335/BitStakDecrypter.zip", + "https://id-ransomware.blogspot.com/2016/07/ransomware-007867.html" + ], + "payment-method": "Bitcoin", + "price": "0.07867 (40€)" }, "uuid": "33e398fa-2586-415e-9b18-6ea2ea36ff74", "value": "BitStak" @@ -4997,11 +5382,14 @@ "YourID.txt" ], "refs": [ - "http://nyxbone.com/malware/BlackShades.html" + "http://nyxbone.com/malware/BlackShades.html", + "https://id-ransomware.blogspot.com/2016/06/silentshade-ransomware-blackshades.html" ], "synonyms": [ "SilentShade" - ] + ], + "payment-method": "Bitcoin", + "price": "0.07 (30$)" }, "uuid": "bf065217-e13a-4f6d-a5b2-ba0750b5c312", "value": "BlackShades Crypter" @@ -5015,7 +5403,9 @@ ], "refs": [ "http://www.bleepingcomputer.com/forums/t/614456/bloccato-ransomware-bloccato-help-support-leggi-questo-filetxt/" - ] + ], + "payment-method": "Bitcoin", + "price": "5 - 10" }, "uuid": "a3e1cfec-aacd-4d84-aa7d-99ed6c17f26d", "value": "Blocatto" @@ -5033,7 +5423,12 @@ "tags": [ "estimative-language:likelihood-probability=\"likely\"" ], - "type": "similar" + "type": "similar", + "refs": [ + "https://id-ransomware.blogspot.com/2016/05/booyah-ransomware-1-2-btc.html" + ], + "payment-method": "Bitcoin", + "price": "1-2 / 7 after 1 week" } ], "uuid": "eee75995-321f-477f-8b57-eee4eedf4ba3", @@ -5052,7 +5447,9 @@ "refs": [ "http://www.nyxbone.com/malware/brazilianRansom.html", "http://www.nyxbone.com/images/articulos/malware/brazilianRansom/0.png" - ] + ], + "payment-method": "Reais", + "price": "2000 (543$)" }, "uuid": "f9cf4f0d-3efc-4d6d-baf2-7dcb96db1279", "value": "Brazilian" @@ -5068,7 +5465,9 @@ ], "refs": [ "https://twitter.com/JakubKroustek/status/821831437884211201" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "d2bc5ec4-1dd1-408a-a6f6-621986657dff", "value": "Brazilian Globe" @@ -5079,7 +5478,9 @@ "encryption": "AES", "refs": [ "https://www.proofpoint.com/us/threat-insight/post/ransomware-explosion-continues-cryptflle2-brlock-mm-locker-discovered" - ] + ], + "payment-method": "Phone Number", + "price": "1000 Rubles (15$)" }, "uuid": "889d2296-40d2-49f6-be49-cbdfbcde2246", "value": "BrLock" @@ -5100,7 +5501,9 @@ ], "refs": [ "https://twitter.com/malwrhunterteam/status/845199679340011520" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "8d60dec9-d43f-4d52-904f-40fb67e57ef7", "value": "BTCWare Related to / new version of CryptXXX" @@ -5110,8 +5513,11 @@ "meta": { "encryption": "GOST", "refs": [ - "http://researchcenter.paloaltonetworks.com/2016/05/unit42-bucbi-ransomware-is-back-with-a-ukrainian-makeover/" - ] + "http://researchcenter.paloaltonetworks.com/2016/05/unit42-bucbi-ransomware-is-back-with-a-ukrainian-makeover/", + "https://id-ransomware.blogspot.com/2016/05/bucbi-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "5" }, "uuid": "3510ce65-80e6-4f80-8cde-bb5ad8a271c6", "value": "Bucbi" @@ -5124,6 +5530,9 @@ ], "ransomnotes": [ "BUYUNLOCKCODE.txt" + ], + "refs": [ + "https://id-ransomware.blogspot.com/2016/05/buyunlockcode-ransomware-rsa-1024.html" ] }, "uuid": "289624c4-1d50-4178-9371-aebd95f423f9", @@ -5140,8 +5549,11 @@ "!Recovery_[random_chars].txt" ], "refs": [ - "http://www.bleepingcomputer.com/forums/t/625820/central-security-treatment-organization-ransomware-help-topic-cry-extension/" - ] + "http://www.bleepingcomputer.com/forums/t/625820/central-security-treatment-organization-ransomware-help-topic-cry-extension/", + "https://id-ransomware.blogspot.com/2016/09/cry-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "Variable / 0.3 - 1.2 / Double after 4 days and 4 hours" }, "related": [ { @@ -5192,7 +5604,9 @@ ], "synonyms": [ "CRBR ENCRYPTOR" - ] + ], + "payment-method": "Bitcoin", + "price": "1.24 / 2.48 after 7 days" }, "related": [ { @@ -5221,7 +5635,9 @@ "refs": [ "http://www.bleepingcomputer.com/news/security/chimera-ransomware-decryption-keys-released-by-petya-devs/", "https://blog.malwarebytes.org/threat-analysis/2015/12/inside-chimera-ransomware-the-first-doxingware-in-wild/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.939" }, "uuid": "27b036f0-afa3-4984-95b3-47fa344b1aa7", "value": "Chimera" @@ -5231,7 +5647,9 @@ "meta": { "refs": [ "https://twitter.com/JakubKroustek/status/794956809866018816" - ] + ], + "payment-method": "Paypal", + "price": "20$" }, "uuid": "af3b3bbb-b54d-49d0-8e58-e9c56762a96b", "value": "Clock" @@ -5246,8 +5664,11 @@ "wallpaper.jpg" ], "refs": [ - "https://noransom.kaspersky.com/" - ] + "https://noransom.kaspersky.com/", + "https://id-ransomware.blogspot.com/2016/05/bitcryptor-ransomware-aes-256-1-btc.html" + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "15941fb1-08f0-4276-a61f-e2a306d6c6b5", "value": "CoinVault" @@ -5266,8 +5687,11 @@ "!!!-WARNING-!!!.txt" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/paying-the-coverton-ransomware-may-not-get-your-data-back/" - ] + "http://www.bleepingcomputer.com/news/security/paying-the-coverton-ransomware-may-not-get-your-data-back/", + "https://id-ransomware.blogspot.com/2016/04/coverton-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "36450e8c-ff66-4ecf-9c0f-fbfb27a72d63", "value": "Coverton" @@ -5311,8 +5735,11 @@ ], "refs": [ "SHTODELATVAM.txt", - "Instructionaga.txt" - ] + "Instructionaga.txt", + "https://id-ransomware.blogspot.com/2016/06/cryfile-ransomware-100.html" + ], + "payment-method": "Email", + "price": "100$" }, "uuid": "0d46e21d-8f1c-4355-8205-185fb7e041a7", "value": "CryFile" @@ -5328,13 +5755,16 @@ "!Recovery_[random_chars].txt" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/the-crylocker-ransomware-communicates-using-udp-and-stores-data-on-imgur-com/" + "http://www.bleepingcomputer.com/news/security/the-crylocker-ransomware-communicates-using-udp-and-stores-data-on-imgur-com/", + "https://id-ransomware.blogspot.com/2016/09/cry-ransomware.html" ], "synonyms": [ "Cry", "CSTO", "Central Security Treatment Organization" - ] + ], + "payment-method": "Bitcoin", + "price": "Variable / 0.3 - 1.2 / Double after 4 days and 4 hours" }, "related": [ { @@ -5365,8 +5795,11 @@ "README.BMP" ], "refs": [ - "http://blog.trendmicro.com/trendlabs-security-intelligence/crypmic-ransomware-wants-to-follow-cryptxxx/" - ] + "http://blog.trendmicro.com/trendlabs-security-intelligence/crypmic-ransomware-wants-to-follow-cryptxxx/", + "https://id-ransomware.blogspot.com/2016/07/crypmic-ransomware-aes-256.html" + ], + "payment-method": "Bitcoin", + "price": "Variable / 0.3 - 1.2 / Double after 4 days and 4 hours" }, "uuid": "82cb7a40-0a78-4414-9afd-028d6b3082ea", "value": "CrypMIC" @@ -5384,7 +5817,9 @@ "https://github.com/pekeinfo/DecryptCrypren", "http://www.nyxbone.com/malware/Crypren.html", "http://www.nyxbone.com/images/articulos/malware/crypren/0.png" - ] + ], + "payment-method": "Bitcoin", + "price": "0.1 (45$)" }, "uuid": "a9f05b4e-6b03-4211-a2bd-6b4432eb3388", "value": "Crypren" @@ -5398,8 +5833,11 @@ ], "refs": [ "https://download.bleepingcomputer.com/demonslay335/Crypt38Keygen.zip", - "https://blog.fortinet.com/2016/06/17/buggy-russian-ransomware-inadvertently-allows-free-decryption" - ] + "https://blog.fortinet.com/2016/06/17/buggy-russian-ransomware-inadvertently-allows-free-decryption", + "https://id-ransomware.blogspot.com/2016/06/regist-crypt38-ransomware-aes-1000-15.html" + ], + "payment-method": "Rubles", + "price": "1000 (15$)" }, "uuid": "12a96f43-8a8c-410e-aaa3-ba6735276555", "value": "Crypt38" @@ -5409,7 +5847,9 @@ "meta": { "refs": [ "https://twitter.com/jiriatvirlab/status/802554159564062722" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "37edc8d7-c939-4a33-9ed5-dafbbc1e5b1e", "value": "Crypter" @@ -5423,8 +5863,11 @@ "id[_ID]email_xerx@usa.com.scl" ], "refs": [ - "https://www.proofpoint.com/us/threat-insight/post/ransomware-explosion-continues-cryptflle2-brlock-mm-locker-discovered" - ] + "https://www.proofpoint.com/us/threat-insight/post/ransomware-explosion-continues-cryptflle2-brlock-mm-locker-discovered", + "https://id-ransomware.blogspot.com/2016/06/cryptfile2-ransomware-rsa-email.html" + ], + "payment-method": "Bitcoin", + "price": "0.5 - 1.5" }, "uuid": "5b0dd136-6428-48c8-b2a6-8e926a82dfac", "value": "CryptFIle2" @@ -5436,8 +5879,11 @@ ".crinf" ], "refs": [ - "https://decrypter.emsisoft.com/" - ] + "https://decrypter.emsisoft.com/", + "https://id-ransomware.blogspot.com/2016/06/cryptfile2-ransomware-rsa-email.html" + ], + "payment-method": "Bitcoin", + "price": "0.5 - 1.5" }, "uuid": "2b0d60c3-6560-49ac-baf0-5f642e8a77de", "value": "CryptInfinite" @@ -5451,8 +5897,11 @@ ], "refs": [ "http://www.pandasecurity.com/mediacenter/panda-security/cryptobit/", - "http://news.softpedia.com/news/new-cryptobit-ransomware-could-be-decryptable-503239.shtml" - ] + "http://news.softpedia.com/news/new-cryptobit-ransomware-could-be-decryptable-503239.shtml", + "https://id-ransomware.blogspot.com/2016/04/cryptobit-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1 - 2" }, "related": [ { @@ -5475,8 +5924,11 @@ "HOW_DECRYPT.URL" ], "refs": [ - "https://decrypter.emsisoft.com/" - ] + "https://decrypter.emsisoft.com/", + "https://id-ransomware.blogspot.com/2016/04/cryptodefense-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.9 (500$) - 1.9 (1000$) after 4 days" }, "uuid": "ad9eeff2-91b4-440a-ae74-ab84d3e2075e", "value": "CryptoDefense" @@ -5486,11 +5938,14 @@ "meta": { "refs": [ "http://blog.talosintel.com/2016/07/ranscam.html", - "https://nakedsecurity.sophos.com/2016/07/13/ransomware-that-demands-money-and-gives-you-back-nothing/" + "https://nakedsecurity.sophos.com/2016/07/13/ransomware-that-demands-money-and-gives-you-back-nothing/", + "https://id-ransomware.blogspot.com/search?q=CryptoFinancial" ], "synonyms": [ "Ranscam" - ] + ], + "payment-method": "Bitcoin", + "price": "0.2" }, "related": [ { @@ -5513,7 +5968,12 @@ ], "ransomnotes": [ "READ IF YOU WANT YOUR FILES BACK.html" - ] + ], + "refs": [ + "https://id-ransomware.blogspot.com/2016/05/cryptofortress-ransomware-aes-256-1.html" + ], + "payment-method": "Bitcoin", + "price": "1" }, "related": [ { @@ -5559,13 +6019,16 @@ "meta": { "encryption": "AES-256 (RAR implementation)", "refs": [ - "http://www.bleepingcomputer.com/news/security/cryptohost-decrypted-locks-files-in-a-password-protected-rar-file/" + "http://www.bleepingcomputer.com/news/security/cryptohost-decrypted-locks-files-in-a-password-protected-rar-file/", + "https://id-ransomware.blogspot.com/2016/04/cryptohost-ransomware.html" ], "synonyms": [ "Manamecrypt", "Telograph", "ROI Locker" - ] + ], + "payment-method": "Bitcoin", + "price": "0.33" }, "related": [ { @@ -5590,7 +6053,12 @@ "README!!!.txt", "GetYouFiles.txt", "crjoker.html" - ] + ], + "refs": [ + "https://id-ransomware.blogspot.com/2017/07/cryptojoker-2017-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "100€" }, "related": [ { @@ -5633,7 +6101,8 @@ "meta": { "refs": [ "https://twitter.com/malwrhunterteam/status/839747940122001408" - ] + ], + "payment-method": "Email" }, "uuid": "8d5e3b1f-e333-4eed-8dec-d74f19d6bcbb", "value": "CryptoLocker 1.0.0" @@ -5643,7 +6112,9 @@ "meta": { "refs": [ "https://twitter.com/malwrhunterteam/status/782890104947867649" - ] + ], + "payment-method": "Bitcoin", + "price": "250€" }, "uuid": "e1412d2a-2a94-4c83-aed0-9e09523514a4", "value": "CryptoLocker 5.1" @@ -5710,7 +6181,9 @@ ], "synonyms": [ "Zeta" - ] + ], + "payment-method": "Bitcoin", + "price": "5" }, "related": [ { @@ -5729,7 +6202,9 @@ "meta": { "refs": [ "https://twitter.com/malwrhunterteam/status/817672617658347521" - ] + ], + "payment-method": "Bitcoin", + "price": "Some Bitcoins" }, "related": [ { @@ -5754,8 +6229,11 @@ "!Where_are_my_files!.html" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/new-ransomware-called-cryptoroger-that-appends-crptrgr-to-encrypted-files/" - ] + "http://www.bleepingcomputer.com/news/security/new-ransomware-called-cryptoroger-that-appends-crptrgr-to-encrypted-files/", + "https://id-ransomware.blogspot.com/2016/06/cryptoroger-aes-256-0.html" + ], + "payment-method": "Bitcoin", + "price": "0.5 (360$)" }, "uuid": "b6fe71ba-b0f4-4cc4-b84c-d3d80a37eada", "value": "CryptoRoger" @@ -5787,8 +6265,11 @@ "ATTENTION.url" ], "refs": [ - "http://www.bleepingcomputer.com/forums/t/617601/cryptoshocker-ransomware-help-and-support-topic-locked-attentionurl/" - ] + "http://www.bleepingcomputer.com/forums/t/617601/cryptoshocker-ransomware-help-and-support-topic-locked-attentionurl/", + "https://id-ransomware.blogspot.com/2016/06/cryptoshocker-ransomware-aes-200.html" + ], + "payment-method": "Bitcoin", + "price": "200$" }, "uuid": "545b4b25-763a-4a5c-8dda-12142c00422c", "value": "CryptoShocker" @@ -5804,8 +6285,11 @@ "%Temp%\\.bmp" ], "refs": [ - "http://www.bleepingcomputer.com/forums/t/565020/new-cryptotorlocker2015-ransomware-discovered-and-easily-decrypted/" - ] + "http://www.bleepingcomputer.com/forums/t/565020/new-cryptotorlocker2015-ransomware-discovered-and-easily-decrypted/", + "https://id-ransomware.blogspot.com/2016/04/cryptotorlocker-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.5 (100$)" }, "uuid": "06ec3640-4b93-4e79-a8ec-e24b3d349dd5", "value": "CryptoTorLocker2015" @@ -5829,7 +6313,9 @@ "DECRYPT_INSTRUCTION.TXT", "DECRYPT_INSTRUCTION.URL", "INSTALL_TOR.URL" - ] + ], + "payment-method": "Bitcoin", + "price": "1.09 (500$)" }, "uuid": "5559fbc1-52c6-469c-be97-8f8344765577", "value": "CryptoWall 1" @@ -5842,7 +6328,9 @@ "HELP_DECRYPT.PNG", "HELP_DECRYPT.URL", "HELP_DECRYPT.HTML" - ] + ], + "payment-method": "Bitcoin", + "price": "1.09 (500$)" }, "uuid": "f2780d22-4410-4a2f-a1c3-f43807ed1f19", "value": "CryptoWall 2" @@ -5859,7 +6347,9 @@ "refs": [ "https://blogs.technet.microsoft.com/mmpc/2015/01/13/crowti-update-cryptowall-3-0/", "https://www.virustotal.com/en/file/45317968759d3e37282ceb75149f627d648534c5b4685f6da3966d8f6fca662d/analysis/" - ] + ], + "payment-method": "Bitcoin", + "price": "1.09 (500$)" }, "uuid": "9d35fe47-5f8c-494c-a74f-23a7ac7f44be", "value": "CryptoWall 3" @@ -5873,7 +6363,9 @@ "ransomnotes": [ "HELP_YOUR_FILES.HTML", "HELP_YOUR_FILES.PNG" - ] + ], + "payment-method": "Bitcoin", + "price": "1.09 (500$)" }, "uuid": "f7c04ce6-dd30-4a94-acd4-9a3125bcb12e", "value": "CryptoWall 4" @@ -5889,11 +6381,14 @@ ], "refs": [ "https://support.kaspersky.com/viruses/disinfection/8547", - "http://www.bleepingcomputer.com/virus-removal/cryptxxx-ransomware-help-information" + "http://www.bleepingcomputer.com/virus-removal/cryptxxx-ransomware-help-information", + "https://id-ransomware.blogspot.com/2016/04/cryptxxx-ransomware.html" ], "synonyms": [ "CryptProjectXXX" - ] + ], + "payment-method": "Bitcoin", + "price": "1.2 (500$) - 2.4" }, "related": [ { @@ -5919,11 +6414,14 @@ "refs": [ "https://support.kaspersky.com/viruses/disinfection/8547", "https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool", - "http://blogs.cisco.com/security/cryptxxx-technical-deep-dive" + "http://blogs.cisco.com/security/cryptxxx-technical-deep-dive", + "https://id-ransomware.blogspot.com/2016/04/cryptxxx-ransomware.html" ], "synonyms": [ "CryptProjectXXX" - ] + ], + "payment-method": "Bitcoin", + "price": "1.2 (500$) - 2.4" }, "related": [ { @@ -5950,12 +6448,15 @@ "refs": [ "https://support.kaspersky.com/viruses/disinfection/8547", "http://www.bleepingcomputer.com/news/security/cryptxxx-updated-to-version-3-0-decryptors-no-longer-work/", - "http://blogs.cisco.com/security/cryptxxx-technical-deep-dive" + "http://blogs.cisco.com/security/cryptxxx-technical-deep-dive", + "https://id-ransomware.blogspot.com/2016/04/cryptxxx-ransomware.html" ], "synonyms": [ "UltraDeCrypter", "UltraCrypter" - ] + ], + "payment-method": "Bitcoin", + "price": "1.2 (500$) - 2.4" }, "uuid": "60a50fe5-53ea-43f0-8a17-e7134f5fc371", "value": "CryptXXX 3.0" @@ -5968,8 +6469,11 @@ ], "refs": [ "https://support.kaspersky.com/viruses/disinfection/8547", - "https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-samba-other-new-tricks-with-version3100" - ] + "https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-samba-other-new-tricks-with-version3100", + "https://id-ransomware.blogspot.com/2016/04/cryptxxx-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1.2 (500$) - 2.4" }, "uuid": "3f5a76ea-6b83-443e-b26f-b2b2d02d90e0", "value": "CryptXXX 3.1" @@ -5985,8 +6489,10 @@ "README_FOR_DECRYPT.txt" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/ctb-faker-ransomware-does-a-poor-job-imitating-ctb-locker/" - ] + "http://www.bleepingcomputer.com/news/security/ctb-faker-ransomware-does-a-poor-job-imitating-ctb-locker/", + "https://id-ransomware.blogspot.com/2016/09/crypy-ransomware.html" + ], + "payment-method": "Email" }, "uuid": "0b0f5f33-1871-461d-8e7e-b5e0ebc82311", "value": "CryPy" @@ -6004,9 +6510,14 @@ "DecryptAllFiles .txt", ".html" ], + "refs": [ + "https://id-ransomware.blogspot.com/2016/07/ctb-faker-ransomware-008.html" + ], "synonyms": [ "Citroni" - ] + ], + "payment-method": "Bitcoin", + "price": "0.08686 (50$)" }, "uuid": "6212bf8f-07db-490a-8cef-ac42042076c1", "value": "CTB-Faker" @@ -6016,8 +6527,11 @@ "meta": { "refs": [ "https://thisissecurity.net/2016/02/26/a-lockpicking-exercise/", - "https://github.com/eyecatchup/Critroni-php" - ] + "https://github.com/eyecatchup/Critroni-php", + "https://id-ransomware.blogspot.com/2016/06/ctb-locker-for-websites-04.html" + ], + "payment-method": "Bitcoin", + "price": "0.4 - 0.8" }, "uuid": "555b2c6f-0848-4ac1-9443-e4c20814459a", "value": "CTB-Locker WEB" @@ -6040,7 +6554,9 @@ ], "synonyms": [ "my-Little-Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "1a369bbf-6f03-454c-b507-15abe2a8bbb4", "value": "CuteRansomware" @@ -6050,11 +6566,14 @@ "meta": { "refs": [ "https://twitter.com/struppigel/status/778871886616862720", - "https://twitter.com/struppigel/status/806758133720698881" + "https://twitter.com/struppigel/status/806758133720698881", + "https://id-ransomware.blogspot.com/2016/09/cyber-splitter-vbs-ransomware.html" ], "synonyms": [ "CyberSplitter" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "related": [ { @@ -6079,7 +6598,9 @@ ], "refs": [ "https://twitter.com/JaromirHorejsi/status/815555258478981121" - ] + ], + "payment-method": "Bitcoin", + "price": "1.5" }, "uuid": "0f074c07-613d-43cb-bd5f-37c747d39fe2", "value": "Death Bitches" @@ -6106,8 +6627,11 @@ ], "refs": [ "http://www.bleepingcomputer.com/forums/t/617395/dedcryptor-ded-help-support-topic/", - "http://www.nyxbone.com/malware/DEDCryptor.html" - ] + "http://www.nyxbone.com/malware/DEDCryptor.html", + "https://id-ransomware.blogspot.com/2016/06/dedcryptor-ransomware-aes-256rsa-2.html" + ], + "payment-method": "Bitcoin", + "price": "2" }, "uuid": "496b6c3c-771a-46cd-8e41-ce7c4168ae20", "value": "DEDCryptor" @@ -6122,8 +6646,11 @@ "HELP_YOUR_FILES.txt" ], "refs": [ - "https://twitter.com/struppigel/status/798573300779745281" - ] + "https://twitter.com/struppigel/status/798573300779745281", + "https://id-ransomware.blogspot.com/2017/10/cryptodemo-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "b314d86f-92bb-4be3-b32a-19d6f8eb55d4", "value": "Demo" @@ -6133,8 +6660,11 @@ "meta": { "encryption": "AES", "refs": [ - "http://www.bleepingcomputer.com/news/security/new-detoxcrypto-ransomware-pretends-to-be-pokemongo-or-uploads-a-picture-of-your-screen/" - ] + "http://www.bleepingcomputer.com/news/security/new-detoxcrypto-ransomware-pretends-to-be-pokemongo-or-uploads-a-picture-of-your-screen/", + "https://id-ransomware.blogspot.com/2016/08/detoxcrypto-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "2 - 3" }, "uuid": "be094d75-eba8-4ff3-91f1-f8cde687e5ed", "value": "DetoxCrypto" @@ -6147,7 +6677,9 @@ ], "refs": [ "https://twitter.com/PolarToffee/status/829727052316160000" - ] + ], + "payment-method": "Bitcoin", + "price": "0.05" }, "uuid": "c5b2a0bc-352f-481f-8c35-d378754793c0", "value": "Digisom" @@ -6156,8 +6688,10 @@ "description": "Ransomware", "meta": { "refs": [ - "https://twitter.com/demonslay335/status/752586334527709184" - ] + "https://twitter.com/demonslay335/status/752586334527709184", + "https://id-ransomware.blogspot.com/2016/07/revoyem-dirtydecrypt-ransomware-doc.html" + ], + "payment-method": "No ransom" }, "uuid": "5ad8a530-3ab9-48b1-9a75-e1e97b3f77ec", "value": "DirtyDecrypt" @@ -6175,8 +6709,11 @@ "https://decrypter.emsisoft.com/", "https://github.com/hasherezade/dma_unlocker", "https://drive.google.com/drive/folders/0Bzb5kQFOXkiSMm94QzdyM3hCdDg", + "https://blog.malwarebytes.org/threat-analysis/2016/02/dma-locker-a-new-ransomware-but-no-reason-to-panic/", "https://blog.malwarebytes.org/threat-analysis/2016/02/dma-locker-a-new-ransomware-but-no-reason-to-panic/" - ] + ], + "payment-method": "Bitcoin", + "price": "1 - 2 - 4" }, "uuid": "407ebc7c-5b05-488f-862f-b2bf6c562372", "value": "DMALocker" @@ -6188,7 +6725,9 @@ "refs": [ "https://drive.google.com/drive/folders/0Bzb5kQFOXkiSMm94QzdyM3hCdDg", "https://blog.malwarebytes.org/threat-analysis/2016/02/dma-locker-strikes-back/" - ] + ], + "payment-method": "Bitcoin", + "price": "1 - 2 (440$)" }, "uuid": "ba39be57-c138-48d5-b46b-d996ff899ffa", "value": "DMALocker 3.0" @@ -6201,7 +6740,9 @@ ], "refs": [ "https://twitter.com/BleepinComputer/status/822500056511213568" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5 (864$)" }, "uuid": "45cae006-5d14-4c95-bb5b-dcf5555d7c78", "value": "DNRansomware" @@ -6218,8 +6759,11 @@ ], "refs": [ "http://www.nyxbone.com/malware/Domino.html", - "http://www.bleepingcomputer.com/news/security/the-curious-case-of-the-domino-ransomware-a-windows-crack-and-a-cow/" - ] + "http://www.bleepingcomputer.com/news/security/the-curious-case-of-the-domino-ransomware-a-windows-crack-and-a-cow/", + "https://id-ransomware.blogspot.com/2016/08/domino-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "7cb20800-2033-49a4-bdf8-a7da5a24f7f1", "value": "Domino" @@ -6237,8 +6781,11 @@ "КАК РАСШИФРОВАТЬ ФАЙЛЫ!!!.txt" ], "refs": [ - "https://www.bleepingcomputer.com/forums/t/643330/donotchange-ransomware-id-7es642406cry-do-not-change-the-file-namecryp/" - ] + "https://www.bleepingcomputer.com/forums/t/643330/donotchange-ransomware-id-7es642406cry-do-not-change-the-file-namecryp/", + "https://id-ransomware.blogspot.com/2017/03/donotchange-ransomware.html" + ], + "payment-method": "Email", + "price": "250$" }, "uuid": "2e6f4fa6-5fdf-4d69-b764-063d88ba1dd0", "value": "DoNotChange" @@ -6267,8 +6814,10 @@ ], "refs": [ "https://www.bleepingcomputer.com/forums/t/627831/dxxd-ransomware-dxxd-help-support-readmetxt/", - "https://www.bleepingcomputer.com/news/security/the-dxxd-ransomware-displays-legal-notice-before-users-login/" - ] + "https://www.bleepingcomputer.com/news/security/the-dxxd-ransomware-displays-legal-notice-before-users-login/", + "https://id-ransomware.blogspot.com/2016/09/dxxd-ransomware.html" + ], + "payment-method": "Email" }, "uuid": "57108b9e-5af8-4797-9924-e424cb5e9903", "value": "DXXD" @@ -6281,13 +6830,15 @@ ".locked" ], "refs": [ - "http://www.utkusen.com/blog/dealing-with-script-kiddies-cryptear-b-incident.html" + "http://www.utkusen.com/blog/dealing-with-script-kiddies-cryptear-b-incident.html", + "https://id-ransomware.blogspot.com/2016/06/hiddentear-2.html" ], "synonyms": [ "Cryptear", "EDA2", "Hidden Tear" - ] + ], + "payment-method": "Download Decrypter" }, "related": [ { @@ -6320,11 +6871,13 @@ ], "refs": [ "http://www.filedropper.com/decrypter_1", - "https://twitter.com/JakubKroustek/status/747031171347910656" + "https://twitter.com/JakubKroustek/status/747031171347910656", + "https://id-ransomware.blogspot.com/2016/06/hiddentear-2.html" ], "synonyms": [ "EduCrypter" - ] + ], + "payment-method": "Download Decryter" }, "uuid": "826a341a-c329-4e1e-bc9f-5d44c8317557", "value": "EduCrypt" @@ -6338,7 +6891,9 @@ "refs": [ "https://twitter.com/BroadAnalysis/status/845688819533930497", "https://twitter.com/malwrhunterteam/status/845652520202616832" - ] + ], + "payment-method": "Bitcoin", + "price": "0.25 (320$)" }, "uuid": "0a24ea0d-3f8a-428a-8b77-ef5281c1ee05", "value": "EiTest" @@ -6354,9 +6909,14 @@ "qwer2.html", "locked.bmp" ], + "refs": [ + "https://id-ransomware.blogspot.com/2016/07/el-polocker-ransomware-aes-450-aud.html" + ], "synonyms": [ "Los Pollos Hermanos" - ] + ], + "payment-method": "Email", + "price": "450$ - 1000$" }, "uuid": "63d9cb32-a1b9-46c3-818a-df16d8b9e46a", "value": "El-Polocker" @@ -6395,7 +6955,12 @@ ], "ransomnotes": [ "How to recover.enc" - ] + ], + "refs": [ + "https://id-ransomware.blogspot.com/2016/11/encryptojjs-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "3e5deef2-bace-40bc-beb1-5d9009233667", "value": "encryptoJJS" @@ -6414,8 +6979,10 @@ "enigma_info.txt" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/the-enigma-ransomware-targets-russian-speaking-users/" - ] + "http://www.bleepingcomputer.com/news/security/the-enigma-ransomware-targets-russian-speaking-users/", + "https://id-ransomware.blogspot.com/2016/05/enigma-ransomware-aes-128-0.html" + ], + "payment-method": "WebSite (onion)" }, "uuid": "1b24d240-df72-4388-946b-efa07a9447bb", "value": "Enigma" @@ -6425,7 +6992,8 @@ "meta": { "refs": [ "https://twitter.com/malwrhunterteam/status/839022018230112256" - ] + ], + "payment-method": "Bitcoin - Email" }, "uuid": "198891fb-26a4-455a-9719-4130bedba103", "value": "Enjey" @@ -6435,7 +7003,9 @@ "meta": { "refs": [ "http://www.bleepingcomputer.com/news/security/new-fairware-ransomware-targeting-linux-computers/" - ] + ], + "payment-method": "Bitcoin", + "price": "2" }, "uuid": "6771b42f-1d95-4b2e-bbb5-9ab703bbaa9d", "value": "Fairware" @@ -6450,8 +7020,11 @@ "READ ME FOR DECRYPT.txt" ], "refs": [ - "https://blog.fortinet.com/post/fakben-team-ransomware-uses-open-source-hidden-tear-code" - ] + "https://blog.fortinet.com/post/fakben-team-ransomware-uses-open-source-hidden-tear-code", + "https://id-ransomware.blogspot.com/2016/07/fakben-team-ransomware-aes-256-1505.html" + ], + "payment-method": "Bitcoin", + "price": "1.50520802" }, "uuid": "c308346a-2746-4900-8149-464a09086b55", "value": "Fakben" @@ -6464,7 +7037,9 @@ ], "refs": [ "https://twitter.com/PolarToffee/status/812312402779836416" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "abddc01f-7d76-47d4-985d-ea6d16acccb1", "value": "FakeCryptoLocker" @@ -6486,7 +7061,8 @@ ], "synonyms": [ "Comrad Circle" - ] + ], + "payment-method": "Email" }, "uuid": "35be87a5-b498-4693-8b8d-8b17864ac088", "value": "Fantom" @@ -6502,8 +7078,10 @@ ], "refs": [ "https://decrypter.emsisoft.com/fenixlocker", - "https://twitter.com/fwosar/status/777197255057084416" - ] + "https://twitter.com/fwosar/status/777197255057084416", + "https://id-ransomware.blogspot.com/2016/09/fenixlocker-ransomware.html" + ], + "payment-method": "Email" }, "uuid": "f9f54046-ed5d-4353-8b81-d92b51f596b4", "value": "FenixLocker" @@ -6512,8 +7090,11 @@ "description": "Ransomware RaaS", "meta": { "refs": [ - "https://twitter.com/rommeljoven17/status/846973265650335744" - ] + "https://twitter.com/rommeljoven17/status/846973265650335744", + "https://id-ransomware.blogspot.com/2017/03/filefrozr-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "2a50f476-7355-4d58-b0ce-4235b2546c90", "value": "FILE FROZR" @@ -6526,7 +7107,9 @@ ], "refs": [ "https://twitter.com/jiriatvirlab/status/836616468775251968" - ] + ], + "payment-method": "Bitcoin", + "price": "0.09 (100$ with discount price) - 150$" }, "uuid": "b92bc550-7edb-4f8f-96fc-cf47d437df32", "value": "FileLocker" @@ -6542,8 +7125,11 @@ "[random_chars]-READ_ME.html" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/" - ] + "https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/", + "https://id-ransomware.blogspot.com/2017/01/bleedgreen-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "500$" }, "related": [ { @@ -6564,8 +7150,11 @@ ".locked" ], "refs": [ - "https://twitter.com/malwrhunterteam/status/773771485643149312" - ] + "https://twitter.com/malwrhunterteam/status/773771485643149312", + "https://id-ransomware.blogspot.com/2016/09/flyper-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "1a110f7e-8820-4a9a-86c0-db4056f0b911", "value": "Flyper" @@ -6576,7 +7165,8 @@ "ransomnotes": [ "help-file-decrypt.enc", "/pronk.txt" - ] + ], + "payment-method": "Email" }, "uuid": "3d75cb84-2f14-408d-95bd-f1316bf854e6", "value": "Fonco" @@ -6589,7 +7179,7 @@ ] }, "uuid": "2db3aafb-b219-4b52-8dfe-ce41416ebeab", - "value": "FortuneCookie " + "value": "FortuneCookie" }, { "description": "Ransomware Unlock code is: adam or adamdude9", @@ -6598,11 +7188,14 @@ ".madebyadam" ], "refs": [ - "https://twitter.com/BleepinComputer/status/812135608374226944" + "https://twitter.com/BleepinComputer/status/812135608374226944", + "https://id-ransomware.blogspot.com/2016/12/roga-ransomware.html" ], "synonyms": [ "Roga" - ] + ], + "payment-method": "Playstore Card (Gift)", + "price": "25£ or 30$" }, "related": [ { @@ -6630,8 +7223,10 @@ "refs": [ "https://www.bleepingcomputer.com/forums/t/628199/fs0ciety-locker-ransomware-help-support-fs0cietyhtml/", "http://www.bleepingcomputer.com/news/security/new-fsociety-ransomware-pays-homage-to-mr-robot/", - "https://twitter.com/siri_urz/status/795969998707720193" - ] + "https://twitter.com/siri_urz/status/795969998707720193", + "https://id-ransomware.blogspot.com/2016/08/fsociety-ransomware.html" + ], + "payment-method": "No Ransom - No Descrypter" }, "uuid": "d1e7c0d9-3c96-41b7-a4a2-7eaef64d7b0f", "value": "FSociety" @@ -6655,8 +7250,11 @@ ], "refs": [ "https://download.bleepingcomputer.com/demonslay335/GhostCryptDecrypter.zip", - "http://www.bleepingcomputer.com/forums/t/614197/ghostcrypt-z81928819-help-support-topic-read-this-filetxt/" - ] + "http://www.bleepingcomputer.com/forums/t/614197/ghostcrypt-z81928819-help-support-topic-read-this-filetxt/", + "https://id-ransomware.blogspot.com/2016/05/ghostcrypt-ransomware-aes-256-2-bitcoins.html" + ], + "payment-method": "Bitcoin", + "price": "2" }, "uuid": "3b681f76-b0e4-4ba7-a113-5dd87d6ee53b", "value": "GhostCrypt" @@ -6666,7 +7264,8 @@ "meta": { "refs": [ "https://twitter.com/ni_fi_70/status/796353782699425792" - ] + ], + "payment-method": "Email" }, "uuid": "c6419971-47f8-4c80-a685-77292ff30fa7", "value": "Gingerbread" @@ -6683,11 +7282,14 @@ ], "refs": [ "https://success.trendmicro.com/portal_kb_articledetail?solutionid=1114221", - "http://www.bleepingcomputer.com/news/security/the-globe-ransomware-wants-to-purge-your-files/" + "http://www.bleepingcomputer.com/news/security/the-globe-ransomware-wants-to-purge-your-files/", + "https://id-ransomware.blogspot.com/2017/07/purge-kind-ransomware.html" ], "synonyms": [ "Purge" - ] + ], + "payment-method": "Bitcoin", + "price": "250$" }, "uuid": "b247b6e5-f51b-4bb5-8f5a-1628843abe99", "value": "Globe v1" @@ -6704,8 +7306,11 @@ "UNLOCK_FILES_INSTRUCTIONS.html and .txt" ], "refs": [ - "http://www.bleepingcomputer.com/forums/t/611342/gnl-locker-support-and-help-topic-locked-and-unlock-files-instructionshtml/" - ] + "http://www.bleepingcomputer.com/forums/t/611342/gnl-locker-support-and-help-topic-locked-and-unlock-files-instructionshtml/", + "http://id-ransomware.blogspot.ru/2016/05/gnl-locker-ransomware-gnl-locker-ip.html" + ], + "payment-method": "Bitcoin", + "price": "0.5(190 - 250 $)" }, "related": [ { @@ -6734,8 +7339,10 @@ "!___[EMAILADDRESS]_.crypt" ], "refs": [ - "https://decrypter.emsisoft.com/" - ] + "https://decrypter.emsisoft.com/", + "http://id-ransomware.blogspot.com/2016/05/gomasom-ransonware.html" + ], + "payment-method": "Email" }, "uuid": "70b85861-f419-4ad5-9aa6-254db292e043", "value": "Gomasom" @@ -6748,7 +7355,9 @@ ], "refs": [ "http://blog.trendmicro.com/trendlabs-security-intelligence/angler-shift-ek-landscape-new-crytpo-ransomware-activity/" - ] + ], + "payment-method": "Bitcoin", + "price": "500 $" }, "uuid": "3229a370-7a09-4b93-ad89-9555a847b1dd", "value": "Goopic" @@ -6769,8 +7378,11 @@ ".Locked" ], "refs": [ - "https://twitter.com/demonslay335/status/806878803507101696" - ] + "https://twitter.com/demonslay335/status/806878803507101696", + "http://id-ransomware.blogspot.com/2016/12/hackedlocker-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.33 - 0.5" }, "uuid": "7f2df0cd-5962-4687-90a2-a49eab2b12bc", "value": "Hacked" @@ -6780,8 +7392,11 @@ "meta": { "encryption": "3DES, AES-128, AES-192, AES-256, DES, RC2, RC4", "refs": [ - "https://twitter.com/malwrhunterteam/status/847114064224497666" - ] + "https://twitter.com/malwrhunterteam/status/847114064224497666", + "http://id-ransomware.blogspot.com/2017/03/happydayzz-blackjocker-ransomware.html" + ], + "payment-method": "MoneyPak", + "price": "0.5" }, "uuid": "e71c76f3-8274-4ec5-ac11-ac8b8286d069", "value": "HappyDayzz" @@ -6794,7 +7409,9 @@ ], "refs": [ "https://decrypter.emsisoft.com/" - ] + ], + "payment-method": "MoneyPak", + "price": "100 $" }, "uuid": "5cadd11c-002a-4062-bafd-aadb7d740f59", "value": "Harasom" @@ -6805,11 +7422,13 @@ "encryption": "Custom (net shares), XTS-AES (disk)", "refs": [ "https://www.linkedin.com/pulse/mamba-new-full-disk-encryption-ransomware-family-member-marinho", - "blog.trendmicro.com/trendlabs-security-intelligence/bksod-by-ransomware-hddcryptor-uses-commercial-tools-to-encrypt-network-shares-and-lock-hdds/" + "blog.trendmicro.com/trendlabs-security-intelligence/bksod-by-ransomware-hddcryptor-uses-commercial-tools-to-encrypt-network-shares-and-lock-hdds/", + "http://id-ransomware.blogspot.com/2016/09/hddcryptor-ransomware-mbr.html" ], "synonyms": [ "Mamba" - ] + ], + "payment-method": "Email" }, "related": [ { @@ -6828,8 +7447,10 @@ "meta": { "encryption": "AES-128-CBC", "refs": [ - "https://www.bleepingcomputer.com/news/security/heimdall-open-source-php-ransomware-targets-web-servers/" - ] + "https://www.bleepingcomputer.com/news/security/heimdall-open-source-php-ransomware-targets-web-servers/", + "https://id-ransomware.blogspot.com/2016/11/heimdall-ransomware.html" + ], + "payment-method": "Bitcoin" }, "uuid": "c6d6ddf0-2afa-4cca-8982-ba2a7c0441ae", "value": "Heimdall" @@ -6842,7 +7463,12 @@ ], "ransomnotes": [ "help_dcfile.txt" - ] + ], + "refs": [ + "http://id-ransomware.blogspot.com/2016/09/helpdcfile-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "2fdc6daa-6b6b-41b9-9a25-1030101478c3", "value": "Help_dcfile" @@ -6855,8 +7481,11 @@ ".herbst" ], "refs": [ - "https://blog.fortinet.com/2016/06/03/cooking-up-autumn-herbst-ransomware" - ] + "https://blog.fortinet.com/2016/06/03/cooking-up-autumn-herbst-ransomware", + "https://id-ransomware.blogspot.com/2016/06/herbst-autumn-ransomware-aes-256-01.html" + ], + "payment-method": "Bitcoin", + "price": "0.1" }, "related": [ { @@ -6878,8 +7507,11 @@ ".cry" ], "refs": [ - "http://www.nyxbone.com/malware/hibuddy.html" - ] + "http://www.nyxbone.com/malware/hibuddy.html", + "http://id-ransomware.blogspot.ru/2016/05/hi-buddy-ransomware-aes-256-0.html" + ], + "payment-method": "Bitcoin", + "price": "0.77756467" }, "uuid": "a0d6563d-1e98-4e49-9151-39fbeb09ef76", "value": "Hi Buddy!" @@ -6892,8 +7524,11 @@ ], "refs": [ "http://www.bleepingcomputer.com/news/security/development-version-of-the-hitler-ransomware-discovered/", - "https://twitter.com/jiriatvirlab/status/825310545800740864" - ] + "https://twitter.com/jiriatvirlab/status/825310545800740864", + "http://id-ransomware.blogspot.com/2016/08/hitler-ransomware.html" + ], + "payment-method": "Vodafone card", + "price": "25 €" }, "uuid": "8807752b-bd26-45a7-ba34-c8ddd8e5781d", "value": "Hitler" @@ -6906,8 +7541,10 @@ "(encrypted)" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/new-python-ransomware-called-holycrypt-discovered/" - ] + "http://www.bleepingcomputer.com/news/security/new-python-ransomware-called-holycrypt-discovered/", + "https://id-ransomware.blogspot.com/2016/07/holycrypt-ransomware.html" + ], + "payment-method": "Link (onion)" }, "related": [ { @@ -6926,7 +7563,9 @@ "meta": { "refs": [ "https://twitter.com/BleepinComputer/status/803288396814839808" - ] + ], + "payment-method": "Bitcoin", + "price": "vary" }, "uuid": "728aecfc-9b99-478f-a0a3-8c0fb6896353", "value": "HTCryptor" @@ -6942,8 +7581,11 @@ ], "refs": [ "https://decrypter.emsisoft.com/", - "http://www.malware-traffic-analysis.net/2016/02/03/index2.html" - ] + "http://www.malware-traffic-analysis.net/2016/02/03/index2.html", + "https://id-ransomware.blogspot.com/2016/06/hydracrypt-ransomware-aes-256-cbc-rsa.html" + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "335c3ab6-8f2c-458c-92a3-2f3a09a6064c", "value": "HydraCrypt" @@ -6956,7 +7598,8 @@ ], "refs": [ "https://twitter.com/BleepinComputer/status/817085367144873985" - ] + ], + "payment-method": "Website onion" }, "uuid": "68e90fa4-ea66-4159-b454-5f48fdae3d89", "value": "iLock" @@ -6966,7 +7609,9 @@ "meta": { "extensions": [ ".crime" - ] + ], + "payment-method": "Bitcoin", + "price": "300 $" }, "uuid": "cb374ee8-76c0-4db8-9026-a57a51d9a0a1", "value": "iLockLight" @@ -6982,7 +7627,9 @@ ], "refs": [ "http://download.bleepingcomputer.com/Nathan/StopPirates_Decrypter.exe" - ] + ], + "payment-method": "Bitcoin", + "price": "100 $" }, "uuid": "a66fbb1e-ba59-48c1-aac8-8678b4a98dc1", "value": "International Police Association" @@ -6994,8 +7641,11 @@ ".Locked" ], "refs": [ - "https://twitter.com/demonslay335/status/796134264744083460" - ] + "https://twitter.com/demonslay335/status/796134264744083460", + "http://id-ransomware.blogspot.com/2016/11/iransom-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.15" }, "uuid": "4514ecd4-850d-446f-82cb-0668d2c94ffa", "value": "iRansom" @@ -7011,7 +7661,9 @@ ], "refs": [ "https://twitter.com/JakubKroustek/status/757873976047697920" - ] + ], + "payment-method": "Bitcoin", + "price": "50 $" }, "uuid": "25a086aa-e25c-4190-a848-69d9f46fd8ab", "value": "JagerDecryptor" @@ -7030,7 +7682,9 @@ "synonyms": [ "Encryptor RaaS", "Sarento" - ] + ], + "payment-method": "Bitcoin", + "price": "0.046627" }, "uuid": "50014fe7-5efd-4639-82ef-30d36f4d2918", "value": "Jeiphoos" @@ -7044,7 +7698,9 @@ "refs": [ "https://download.bleepingcomputer.com/demonslay335/DoNotOpenDecrypter.zip", "https://twitter.com/BleepinComputer/status/822509105487245317" - ] + ], + "payment-method": "PaySafeCard", + "price": "0.1" }, "uuid": "fedd7285-d4bd-4411-985e-087954cee96d", "value": "Jhon Woddy" @@ -7077,11 +7733,14 @@ "refs": [ "http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the-ransom/", "https://www.helpnetsecurity.com/2016/04/20/jigsaw-crypto-ransomware/", - "https://twitter.com/demonslay335/status/795819556166139905" + "https://twitter.com/demonslay335/status/795819556166139905", + "https://id-ransomware.blogspot.com/2016/04/jigsaw-ransomware.html" ], "synonyms": [ "CryptoHitMan" - ] + ], + "payment-method": "PaySafeCard", + "price": "0.4 (150 $)" }, "related": [ { @@ -7110,14 +7769,23 @@ "refs": [ "http://www.nyxbone.com/malware/jobcrypter.html", "http://forum.malekal.com/jobcrypter-geniesanstravaille-extension-locked-crypto-ransomware-t54381.html", - "https://twitter.com/malwrhunterteam/status/828914052973858816" - ] + "https://twitter.com/malwrhunterteam/status/828914052973858816", + "http://id-ransomware.blogspot.com/2016/05/jobcrypter-ransomware.html" + ], + "payment-method": "PaySafeCard", + "price": "300 €" }, "uuid": "7c9a273b-1534-4a13-b201-b7a782b6c32a", "value": "Job Crypter" }, { "description": "Ransomware", + "meta": { + "refs": [ + "http://id-ransomware.blogspot.com/2016/04/johnycryptor-ransomware.html" + ], + "payment-method": "Email" + }, "uuid": "5af5be3e-549f-4485-8c2e-1459d4e5c7d7", "value": "JohnyCryptor" }, @@ -7128,8 +7796,11 @@ "How Decrypt Files.txt" ], "refs": [ - "https://safezone.cc/resources/kawaii-decryptor.195/" - ] + "https://safezone.cc/resources/kawaii-decryptor.195/", + "http://id-ransomware.blogspot.com/2016/09/kawaiilocker-ransomware.html" + ], + "payment-method": "rubles", + "price": "6 000" }, "uuid": "b6d0ea4d-4e55-4b42-9d60-485d605d6c49", "value": "KawaiiLocker" @@ -7143,8 +7814,11 @@ ], "refs": [ "http://news.drweb.com/show/?i=9877&lng=en&c=5", - "http://www.welivesecurity.com/2016/03/07/new-mac-ransomware-appears-keranger-spread-via-transmission-app/" - ] + "http://www.welivesecurity.com/2016/03/07/new-mac-ransomware-appears-keranger-spread-via-transmission-app/", + "https://id-ransomware.blogspot.com/2016/03/keranger-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1" }, "related": [ { @@ -7171,7 +7845,8 @@ ], "refs": [ "https://decrypter.emsisoft.com/" - ] + ], + "payment-method": "Email" }, "uuid": "3964e617-dde5-4c95-b4a0-e7c19c6e7d7f", "value": "KeyBTC" @@ -7184,8 +7859,11 @@ "how_decrypt.html" ], "refs": [ - "http://www.bleepingcomputer.com/forums/t/559463/keyholder-ransomware-support-and-help-topic-how-decryptgifhow-decrypthtml" - ] + "http://www.bleepingcomputer.com/forums/t/559463/keyholder-ransomware-support-and-help-topic-how-decryptgifhow-decrypthtml", + "https://id-ransomware.blogspot.com/2016/06/keyholder-ransomware-xor-cfb-cipher.html" + ], + "payment-method": "Bitcoin", + "price": "1.5 (500 $)" }, "uuid": "66eda328-9408-4e98-ad27-572fd6b2acd8", "value": "KEYHolder" @@ -7197,8 +7875,10 @@ ".rip" ], "refs": [ - "https://twitter.com/malwrhunterteam/status/782232299840634881" - ] + "https://twitter.com/malwrhunterteam/status/782232299840634881", + "http://id-ransomware.blogspot.com/2016/10/killerlocker-ransomware.html" + ], + "payment-method": "Bitcoin" }, "uuid": "ea8e7350-f243-4ef7-bc31-4648df8a4d96", "value": "KillerLocker" @@ -7213,8 +7893,11 @@ ], "refs": [ "https://blog.fortinet.com/post/kimcilware-ransomware-how-to-decrypt-encrypted-files-and-who-is-behind-it", - "http://www.bleepingcomputer.com/news/security/the-kimcilware-ransomware-targets-web-sites-running-the-magento-platform/" - ] + "http://www.bleepingcomputer.com/news/security/the-kimcilware-ransomware-targets-web-sites-running-the-magento-platform/", + "http://id-ransomware.blogspot.com/2016/04/kimcilware-ransomware.html" + ], + "payment-method": "Dollars", + "price": "140 - 415" }, "uuid": "950e2514-8a7e-4fdb-a3ad-5679f6342e5d", "value": "KimcilWare" @@ -7230,8 +7913,11 @@ "ReadMe.txt" ], "refs": [ - "http://www.nyxbone.com/malware/koreanRansom.html" - ] + "http://www.nyxbone.com/malware/koreanRansom.html", + "http://id-ransomware.blogspot.com/2016/08/korean-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "4febffe0-3837-41d7-b95f-e26d126275e4", "value": "Korean" @@ -7249,11 +7935,13 @@ ], "refs": [ "http://www.nyxbone.com/malware/KozyJozy.html", - "http://www.bleepingcomputer.com/forums/t/617802/kozyjozy-ransomware-help-support-wjpg-31392e30362e32303136-num-lsbj1/" + "http://www.bleepingcomputer.com/forums/t/617802/kozyjozy-ransomware-help-support-wjpg-31392e30362e32303136-num-lsbj1/", + "https://id-ransomware.blogspot.com/2016/06/kozy.html" ], "synonyms": [ "QC" - ] + ], + "payment-method": "Email" }, "uuid": "47b5d261-11bd-4c7b-91f9-e5651578026a", "value": "Kozy.Jozy" @@ -7268,8 +7956,11 @@ "README_ALL.html" ], "refs": [ - "https://twitter.com/demonslay335/status/746090483722686465" - ] + "https://twitter.com/demonslay335/status/746090483722686465", + "https://id-ransomware.blogspot.com/2016/06/kratoscrypt-ransomware-aes-256-0.html" + ], + "payment-method": "Bitcoin", + "price": "0.03" }, "uuid": "cc819741-830b-4859-bb7c-ccedf3356acd", "value": "KratosCrypt" @@ -7280,7 +7971,11 @@ "encryption": "AES-256", "ransomnotes": [ "KryptoLocker_README.txt" - ] + ], + "refs": [ + "https://id-ransomware.blogspot.com/2016/07/kryptolocker-ransomware-aes-256.html" + ], + "payment-method": "ransom" }, "uuid": "e68d4f37-704a-4f8e-9718-b12039fbe424", "value": "KryptoLocker" @@ -7292,8 +7987,11 @@ "@__help__@" ], "refs": [ - "https://twitter.com/struppigel/status/847689644854595584" - ] + "https://twitter.com/struppigel/status/847689644854595584", + "http://id-ransomware.blogspot.com/2017/03/lanran-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "9e152871-fb16-475d-bf3b-f3b870d0237a", "value": "LanRan" @@ -7309,8 +8007,10 @@ ], "refs": [ "https://decrypter.emsisoft.com/lechiffre", - "https://blog.malwarebytes.org/threat-analysis/2016/01/lechiffre-a-manually-run-ransomware/" - ] + "https://blog.malwarebytes.org/threat-analysis/2016/01/lechiffre-a-manually-run-ransomware/", + "http://id-ransomware.blogspot.com/2016/05/lechiffre-ransomware.html" + ], + "payment-method": "Email" }, "uuid": "ea1ba874-07e6-4a6d-82f0-e4ce4210e34e", "value": "LeChiffre" @@ -7325,8 +8025,11 @@ "RANSOM_NOTE.txt" ], "refs": [ - "https://twitter.com/JakubKroustek/status/842404866614038529" - ] + "https://twitter.com/JakubKroustek/status/842404866614038529", + "https://www.2-spyware.com/remove-lick-ransomware-virus.html" + ], + "payment-method": "Monero", + "price": "50 - 500" }, "uuid": "f2e76070-0cea-4c9c-8d6b-1d847e777575", "value": "Lick" @@ -7339,7 +8042,9 @@ ], "synonyms": [ "Linux.Encoder.{0,3}" - ] + ], + "payment-method": "Bitcoin", + "price": "1 (450 $)" }, "uuid": "b4992483-a693-4e73-b39e-0f45c9f645b5", "value": "Linux.Encoder" @@ -7348,8 +8053,11 @@ "description": "Ransomware Based on HiddenTear", "meta": { "refs": [ - "https://twitter.com/malwrhunterteam/status/845183290873044994" - ] + "https://twitter.com/malwrhunterteam/status/845183290873044994", + "http://id-ransomware.blogspot.com/2017/03/lk-encryption-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "af52badb-3211-42b0-a1ac-e4d35d5829d7", "value": "LK Encryption" @@ -7366,8 +8074,11 @@ "LEAME.txt" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/new-lltp-ransomware-appears-to-be-a-rewritten-venus-locker/" - ] + "https://www.bleepingcomputer.com/news/security/new-lltp-ransomware-appears-to-be-a-rewritten-venus-locker/", + "http://id-ransomware.blogspot.com/2017/03/lltp-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.2 (200 $)" }, "uuid": "0cec6928-80c7-4085-ba47-cdc52177dfd3", "value": "LLTP Locker" @@ -7376,8 +8087,11 @@ "description": "Ransomware has GUI", "meta": { "refs": [ - "http://www.bleepingcomputer.com/forums/t/577246/locker-ransomware-support-and-help-topic/page-32#entry3721545" - ] + "http://www.bleepingcomputer.com/forums/t/577246/locker-ransomware-support-and-help-topic/page-32#entry3721545", + "https://id-ransomware.blogspot.com/2016/04/locker-ransomware-2015.html" + ], + "payment-method": "Bitcoin", + "price": "0.1" }, "uuid": "abc7883c-244a-44ac-9c86-559dafa4eb63", "value": "Locker" @@ -7393,8 +8107,10 @@ "READ_ME.TXT" ], "refs": [ - "https://www.bleepingcomputer.com/forums/t/626750/locklock-ransomware-locklock-help-support/" - ] + "https://www.bleepingcomputer.com/forums/t/626750/locklock-ransomware-locklock-help-support/", + "https://id-ransomware.blogspot.com/2016/09/locklock-ransomware.html" + ], + "payment-method": "Email" }, "uuid": "7850bf92-394b-443b-8830-12f9ddbb50dc", "value": "LockLock" @@ -7439,8 +8155,11 @@ "http://www.bleepingcomputer.com/news/security/new-locky-version-adds-the-zepto-extension-to-encrypted-files/", "http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-spotted-in-the-brazilian-underground-market-uses-windows-script-files/", "https://nakedsecurity.sophos.com/2016/10/06/odin-ransomware-takes-over-from-zepto-and-locky/", - "https://www.bleepingcomputer.com/news/security/locky-ransomware-switches-to-egyptian-mythology-with-the-osiris-extension/" - ] + "https://www.bleepingcomputer.com/news/security/locky-ransomware-switches-to-egyptian-mythology-with-the-osiris-extension/", + "https://id-ransomware.blogspot.com/2016/02/locky.html" + ], + "payment-method": "Bitcoin", + "price": "3 - 5 - 7" }, "related": [ { @@ -7459,7 +8178,12 @@ "meta": { "extensions": [ ".crime" - ] + ], + "refs": [ + "https://id-ransomware.blogspot.com/2016/06/lortok-ransomware-aes-256-5.html" + ], + "payment-method": "Dollars", + "price": "5" }, "uuid": "bc23872a-7cd3-4a66-9d25-6b4e6f90cc4e", "value": "Lortok" @@ -7469,7 +8193,12 @@ "meta": { "extensions": [ "oor." - ] + ], + "refs": [ + "http://id-ransomware.blogspot.com/2016/04/lowlevel04-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "4" }, "uuid": "d4fb0463-6cd1-45ac-a7d2-6eea8be39590", "value": "LowLevel04" @@ -7478,19 +8207,35 @@ "description": "Ransomware Does not encrypt Unlock code=suckmydicknigga", "meta": { "refs": [ - "https://twitter.com/jiriatvirlab/status/808015275367002113" - ] + "https://twitter.com/jiriatvirlab/status/808015275367002113", + "http://id-ransomware.blogspot.com/2016/12/m4n1f3sto-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.3" }, "uuid": "f5d19af8-1c85-408b-818e-db50208d62b1", "value": "M4N1F3STO" }, { "description": "Ransomware OS X ransomware (PoC)", + "meta": { + "refs": [ + "https://www.youtube.com/watch?v=9nJv_PN2m1Y" + ], + "payment-method": "Bitcoin" + }, "uuid": "f9214319-6ad4-4c4e-bc6d-fb710f61da48", "value": "Mabouia" }, { "description": "Ransomware Based on HiddenTear", + "meta": { + "refs": [ + "http://id-ransomware.blogspot.com/2017/03/macandchess-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.5" + }, "uuid": "fae8bf6e-47d1-4449-a1c6-761a4970fc38", "value": "MacAndChess" }, @@ -7504,7 +8249,12 @@ "ransomnotes": [ "DECRYPT_ReadMe1.TXT", "DECRYPT_ReadMe.TXT" - ] + ], + "refs": [ + "http://id-ransomware.blogspot.com/2016/04/magic-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1 - 2" }, "uuid": "31fa83fc-8247-4347-940a-e463acd66bac", "value": "Magic" @@ -7520,8 +8270,11 @@ "_DECRYPT_INFO_[extension pattern].html" ], "refs": [ - "https://blog.malwarebytes.org/threat-analysis/2016/03/maktub-locker-beautiful-and-dangerous/" - ] + "https://blog.malwarebytes.org/threat-analysis/2016/03/maktub-locker-beautiful-and-dangerous/", + "http://id-ransomware.blogspot.com/2016/04/maktub-locker-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1.4 - 3.9" }, "uuid": "ef6ceb04-243e-4783-b476-8e8e9f06e8a7", "value": "MaktubLocker" @@ -7539,8 +8292,11 @@ ], "refs": [ "https://securelist.ru/blog/issledovaniya/29376/polyglot-the-fake-ctb-locker/", - "https://www.proofpoint.com/us/threat-insight/post/MarsJoke-Ransomware-Mimics-CTB-Locker" - ] + "https://www.proofpoint.com/us/threat-insight/post/MarsJoke-Ransomware-Mimics-CTB-Locker", + "http://id-ransomware.blogspot.com/2016/09/jokefrommars-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.7 - 1.1" }, "uuid": "933bd53f-5ccf-4262-a70c-c01a6f05af3e", "value": "MarsJoke" @@ -7550,7 +8306,9 @@ "meta": { "refs": [ "https://twitter.com/siri_urz/status/840913419024945152" - ] + ], + "payment-method": "Bitcoin", + "price": "0.1" }, "uuid": "ce5a82ef-d2a3-405c-ac08-3dca71057eb5", "value": "Meister" @@ -7563,8 +8321,10 @@ "readme_your_files_have_been_encrypted.txt" ], "refs": [ - "https://twitter.com/malwrhunterteam/status/844614889620561924" - ] + "https://twitter.com/malwrhunterteam/status/844614889620561924", + "http://id-ransomware.blogspot.com/2017/03/meteoritan-ransomware.html" + ], + "payment-method": "Email" }, "uuid": "34f292d9-cb68-4bcf-a3db-a717362aca77", "value": "Meteoritan" @@ -7580,11 +8340,14 @@ "http://www.bleepingcomputer.com/forums/t/618457/microcop-ransomware-help-support-lock-mircop/", "https://www.avast.com/ransomware-decryption-tools#!", "http://blog.trendmicro.com/trendlabs-security-intelligence/instruction-less-ransomware-mircop-channels-guy-fawkes/", - "http://www.nyxbone.com/malware/Mircop.html" + "http://www.nyxbone.com/malware/Mircop.html", + "https://id-ransomware.blogspot.com/2016/06/mircop-ransomware-4848.html" ], "synonyms": [ "Crypt888" - ] + ], + "payment-method": "Bitcoin", + "price": "48.48" }, "uuid": "7dd326a5-1168-4309-98b1-f2146d9cf8c7", "value": "MIRCOP" @@ -7599,7 +8362,11 @@ ], "ransomnotes": [ "READ_IT.txt" - ] + ], + "refs": [ + "http://id-ransomware.blogspot.com/2016/05/mireware-ransomware.html" + ], + "payment-method": "Bitcoin - Email" }, "uuid": "9f01ded7-99f6-4863-b3a3-9d32aabf96c3", "value": "MireWare" @@ -7615,11 +8382,14 @@ "YOUR_FILES_ARE_ENCRYPTED.TXT " ], "refs": [ - "http://www.bleepingcomputer.com/news/security/petya-is-back-and-with-a-friend-named-mischa-ransomware/" + "http://www.bleepingcomputer.com/news/security/petya-is-back-and-with-a-friend-named-mischa-ransomware/", + "https://id-ransomware.blogspot.com/2016/05/petya-mischa-ransomware.html" ], "synonyms": [ "\"Petya's little brother\"" - ] + ], + "payment-method": "Bitcoin", + "price": "1.9338" }, "uuid": "a029df89-2bb1-409d-878b-a67572217a65", "value": "Mischa" @@ -7635,11 +8405,14 @@ "READ_IT.txt" ], "refs": [ - "https://www.proofpoint.com/us/threat-insight/post/ransomware-explosion-continues-cryptflle2-brlock-mm-locker-discovered" + "https://www.proofpoint.com/us/threat-insight/post/ransomware-explosion-continues-cryptflle2-brlock-mm-locker-discovered", + "https://id-ransomware.blogspot.com/2016/06/mm-locker-ransomware-aes-2256-1.html" ], "synonyms": [ "Booyah" - ] + ], + "payment-method": "Bitcoin", + "price": "1.011 (400 $)" }, "related": [ { @@ -7667,12 +8440,15 @@ "refs": [ "http://nyxbone.com/malware/Mobef.html", "http://researchcenter.paloaltonetworks.com/2016/07/unit42-cryptobit-another-ransomware-family-gets-an-update/", - "http://nyxbone.com/images/articulos/malware/mobef/0.png" + "http://nyxbone.com/images/articulos/malware/mobef/0.png", + "http://id-ransomware.blogspot.com/2016/05/mobef-yakes-ransomware-4-bitcoins-2000.html" ], "synonyms": [ "Yakes", "CryptoBit" - ] + ], + "payment-method": "Bitcoin", + "price": "4" }, "related": [ { @@ -7691,7 +8467,9 @@ "meta": { "refs": [ "https://twitter.com/malwrhunterteam/status/844826339186135040" - ] + ], + "payment-method": "Bitcoin", + "price": "0.15 - 0.2" }, "uuid": "2702fb96-8118-4519-bd75-23eed40f25e9", "value": "Monument" @@ -7705,7 +8483,9 @@ "refs": [ "https://twitter.com/JakubKroustek/status/815961663644008448", "https://www.youtube.com/watch?v=dAVMgX8Zti4&feature=youtu.be&list=UU_TMZYaLIgjsdJMwurHAi4Q" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "8ec55495-fb31-49c7-a720-40250b5e085f", "value": "N-Splitter" @@ -7718,8 +8498,11 @@ ], "refs": [ "https://twitter.com/demonslay335/status/790608484303712256", - "https://twitter.com/demonslay335/status/831891344897482754" - ] + "https://twitter.com/demonslay335/status/831891344897482754", + "http://id-ransomware.blogspot.com/2016/09/n1n1n1-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1.5" }, "uuid": "a439b37b-e123-4b1d-9400-94aca70b223a", "value": "n1n1n1" @@ -7732,8 +8515,11 @@ "ATTENTION.RTF" ], "refs": [ - "http://github.com/Cyberclues/nanolocker-decryptor" - ] + "http://github.com/Cyberclues/nanolocker-decryptor", + "https://id-ransomware.blogspot.com/2016/06/nanolocker-ransomware-aes-256-rsa-01.html" + ], + "payment-method": "Bitcoin", + "price": "0.1 (43 $)" }, "related": [ { @@ -7761,8 +8547,11 @@ "https://decrypter.emsisoft.com/nemucod", "https://github.com/Antelox/NemucodFR", "http://www.bleepingcomputer.com/news/security/decryptor-released-for-the-nemucod-trojans-crypted-ransomware/", - "https://blog.cisecurity.org/malware-analysis-report-nemucod-ransomware/" - ] + "https://blog.cisecurity.org/malware-analysis-report-nemucod-ransomware/", + "http://id-ransomware.blogspot.com/2016/04/nemucod-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.39983 - 4" }, "uuid": "f1ee9ae8-b798-4e6f-8f98-874395d0fa18", "value": "Nemucod" @@ -7774,11 +8563,14 @@ "AES-256" ], "refs": [ - "http://blog.trendmicro.com/trendlabs-security-intelligence/netflix-scam-delivers-ransomware/" + "http://blog.trendmicro.com/trendlabs-security-intelligence/netflix-scam-delivers-ransomware/", + "https://id-ransomware.blogspot.com/2017/01/netflix-ransomware.html" ], "synonyms": [ "RANSOM_NETIX.A" - ] + ], + "payment-method": "Bitcoin", + "price": "0.18 (100 $)" }, "uuid": "5d3ec71e-9e0f-498a-aa33-0433799e80b4", "value": "Netix" @@ -7791,8 +8583,11 @@ "HELP_ME_PLEASE.txt" ], "refs": [ - "https://twitter.com/demonslay335/status/839221457360195589" - ] + "https://twitter.com/demonslay335/status/839221457360195589", + "http://id-ransomware.blogspot.com/2017/03/nhtnwcuf-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "1d8e8ca3-da2a-494c-9db3-5b1b6277c363", "value": "Nhtnwcuf" @@ -7810,12 +8605,15 @@ ], "refs": [ "https://decrypter.emsisoft.com/nmoreira", - "https://twitter.com/fwosar/status/803682662481174528" + "https://twitter.com/fwosar/status/803682662481174528", + "id-ransomware.blogspot.com/2016/11/nmoreira-ransomware.html" ], "synonyms": [ "XRatTeam", "XPan" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5 - 1.5" }, "uuid": "51f00a39-f4b9-4ed2-ba0d-258c6bf3f71a", "value": "NMoreira" @@ -7825,8 +8623,11 @@ "meta": { "refs": [ "https://twitter.com/JakubKroustek/status/757267550346641408", - "https://www.bleepingcomputer.com/news/security/noobcrypt-ransomware-dev-shows-noobness-by-using-same-password-for-everyone/" - ] + "https://www.bleepingcomputer.com/news/security/noobcrypt-ransomware-dev-shows-noobness-by-using-same-password-for-everyone/", + "https://id-ransomware.blogspot.com/2016/07/noobcrypt-ransomare-250-nzd.html" + ], + "payment-method": "Bitcoin", + "price": "250 NZD (299 $)" }, "uuid": "aeb76911-ed45-4bf2-9a60-e023386e02a4", "value": "NoobCrypt" @@ -7841,7 +8642,11 @@ "ransomnotes": [ "!!_RECOVERY_instructions_!!.html", "!!_RECOVERY_instructions_!!.txt" - ] + ], + "refs": [ + "http://id-ransomware.blogspot.com/2016/10/nuke-ransomware.html" + ], + "payment-method": "Email" }, "uuid": "e0bcb7d2-6032-43a0-b490-c07430d8a598", "value": "Nuke" @@ -7854,8 +8659,11 @@ ], "refs": [ "https://download.bleepingcomputer.com/demonslay335/NullByteDecrypter.zip", - "https://www.bleepingcomputer.com/news/security/the-nullbyte-ransomware-pretends-to-be-the-necrobot-pokemon-go-application/" - ] + "https://www.bleepingcomputer.com/news/security/the-nullbyte-ransomware-pretends-to-be-the-necrobot-pokemon-go-application/", + "http://id-ransomware.blogspot.com/2016/08/nullbyte-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.1" }, "uuid": "460b700b-5d03-43f9-99e7-916ff180a036", "value": "Nullbyte" @@ -7875,8 +8683,11 @@ "http://download.bleepingcomputer.com/BloodDolly/ODCODCDecoder.zip", "http://www.nyxbone.com/malware/odcodc.html", "https://twitter.com/PolarToffee/status/813762510302183424", - "http://www.nyxbone.com/images/articulos/malware/odcodc/1c.png" - ] + "http://www.nyxbone.com/images/articulos/malware/odcodc/1c.png", + "http://id-ransomware.blogspot.com/2016/05/odcodc-ransomware-rsa-2048.html" + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "f90724e4-c148-4479-ae1a-109498b4688f", "value": "ODCODC" @@ -7899,7 +8710,8 @@ "synonyms": [ "Vipasana", "Cryakl" - ] + ], + "payment-method": "Email" }, "related": [ { @@ -7932,7 +8744,9 @@ ], "synonyms": [ "GPCode" - ] + ], + "payment-method": "Bitcoin", + "price": "100 $" }, "related": [ { @@ -7954,7 +8768,9 @@ ], "refs": [ "http://news.thewindowsclub.com/operation-global-iii-ransomware-decryption-tool-released-70341/" - ] + ], + "payment-method": "Bitcoin", + "price": "250 $" }, "uuid": "e5800883-c663-4eb0-b05e-6034df5bc6e0", "value": "Operation Global III" @@ -7970,11 +8786,14 @@ "log.txt" ], "refs": [ - "https://twitter.com/JakubKroustek/status/842342996775448576" + "https://twitter.com/JakubKroustek/status/842342996775448576", + "https://id-ransomware.blogspot.com/2016/10/cryptowire-ransomware.html" ], "synonyms": [ "CryptoWire" - ] + ], + "payment-method": "Bitcoin", + "price": "0.29499335" }, "related": [ { @@ -8000,8 +8819,11 @@ ], "refs": [ "http://www.bleepingcomputer.com/news/security/padcrypt-the-first-ransomware-with-live-support-chat-and-an-uninstaller/", - "https://twitter.com/malwrhunterteam/status/798141978810732544" - ] + "https://twitter.com/malwrhunterteam/status/798141978810732544", + "http://id-ransomware.blogspot.com/2016/04/padcrypt-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.8" }, "related": [ { @@ -8020,7 +8842,8 @@ "meta": { "refs": [ "https://twitter.com/BleepinComputer/status/811635075158839296" - ] + ], + "payment-method": "no ransom" }, "uuid": "8f41c9ce-9bd4-4bbd-96d7-c965d1621be7", "value": "Padlock Screenlocker" @@ -8037,7 +8860,9 @@ "refs": [ "https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/", "https://www.bleepingcomputer.com/news/security/new-macos-patcher-ransomware-locks-data-for-good-no-way-to-recover-your-files/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.25" }, "related": [ { @@ -8073,7 +8898,8 @@ ], "synonyms": [ "Goldeneye" - ] + ], + "payment-method": "Bitcoin - Website (onion)" }, "related": [ { @@ -8097,8 +8923,11 @@ ], "refs": [ "https://decrypter.emsisoft.com/philadelphia", - "www.bleepingcomputer.com/news/security/the-philadelphia-ransomware-offers-a-mercy-button-for-compassionate-criminals/" - ] + "www.bleepingcomputer.com/news/security/the-philadelphia-ransomware-offers-a-mercy-button-for-compassionate-criminals/", + "http://id-ransomware.blogspot.ru/2016/09/philadelphia-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.3" }, "uuid": "6fd25982-9cf8-4379-a126-433c91aaadf2", "value": "Philadelphia" @@ -8110,8 +8939,10 @@ ".id-[victim_id]-maestro@pizzacrypts.info" ], "refs": [ - "http://download.bleepingcomputer.com/BloodDolly/JuicyLemonDecoder.zip" - ] + "http://download.bleepingcomputer.com/BloodDolly/JuicyLemonDecoder.zip", + "https://id-ransomware.blogspot.com/2016/07/pizzacrypts-ransomware-1.html" + ], + "payment-method": "Email" }, "uuid": "2482122b-1df6-488e-8867-215b165a4f66", "value": "PizzaCrypts" @@ -8125,8 +8956,10 @@ ], "refs": [ "http://www.nyxbone.com/malware/pokemonGO.html", - "http://www.bleepingcomputer.com/news/security/pokemongo-ransomware-installs-backdoor-accounts-and-spreads-to-other-drives/" - ] + "http://www.bleepingcomputer.com/news/security/pokemongo-ransomware-installs-backdoor-accounts-and-spreads-to-other-drives/", + "https://id-ransomware.blogspot.com/2016/08/pokemongo-ransomware-aes-256.html" + ], + "payment-method": "Bitcoin - Email" }, "uuid": "8b151275-d4c4-438a-9d06-92da2835586d", "value": "PokemonGO" @@ -8138,7 +8971,8 @@ "refs": [ "https://support.kaspersky.com/8547", "https://securelist.com/blog/research/76182/polyglot-the-fake-ctb-locker/" - ] + ], + "payment-method": "Website (onion)" }, "related": [ { @@ -8163,11 +8997,14 @@ "https://github.com/pan-unit42/public_tools/blob/master/powerware/powerware_decrypt.py", "https://download.bleepingcomputer.com/demonslay335/PowerLockyDecrypter.zip", "https://www.carbonblack.com/2016/03/25/threat-alert-powerware-new-ransomware-written-in-powershell-targets-organizations-via-microsoft-word/", - "http://researchcenter.paloaltonetworks.com/2016/07/unit42-powerware-ransomware-spoofing-locky-malware-family/" + "http://researchcenter.paloaltonetworks.com/2016/07/unit42-powerware-ransomware-spoofing-locky-malware-family/", + "http://id-ransomware.blogspot.com/2016/04/powerware-ransomware.html" ], "synonyms": [ "PoshCoder" - ] + ], + "payment-method": "Bitcoin", + "price": "500 $" }, "related": [ { @@ -8187,7 +9024,8 @@ "encryption": "AES", "ransomnotes": [ "DECRYPT_INSTRUCTION.html" - ] + ], + "payment-method": "Website (onion)" }, "uuid": "b54d59d7-b604-4b01-8002-5a2930732ca6", "value": "PowerWorm" @@ -8208,8 +9046,11 @@ "refs": [ "https://hshrzd.wordpress.com/2016/11/17/princess-locker-decryptor/", "https://www.bleepingcomputer.com/news/security/introducing-her-royal-highness-the-princess-locker-ransomware/", - "https://blog.malwarebytes.com/threat-analysis/2016/11/princess-ransomware/" - ] + "https://blog.malwarebytes.com/threat-analysis/2016/11/princess-ransomware/", + "http://id-ransomware.blogspot.com/2016/09/princess-locker-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "3 (1 800 $)" }, "uuid": "7c8ff7e5-2cad-48e8-92e8-4c8226933cbc", "value": "Princess Locker" @@ -8219,7 +9060,9 @@ "meta": { "refs": [ "http://www.enigmasoftware.com/prismyourcomputerhasbeenlockedransomware-removal/" - ] + ], + "payment-method": "MoneyPak", + "price": "300 $" }, "uuid": "c0ebfb75-254d-4d85-9d02-a7af8e655068", "value": "PRISM" @@ -8229,7 +9072,8 @@ "meta": { "refs": [ "https://twitter.com/jiriatvirlab/status/803297700175286273" - ] + ], + "payment-method": "Bitcoin" }, "uuid": "1da6653c-8657-4cdc-9eaf-0df9d2ebbf10", "value": "Ps2exe" @@ -8241,8 +9085,11 @@ "Ransomware.txt" ], "refs": [ - "https://twitter.com/malwrhunterteam/status/846705481741733892" - ] + "https://twitter.com/malwrhunterteam/status/846705481741733892", + "http://id-ransomware.blogspot.com/2017/03/r-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1 - 2" }, "uuid": "f7cd8956-2825-4104-94b1-e9589ab1089a", "value": "R" @@ -8258,8 +9105,11 @@ "rtext.txt" ], "refs": [ - "https://otx.alienvault.com/pulse/57976b52b900fe01376feb01/" - ] + "https://otx.alienvault.com/pulse/57976b52b900fe01376feb01/", + "http://id-ransomware.blogspot.com/2016/07/r980-ransomware-aes-256-rsa4096-05.html" + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "6a7ebb0a-78bc-4fdc-92ae-1b02976b5499", "value": "R980" @@ -8275,11 +9125,14 @@ ], "refs": [ "https://reaqta.com/2016/06/raa-ransomware-delivering-pony/", - "http://www.bleepingcomputer.com/news/security/the-new-raa-ransomware-is-created-entirely-using-javascript/" + "http://www.bleepingcomputer.com/news/security/the-new-raa-ransomware-is-created-entirely-using-javascript/", + "https://id-ransomware.blogspot.com/2016/06/raa-ransomware-aes-256-039-250.html" ], "synonyms": [ "RAA" - ] + ], + "payment-method": "Bitcoin", + "price": "0.39 (215 $)" }, "uuid": "b6d4faa1-6d76-42ff-8a18-238eb70cff06", "value": "RAA encryptor" @@ -8289,7 +9142,9 @@ "meta": { "refs": [ "https://twitter.com/CryptoInsane/status/846181140025282561" - ] + ], + "payment-method": "Bitcoin", + "price": "0.05" }, "uuid": "4a95257a-6646-492f-93eb-d15dff7ce1eb", "value": "Rabion" @@ -8310,8 +9165,11 @@ "refs": [ "https://decrypter.emsisoft.com/radamant", "http://www.bleepingcomputer.com/news/security/new-radamant-ransomware-kit-adds-rdm-extension-to-encrypted-files/", - "http://www.nyxbone.com/malware/radamant.html" - ] + "http://www.nyxbone.com/malware/radamant.html", + "https://id-ransomware.blogspot.com/2016/04/radamant-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "related": [ { @@ -8362,7 +9220,8 @@ "%APPDATA%\\Roaming\\.bmp" ], "refs": [ - "https://support.kaspersky.com/us/viruses/disinfection/10556" + "https://support.kaspersky.com/us/viruses/disinfection/10556", + "https://id-ransomware.blogspot.com/2016/07/bandarchor-ransomware-aes-256.html" ], "synonyms": [ "Agent.iih", @@ -8374,7 +9233,8 @@ "Isda", "Cryptokluchen", "Bandarchor" - ] + ], + "payment-method": "Email" }, "related": [ { @@ -8390,6 +9250,8 @@ }, { "description": "Ransomware Based on the DUMB ransomware", + "payment-method": "Bitcoin", + "price": "0.3169", "uuid": "5b81ea66-9a44-43d8-bceb-22e5b0582f8d", "value": "Ramsomeer" }, @@ -8401,7 +9263,9 @@ ], "refs": [ "https://support.kaspersky.com/viruses/disinfection/8547" - ] + ], + "payment-method": "PaySafeCard", + "price": "1000 $" }, "uuid": "d45f089b-efc7-45f8-a681-845374349d83", "value": "Rannoh" @@ -8427,7 +9291,8 @@ "https://github.com/pan-unit42/public_tools/tree/master/ranran_decryption", "http://researchcenter.paloaltonetworks.com/2017/03/unit42-targeted-ransomware-attacks-middle-eastern-government-organizations-political-purposes/", "https://www.bleepingcomputer.com/news/security/new-ranran-ransomware-uses-encryption-tiers-political-messages/" - ] + ], + "payment-method": "Bitcoin" }, "uuid": "e01a0cfa-2c8c-4e08-963a-4fa1e8cc6a34", "value": "RanRan" @@ -8438,7 +9303,9 @@ "refs": [ "https://www.proofpoint.com/us/threat-insight/post/ransoc-desktop-locking-ransomware-ransacks-local-files-social-media-profiles", "https://www.bleepingcomputer.com/news/security/ransoc-ransomware-extorts-users-who-accessed-questionable-content/" - ] + ], + "payment-method": "Bitcoin", + "price": "100 $" }, "related": [ { @@ -8454,6 +9321,13 @@ }, { "description": "Ransomware no extension change, Javascript Ransomware", + "meta": { + "refs": [ + "http://id-ransomware.blogspot.com/2016/04/ransom32.html" + ], + "payment-method": "Bitcoin", + "price": "1" + }, "uuid": "d74e2fa6-6b8d-49ed-80f9-07b274eecef8", "value": "Ransom32" }, @@ -8463,7 +9337,9 @@ "encryption": "Asymmetric 1024 ", "refs": [ "https://www.symantec.com/security_response/writeup.jsp?docid=2009-041513-1400-99&tabid=2" - ] + ], + "payment-method": "Bitcoin", + "price": "500 $" }, "uuid": "24f98123-192c-4e31-b2ee-4c77afbdc3be", "value": "RansomLock" @@ -8473,7 +9349,12 @@ "meta": { "ransomnotes": [ "RarVault.htm" - ] + ], + "refs": [ + "http://id-ransomware.blogspot.com/2016/09/rarvault-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1 - 50" }, "uuid": "c8ee96a3-ac22-40c7-8ed2-df67aeaca08d", "value": "RarVault" @@ -8488,8 +9369,10 @@ ], "refs": [ "http://www.nyxbone.com/malware/Razy(German).html", - "http://nyxbone.com/malware/Razy.html" - ] + "http://nyxbone.com/malware/Razy.html", + "http://id-ransomware.blogspot.com/2016/08/razy-ransomware-aes.html" + ], + "payment-method": "Link" }, "uuid": "f2a38c7b-054e-49ab-aa0e-67a7aac71837", "value": "Razy" @@ -8505,7 +9388,8 @@ ], "refs": [ "https://support.kaspersky.com/viruses/disinfection/4264" - ] + ], + "payment-method": "Bitcoin Email" }, "uuid": "08f519f4-df8f-4baf-b7ac-c7a0c66f7e74", "value": "Rector" @@ -8521,8 +9405,11 @@ "Readme.txt" ], "refs": [ - "https://support.kaspersky.com/viruses/disinfection/4264" - ] + "https://support.kaspersky.com/viruses/disinfection/4264", + "http://id-ransomware.blogspot.com/2016/08/rektlocker-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "5448f038-0558-45c7-bda7-76950f82846a", "value": "RektLocker" @@ -8539,8 +9426,11 @@ ], "refs": [ "http://www.nyxbone.com/malware/RemindMe.html", - "http://i.imgur.com/gV6i5SN.jpg" - ] + "http://i.imgur.com/gV6i5SN.jpg", + "http://id-ransomware.blogspot.com/2016/05/remindme-ransomware-2.html" + ], + "payment-method": "Bitcoin", + "price": "2" }, "uuid": "0120015c-7d37-469c-a966-7a0d42166e67", "value": "RemindMe" @@ -8557,8 +9447,11 @@ "README_HOW_TO_UNLOCK.HTML" ], "refs": [ - "https://blog.malwarebytes.org/threat-analysis/2016/04/rokku-ransomware/" - ] + "https://blog.malwarebytes.org/threat-analysis/2016/04/rokku-ransomware/", + "https://id-ransomware.blogspot.com/2016/04/rokku-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.2403 (100.29 $)" }, "related": [ { @@ -8576,8 +9469,11 @@ "description": "Ransomware Stores your files in a password protected RAR file", "meta": { "refs": [ - "https://twitter.com/siri_urz/status/842452104279134209" - ] + "https://twitter.com/siri_urz/status/842452104279134209", + "https://id-ransomware.blogspot.com/2017/02/allyourdocuments-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.35" }, "uuid": "e88a7509-9c79-42c1-8b0c-5e63af8e25b5", "value": "RoshaLock" @@ -8587,7 +9483,8 @@ "meta": { "refs": [ "https://twitter.com/struppigel/status/801812325657440256" - ] + ], + "payment-method": "Bitcoin" }, "uuid": "266b366b-2b4f-41af-a30f-eab1c63c9976", "value": "Runsomewere" @@ -8597,7 +9494,9 @@ "meta": { "refs": [ "https://twitter.com/struppigel/status/823925410392080385" - ] + ], + "payment-method": "Bitcoin", + "price": "0.3" }, "uuid": "1149197c-89e7-4a8f-98aa-40ac0a9c0914", "value": "RussianRoulette" @@ -8606,8 +9505,10 @@ "description": "Ransomware Variant of CryPy", "meta": { "refs": [ - "https://twitter.com/malwrhunterteam/status/845356853039190016" - ] + "https://twitter.com/malwrhunterteam/status/845356853039190016", + "http://id-ransomware.blogspot.com/2017/03/sadstory-ransomware.html" + ], + "payment-method": "Email" }, "uuid": "6d81cee2-6c99-41fb-8b54-6581422d85dc", "value": "SADStory" @@ -8621,7 +9522,9 @@ "refs": [ "https://malwarebreakdown.com/2017/03/16/sage-2-2-ransomware-from-good-man-gate", "https://malwarebreakdown.com/2017/03/10/finding-a-good-man/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.52803 (625 $)" }, "uuid": "eacf3aee-ffb1-425a-862f-874e444a218d", "value": "Sage 2.2" @@ -8687,7 +9590,8 @@ "http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf", "https://www.bleepingcomputer.com/news/security/new-samsam-variant-requires-special-password-before-infection/", "https://www.bleepingcomputer.com/news/security/samsam-ransomware-crew-made-nearly-6-million-from-ransom-payments/", - "https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-The-Almost-Six-Million-Dollar-Ransomware.pdf" + "https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-The-Almost-Six-Million-Dollar-Ransomware.pdf", + "https://id-ransomware.blogspot.com/2016/03/samsam.html" ], "synonyms": [ "samsam.exe", @@ -8697,7 +9601,9 @@ "SamSam Ransomware", "SamSam", "Samsam" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "related": [ { @@ -8720,7 +9626,12 @@ ], "ransomnotes": [ "DECRYPT_YOUR_FILES.HTML" - ] + ], + "refs": [ + "http://id-ransomware.blogspot.com/2016/05/sanction-ransomware-3.html" + ], + "payment-method": "Bitcoin", + "price": "3" }, "uuid": "e7b69fbe-26ba-49df-aa62-a64525f89343", "value": "Sanction" @@ -8736,8 +9647,11 @@ "RESTORE_ALL_DATA.html" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/sanctions-ransomware-makes-fun-of-usa-sanctions-against-russia/" - ] + "https://www.bleepingcomputer.com/news/security/sanctions-ransomware-makes-fun-of-usa-sanctions-against-russia/", + "http://id-ransomware.blogspot.com/2017/03/sanctions-2017-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "6" }, "uuid": "7b517c02-9f93-44c7-b957-10346803c43c", "value": "Sanctions" @@ -8750,7 +9664,9 @@ ], "refs": [ "https://twitter.com/BleepinComputer/status/835955409953357825" - ] + ], + "payment-method": "Bitcoin", + "price": "100 $" }, "uuid": "6e49ecfa-1c25-4841-ae60-3b1c3c9c7710", "value": "Sardoninir" @@ -8766,8 +9682,11 @@ ], "refs": [ "https://blog.malwarebytes.com/threat-analysis/2016/06/satana-ransomware/", - "https://blog.kaspersky.com/satana-ransomware/12558/" - ] + "https://blog.kaspersky.com/satana-ransomware/12558/", + "https://id-ransomware.blogspot.com/2016/06/satana-ransomware-0.html" + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "related": [ { @@ -8796,8 +9715,11 @@ "meta": { "encryption": "AES", "refs": [ - "http://www.nyxbone.com/malware/Serpico.html" - ] + "http://www.nyxbone.com/malware/Serpico.html", + "http://id-ransomware.blogspot.com/2016/08/serpico-ransomware.html" + ], + "payment-method": "Euros", + "price": "50" }, "related": [ { @@ -8827,7 +9749,9 @@ ], "synonyms": [ "Atom" - ] + ], + "payment-method": "Bitcoin", + "price": "50 - 100 - 200 $" }, "related": [ { @@ -8849,8 +9773,10 @@ ], "refs": [ "https://twitter.com/JakubKroustek/status/760560147131408384", - "http://www.bleepingcomputer.com/news/security/new-educational-shinolocker-ransomware-project-released/" - ] + "http://www.bleepingcomputer.com/news/security/new-educational-shinolocker-ransomware-project-released/", + "https://id-ransomware.blogspot.com/2016/08/shinolocker-ransomware.html" + ], + "payment-method": "no ransom" }, "uuid": "bc029327-ee34-4eba-8933-bd85f2a1e9d1", "value": "ShinoLocker" @@ -8863,11 +9789,14 @@ ], "refs": [ "http://www.nyxbone.com/malware/chineseRansom.html", - "http://blog.trendmicro.com/trendlabs-security-intelligence/chinese-language-ransomware-makes-appearance/" + "http://blog.trendmicro.com/trendlabs-security-intelligence/chinese-language-ransomware-makes-appearance/", + "http://id-ransomware.blogspot.com/2016/05/chinese-ransomware.html" ], "synonyms": [ "KinCrypt" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "related": [ { @@ -8892,8 +9821,11 @@ "_RECOVER_INSTRUCTIONS.ini" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/the-shark-ransomware-project-allows-to-create-your-own-customized-ransomware/" - ] + "http://www.bleepingcomputer.com/news/security/the-shark-ransomware-project-allows-to-create-your-own-customized-ransomware/", + "https://id-ransomware.blogspot.com/2016/07/tilde-ransomware-aes-08.html" + ], + "payment-method": "Bitcoin", + "price": "0.8" }, "uuid": "2709b2ff-a2be-49a9-b268-2576170a5dff", "value": "Simple_Encoder" @@ -8910,11 +9842,14 @@ ], "refs": [ "http://www.bleepingcomputer.com/news/security/pompous-ransomware-dev-gets-defeated-by-backdoor/", - "http://www.nyxbone.com/malware/SkidLocker.html" + "http://www.nyxbone.com/malware/SkidLocker.html", + "http://id-ransomware.blogspot.com/2016/04/pompous-ransomware.html" ], "synonyms": [ "Pompous" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "44b6b99e-b1d9-4605-95c2-55c14c7c25be", "value": "SkidLocker" @@ -8924,7 +9859,8 @@ "meta": { "refs": [ "https://www.bleepingcomputer.com/news/security/smash-ransomware-is-cute-rather-than-dangerous/" - ] + ], + "payment-method": "no ransom" }, "uuid": "27283e74-abc6-4d8a-bcb6-a60804b8e264", "value": "Smash!" @@ -8937,7 +9873,12 @@ ], "ransomnotes": [ "_HOW_TO_Decrypt.bmp" - ] + ], + "refs": [ + "http://id-ransomware.blogspot.com/2016/08/smrss32-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.66 (300 $)" }, "uuid": "cd21bb2a-0c6a-463b-8c0e-16da251f69ae", "value": "Smrss32" @@ -8955,8 +9896,11 @@ ], "refs": [ "http://nyxbone.com/malware/SNSLocker.html", - "http://nyxbone.com/images/articulos/malware/snslocker/16.png" - ] + "http://nyxbone.com/images/articulos/malware/snslocker/16.png", + "http://id-ransomware.blogspot.com/2016/05/sns-locker-ransomware-aes-256-066.html" + ], + "payment-method": "Bitcoin", + "price": "0.66 (300 $)" }, "uuid": "82658f48-6a62-4dee-bd87-382e76b84c3d", "value": "SNSLocker" @@ -8966,7 +9910,8 @@ "meta": { "extensions": [ ".sport" - ] + ], + "payment-method": "Bitcoin" }, "uuid": "9526efea-8853-42f2-89be-a04ee1ca4c7d", "value": "Sport" @@ -8986,8 +9931,11 @@ "http://www.bleepingcomputer.com/news/security/stampado-ransomware-campaign-decrypted-before-it-started/", "https://decrypter.emsisoft.com/stampado", "https://cdn.streamable.com/video/mp4/kfh3.mp4", - "http://blog.trendmicro.com/trendlabs-security-intelligence/the-economics-behind-ransomware-prices/" - ] + "http://blog.trendmicro.com/trendlabs-security-intelligence/the-economics-behind-ransomware-prices/", + "https://id-ransomware.blogspot.com/2016/07/stampado-ransomware-1.html" + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "6b8729b0-7ffc-4d07-98de-e5210928b274", "value": "Stampado" @@ -9001,7 +9949,9 @@ ], "refs": [ "http://www.nyxbone.com/malware/Strictor.html" - ] + ], + "payment-method": "Bitcoin", + "price": "500 - 1000 $" }, "uuid": "d75bdd85-032a-46b7-a339-257fd5656c11", "value": "Strictor" @@ -9016,7 +9966,12 @@ ], "ransomnotes": [ "DECRYPTION_HOWTO.Notepad" - ] + ], + "refs": [ + "http://id-ransomware.blogspot.com/2016/05/surprise-ransomware-aes-256.html" + ], + "payment-method": "Bitcoin", + "price": "0.5 - 25" }, "uuid": "6848b77c-92c8-40ec-90ac-9c14b9f17272", "value": "Surprise" @@ -9029,13 +9984,15 @@ ], "refs": [ "http://www.bleepingcomputer.com/news/security/in-dev-ransomware-forces-you-do-to-survey-before-unlocking-computer/" - ] + ], + "payment-method": "no ransom" }, "uuid": "11725992-3634-4715-ae17-b6f5ed13b877", "value": "Survey" }, { "description": "Ransomware Exploited Synology NAS firmware directly over WAN", + "payment-method": "Website (onion)", "uuid": "27740d5f-30cf-4c5c-812c-15c0918ce9f0", "value": "SynoLocker" }, @@ -9046,8 +10003,10 @@ ".szf" ], "refs": [ - "http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/" - ] + "http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/", + "https://id-ransomware.blogspot.com/2016/06/szflocker-polish-ransomware-email.html" + ], + "payment-method": "Email" }, "uuid": "a7845bbe-d7e6-4c7b-a9b8-dccbd93bc4b2", "value": "SZFLocker" @@ -9064,7 +10023,9 @@ ], "refs": [ "https://securelist.com/blog/research/76153/teamxrat-brazilian-cybercrime-meets-ransomware/" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "65a31863-4f59-4c66-bc2d-31e8fb68bbe8", "value": "TeamXrat" @@ -9092,7 +10053,8 @@ ], "synonyms": [ "AlphaCrypt" - ] + ], + "payment-method": "Bitcoin" }, "uuid": "af92c71e-935e-4486-b4e7-319bf16d622e", "value": "TeslaCrypt 0.x - 2.2.0" @@ -9111,7 +10073,8 @@ "http://www.bleepingcomputer.com/forums/t/576600/tesladecoder-released-to-decrypt-exx-ezz-ecc-files-encrypted-by-teslacrypt/", "http://www.welivesecurity.com/2016/05/18/eset-releases-decryptor-recent-variants-teslacrypt-ransomware/", "https://blog.kaspersky.com/raknidecryptor-vs-teslacrypt/12169/" - ] + ], + "payment-method": "Bitcoin" }, "uuid": "bd19dfff-7c8d-4c94-967e-f8ffc19e7dd9", "value": "TeslaCrypt 3.0+" @@ -9144,7 +10107,8 @@ "http://www.welivesecurity.com/2016/05/18/eset-releases-decryptor-recent-variants-teslacrypt-ransomware/", "https://blog.kaspersky.com/raknidecryptor-vs-teslacrypt/12169/", "https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslacrypt-41a-and-malware-attack-chain" - ] + ], + "payment-method": "Bitcoin" }, "uuid": "ab6b8f56-cf2d-4733-8f9c-df3d52c05e66", "value": "TeslaCrypt 4.1A" @@ -9176,7 +10140,8 @@ "http://www.welivesecurity.com/2016/05/18/eset-releases-decryptor-recent-variants-teslacrypt-ransomware/", "https://blog.kaspersky.com/raknidecryptor-vs-teslacrypt/12169/", "http://www.bleepingcomputer.com/news/security/teslacrypt-4-2-released-with-quite-a-few-modifications/" - ] + ], + "payment-method": "Bitcoin" }, "uuid": "eed65c12-b179-4002-a11b-7a2e2df5f0c8", "value": "TeslaCrypt 4.2" @@ -9186,7 +10151,9 @@ "meta": { "ransomnotes": [ "HELP_DECRYPT.HTML" - ] + ], + "payment-method": "Bitcoin", + "price": "1.25" }, "uuid": "c0bce92a-63b8-4538-93dc-0911ae46596d", "value": "Threat Finder" @@ -9214,13 +10181,16 @@ "refs": [ "http://www.bleepingcomputer.com/forums/t/547708/torrentlocker-ransomware-cracked-and-decrypter-has-been-made/", "https://twitter.com/PolarToffee/status/804008236600934403", - "http://blog.talosintelligence.com/2017/03/crypt0l0cker-torrentlocker-old-dog-new.html" + "http://blog.talosintelligence.com/2017/03/crypt0l0cker-torrentlocker-old-dog-new.html", + "http://id-ransomware.blogspot.ru/2016/05/torrentlocker-ransomware-aes-cbc-2048.html" ], "synonyms": [ "Crypt0L0cker", "CryptoFortress", "Teerac" - ] + ], + "payment-method": "Bitcoin", + "price": "4.081" }, "related": [ { @@ -9255,8 +10225,11 @@ "Payment_Instructions.jpg" ], "refs": [ - "http://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/" - ] + "http://www.bleepingcomputer.com/forums/t/618055/towerweb-ransomware-help-support-topic-payment-instructionsjpg/", + "https://id-ransomware.blogspot.com/2016/06/towerweb-ransonware-100.html" + ], + "payment-method": "Bitcoin", + "price": "100 - 150 $" }, "uuid": "4d470cf8-09b6-4d0e-8e5a-2f618e48c560", "value": "TowerWeb" @@ -9269,7 +10242,12 @@ ], "ransomnotes": [ "tox.html" - ] + ], + "refs": [ + "https://id-ransomware.blogspot.com/2016/06/toxcrypt-ransomware-aes-crypto-0.html" + ], + "payment-method": "Bitcoin", + "price": "0.23" }, "uuid": "08fc7534-fe85-488b-92b0-630c0d91ecbe", "value": "Toxcrypt" @@ -9285,11 +10263,13 @@ ], "refs": [ "https://download.bleepingcomputer.com/demonslay335/BrainCryptDecrypter.zip", - "https://twitter.com/PolarToffee/status/811249250285842432" + "https://twitter.com/PolarToffee/status/811249250285842432", + "http://id-ransomware.blogspot.com/2016/12/braincrypt-ransomware.html" ], "synonyms": [ "BrainCrypt" - ] + ], + "payment-method": "Email" }, "uuid": "97673387-75ae-4da4-9a5f-38773f2492e7", "value": "Trojan" @@ -9313,8 +10293,10 @@ "refs": [ "https://www.nomoreransom.org/uploads/ShadeDecryptor_how-to_guide.pdf", "http://www.nyxbone.com/malware/Troldesh.html", - "https://www.bleepingcomputer.com/news/security/kelihos-botnet-delivering-shade-troldesh-ransomware-with-no-more-ransom-extension/" - ] + "https://www.bleepingcomputer.com/news/security/kelihos-botnet-delivering-shade-troldesh-ransomware-with-no-more-ransom-extension/", + "https://id-ransomware.blogspot.com/2016/06/troldesh-ransomware-email.html" + ], + "payment-method": "Email" }, "uuid": "6c3dd006-3501-4ebc-ab86-b06e4d555194", "value": "Troldesh orShade, XTBL" @@ -9327,8 +10309,11 @@ ".enc" ], "refs": [ - "http://www.bleepingcomputer.com/news/security/truecrypter-ransomware-accepts-payment-in-bitcoins-or-amazon-gift-card/" - ] + "http://www.bleepingcomputer.com/news/security/truecrypter-ransomware-accepts-payment-in-bitcoins-or-amazon-gift-card/", + "http://id-ransomware.blogspot.com/2016/04/truecrypter-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.2 (115 $)" }, "uuid": "c46bfed8-7010-432a-8108-138f6d067000", "value": "TrueCrypter" @@ -9341,7 +10326,9 @@ ], "refs": [ "https://twitter.com/struppigel/status/821991600637313024" - ] + ], + "payment-method": "Bitcoin", + "price": "100 $" }, "uuid": "132c39fc-1364-4210-aef9-48f73afc1108", "value": "Turkish" @@ -9358,7 +10345,9 @@ ], "refs": [ "http://www.nyxbone.com/malware/turkishRansom.html" - ] + ], + "payment-method": "Bitcoin", + "price": "2" }, "uuid": "174dd201-0b0b-4a76-95c7-71f8141684d0", "value": "Turkish Ransom" @@ -9377,8 +10366,10 @@ "default432643264.jpg" ], "refs": [ - "http://www.thewindowsclub.com/emsisoft-decrypter-hydracrypt-umbrecrypt-ransomware" - ] + "http://www.thewindowsclub.com/emsisoft-decrypter-hydracrypt-umbrecrypt-ransomware", + "https://id-ransomware.blogspot.com/2016/06/umbrecrypt-ransomware-aes.html" + ], + "payment-method": "Email" }, "uuid": "028b3489-51da-45d7-8bd0-62044e9ea49f", "value": "UmbreCrypt" @@ -9390,8 +10381,11 @@ "Files encrypted.txt" ], "refs": [ - "https://www.bleepingcomputer.com/forums/t/627582/unblockupc-ransomware-help-support-topic-files-encryptedtxt/" - ] + "https://www.bleepingcomputer.com/forums/t/627582/unblockupc-ransomware-help-support-topic-files-encryptedtxt/", + "http://id-ransomware.blogspot.com/2016/09/unblockupc-ransomware.html" + ], + "payment-method": "Website", + "price": "0.18" }, "uuid": "5a9f9ebe-f4c8-4985-8890-743f59d658fd", "value": "UnblockUPC" @@ -9409,7 +10403,12 @@ "READTHISNOW!!!.txt", "Hellothere.txt", "YOUGOTHACKED.TXT" - ] + ], + "refs": [ + "http://id-ransomware.blogspot.com/2016/05/bitmessage-ransomware-aes-256-25-btc.html" + ], + "payment-method": "Website", + "price": "2.5" }, "uuid": "bb8c6b80-91cb-4c01-b001-7b9e73228420", "value": "Ungluk" @@ -9425,8 +10424,10 @@ "READ_ME_!.txt" ], "refs": [ - "https://twitter.com/malwrhunterteam/status/839038399944224768" - ] + "https://twitter.com/malwrhunterteam/status/839038399944224768", + "http://id-ransomware.blogspot.com/2017/02/unlock26-ransomware.html" + ], + "payment-method": "Website" }, "uuid": "dfe760e5-f878-492d-91d0-05fa45a2849d", "value": "Unlock92 " @@ -9436,7 +10437,9 @@ "meta": { "refs": [ "https://twitter.com/struppigel/status/839771195830648833" - ] + ], + "payment-method": "Bitcoin", + "price": "200 $" }, "uuid": "7799247c-4e6a-4c20-b0b3-d8e6a8ab6783", "value": "VapeLauncher" @@ -9462,7 +10465,9 @@ "synonyms": [ "CrypVault", "Zlader" - ] + ], + "payment-method": "Bitcoin", + "price": "0.438" }, "related": [ { @@ -9484,7 +10489,8 @@ ], "refs": [ "https://twitter.com/BleepinComputer/status/817851339078336513" - ] + ], + "payment-method": "Website (onion)" }, "uuid": "44a56cd0-8cd8-486f-972d-4b1b416e9077", "value": "VBRANSOM 7" @@ -9502,8 +10508,11 @@ ], "refs": [ "https://blog.malwarebytes.com/threat-analysis/2016/08/venus-locker-another-net-ransomware/?utm_source=twitter&utm_medium=social", - "http://www.nyxbone.com/malware/venusLocker.html" - ] + "http://www.nyxbone.com/malware/venusLocker.html", + "https://id-ransomware.blogspot.com/2016/08/venuslocker-ransomware-aes-256.html" + ], + "payment-method": "Bitcoin", + "price": "0.15 (100 $)" }, "uuid": "7340c6d6-a16e-4a01-8bb4-8ad3edc64d28", "value": "VenusLocker" @@ -9517,7 +10526,9 @@ "refs": [ "http://www.nyxbone.com/malware/Virlock.html", "http://www.welivesecurity.com/2014/12/22/win32virlock-first-self-reproducing-ransomware-also-shape-shifter/" - ] + ], + "payment-method": "Bitcoin", + "price": "250 $" }, "uuid": "5c736959-6c58-4bf2-b084-7197b42e500a", "value": "Virlock" @@ -9545,7 +10556,9 @@ ], "synonyms": [ "CrySiS" - ] + ], + "payment-method": "Bitcoin", + "price": "2.5 - 3" }, "uuid": "15a30d84-4f5f-4b75-a162-e36107d30215", "value": "Virus-Encoder" @@ -9560,11 +10573,14 @@ "HOW_TO_UNLOCK_FILES_README_().txt" ], "refs": [ - "https://labs.opendns.com/2016/07/13/wildfire-ransomware-gaining-momentum/" + "https://labs.opendns.com/2016/07/13/wildfire-ransomware-gaining-momentum/", + "https://id-ransomware.blogspot.com/2016/06/wildfire-locker-ransomware-aes-256-cbc.html" ], "synonyms": [ "Hades Locker" - ] + ], + "payment-method": "Bitcoin", + "price": "299 $" }, "uuid": "31945e7b-a734-4333-9ea2-e52051ca015a", "value": "WildFire Locker" @@ -9592,8 +10608,11 @@ "refs": [ "https://support.kaspersky.com/viruses/disinfection/2911", "https://decrypter.emsisoft.com/xorist", - "https://twitter.com/siri_urz/status/1006833669447839745" - ] + "https://twitter.com/siri_urz/status/1006833669447839745", + "https://id-ransomware.blogspot.com/2016/06/xrtn-ransomware-rsa-1024-gnu-privacy.html" + ], + "payment-method": "Bitcoin", + "price": "0.8" }, "uuid": "0a15a920-9876-4985-9d3d-bb0794722258", "value": "Xorist" @@ -9616,7 +10635,9 @@ ], "refs": [ "https://twitter.com/malwrhunterteam/status/808280549802418181" - ] + ], + "payment-method": "Bitcoin", + "price": "0.25" }, "uuid": "0810ea3e-1cd6-4ea3-a416-5895fb685c5b", "value": "You Have Been Hacked!!!" @@ -9628,11 +10649,14 @@ ".zcrypt" ], "refs": [ - "https://blogs.technet.microsoft.com/mmpc/2016/05/26/link-lnk-to-ransom/" + "https://blogs.technet.microsoft.com/mmpc/2016/05/26/link-lnk-to-ransom/", + "http://id-ransomware.blogspot.com/2016/05/zcrypt-ransomware-rsa-2048-email.html" ], "synonyms": [ "Zcryptor" - ] + ], + "payment-method": "Bitcoin", + "price": "1.2 - 5" }, "uuid": "7eed5e96-0219-4355-9a9c-44643272894c", "value": "Zcrypt" @@ -9647,8 +10671,11 @@ "how.txt" ], "refs": [ - "http://www.bleepingcomputer.com/forums/t/617874/zimbra-ransomware-written-in-python-help-and-support-topic-crypto-howtotxt/" - ] + "http://www.bleepingcomputer.com/forums/t/617874/zimbra-ransomware-written-in-python-help-and-support-topic-crypto-howtotxt/", + "https://id-ransomware.blogspot.com/2016/06/zimbra-ransomware-aes-optzimbrastore.html" + ], + "payment-method": "Bitcoin", + "price": "3" }, "uuid": "07346620-a0b4-48d5-9158-5048741f5078", "value": "Zimbra" @@ -9667,7 +10694,9 @@ "Russian", "VaultCrypt", "CrypVault" - ] + ], + "payment-method": "Bitcoin", + "price": "100 - 900 $" }, "related": [ { @@ -9691,8 +10720,11 @@ "Take_Seriously (Your saving grace).txt" ], "refs": [ - "https://twitter.com/BleepinComputer/status/844538370323812353" - ] + "https://twitter.com/BleepinComputer/status/844538370323812353", + "http://id-ransomware.blogspot.com/2017/03/zorro-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "b2bd25e1-d41c-42f2-8971-ecceceb6ba08", "value": "Zorro" @@ -9705,7 +10737,12 @@ ], "synonyms": [ "GNL Locker" - ] + ], + "refs": [ + "http://id-ransomware.blogspot.com/2016/05/zyklon-locker-ransomware-windows-250.html" + ], + "payment-method": "Euro", + "price": "250" }, "related": [ { @@ -9731,7 +10768,12 @@ "meta": { "extensions": [ ".vxLock" - ] + ], + "refs": [ + "https://id-ransomware.blogspot.com/2017/01/vxlock-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.3" }, "uuid": "37950a1c-0035-49e0-9278-e878df0a10f3", "value": "vxLock" @@ -9751,8 +10793,11 @@ ], "refs": [ "http://blog.talosintelligence.com/2017/05/jaff-ransomware.html", - "https://www.bleepingcomputer.com/news/security/jaff-ransomware-distributed-via-necurs-malspam-and-asking-for-a-3-700-ransom/" - ] + "https://www.bleepingcomputer.com/news/security/jaff-ransomware-distributed-via-necurs-malspam-and-asking-for-a-3-700-ransom/", + "http://id-ransomware.blogspot.com/2017/05/jaff-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1.82 - 2.036" }, "related": [ { @@ -9777,8 +10822,11 @@ "DECODE_FILES.txt" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/uiwix-ransomware-using-eternalblue-smb-exploit-to-infect-victims/" - ] + "https://www.bleepingcomputer.com/news/security/uiwix-ransomware-using-eternalblue-smb-exploit-to-infect-victims/", + "http://id-ransomware.blogspot.com/2017/05/uiwix-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.122" }, "uuid": "369d6fda-0284-44aa-9e74-f6651416fec4", "value": "Uiwix Ransomware" @@ -9794,7 +10842,8 @@ ], "refs": [ "http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-fileless-code-injecting-sorebrect-ransomware/" - ] + ], + "payment-method": "Email" }, "uuid": "34cedaf0-b1f0-4b5d-b7bd-2eadfc630ea7", "value": "SOREBRECT" @@ -9809,8 +10858,11 @@ "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2017/august/25/DHvA8CDWAAIR5er.jpg" ], "refs": [ - "https://twitter.com/struppigel/status/899524853426008064" - ] + "https://twitter.com/struppigel/status/899524853426008064", + "https://id-ransomware.blogspot.com/2017/08/cyron-ransomware.html" + ], + "payment-method": "PaySafeCard", + "price": "50 €" }, "uuid": "f597d388-886e-46d6-a5cc-26deeb4674f2", "value": "Cyron" @@ -9826,7 +10878,8 @@ ], "refs": [ "https://twitter.com/struppigel/status/899528477824700416" - ] + ], + "payment-method": "Bitcoin Email" }, "uuid": "3330e226-b71a-4ee4-8612-2b06b58368fc", "value": "Kappa" @@ -9842,7 +10895,9 @@ ], "refs": [ "https://twitter.com/struppigel/status/899537940539478016" - ] + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "1fe6c23b-863e-49e4-9439-aa9e999aa2e1", "value": "Trojan Dz" @@ -9854,8 +10909,10 @@ ".xolzsec" ], "refs": [ - "https://twitter.com/struppigel/status/899916577252028416" - ] + "https://twitter.com/struppigel/status/899916577252028416", + "http://id-ransomware.blogspot.com/2017/08/xolzsec-ransomware.html" + ], + "payment-method": "no ransom" }, "uuid": "f2930308-2e4d-4af5-b119-746be0fe7f2c", "value": "Xolzsec" @@ -9870,8 +10927,11 @@ "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2017/august/25/DH5KChhXsAADOIu[1].jpg" ], "refs": [ - "https://twitter.com/struppigel/status/900238572409823232" - ] + "https://twitter.com/struppigel/status/900238572409823232", + "https://id-ransomware.blogspot.com/2017/08/flatchestware-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "250 $" }, "uuid": "d29341fd-f48e-4caa-8a28-b17853b779d1", "value": "FlatChestWare" @@ -9884,11 +10944,14 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/synack-ransomware-sees-huge-spike-in-activity/", - "https://www.bleepingcomputer.com/news/security/synack-ransomware-uses-process-doppelg-nging-technique/" + "https://www.bleepingcomputer.com/news/security/synack-ransomware-uses-process-doppelg-nging-technique/", + "https://id-ransomware.blogspot.com/2017/09/synack-ransomware.html" ], "synonyms": [ "Syn Ack" - ] + ], + "payment-method": "Bitcoin", + "price": "2 100 $" }, "related": [ { @@ -9913,8 +10976,11 @@ "readme.png" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/" - ] + "https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/", + "http://id-ransomware.blogspot.com/2017/08/synccrypt-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.1" }, "related": [ { @@ -9932,12 +10998,15 @@ "description": "On October 24, 2017, Cisco Talos was alerted to a widescale ransomware campaign affecting organizations across eastern Europe and Russia. As was the case in previous situations, we quickly mobilized to assess the situation and ensure that customers remain protected from this and other threats as they emerge across the threat landscape. There have been several large scale ransomware campaigns over the last several months. This appears to have some similarities to Nyetya in that it is also based on Petya ransomware. Major portions of the code appear to have been rewritten. The distribution does not appear to have the sophistication of the supply chain attacks we have seen recently.", "meta": { "refs": [ - "http://blog.talosintelligence.com/2017/10/bad-rabbit.html" + "http://blog.talosintelligence.com/2017/10/bad-rabbit.html", + "https://id-ransomware.blogspot.com/2017/10/badrabbit-ransomware.html" ], "synonyms": [ "BadRabbit", "Bad-Rabbit" - ] + ], + "payment-method": "Bitcoin", + "price": "0.05 (300 $)" }, "related": [ { @@ -9965,8 +11034,11 @@ "(Lucifer) [prepend]" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/halloware-ransomware-on-sale-on-the-dark-web-for-only-40/" - ] + "https://www.bleepingcomputer.com/news/security/halloware-ransomware-on-sale-on-the-dark-web-for-only-40/", + "http://id-ransomware.blogspot.com/2017/11/halloware-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "150 $" }, "uuid": "b366627d-dbc0-45ba-90bc-5f5694f45e35", "value": "Halloware" @@ -9982,8 +11054,11 @@ "Warning\n\nYour documents, photos,databases,important files have been encrypted by RSA-4096 and AES-256!\nIf you modify any file, it may cause make you cannot decrypt!!!\n\nDon't waste your precious time to try decrypt the files.\nIf there is no key that we provide to you , NO ONE can decrypt your precious files, even Jesus.\n\nHow to decrypt your files ?\n\nYou have to pay for decryption in bitcoin\nTo decrypt your files,please following the steps below\n\n1,Pay 2.0 bitcoin to this address: [bitcoin_address]\n\nPay To : [bitcoin_address]\nAmount : 2.0\n\n2,After you have finished paying,Contact us and Send us your Decrypt-ID via email\n\n3,Once we have confimed your deal,You can use the tool we sent to you to decrypt all your files.\n\nHow to obtain bitcoin ?\n\nThe easiest way to buy bitcoin is LocalBitcoins site.\nYou have to register, click Buy bitcoins and select the seller\nby payment method and price\n\nhttps://localbitcoins.com/buy_bitcoins\n\nhttps://paxful.com/buy-bitcoin\n\nhttp://bitcointalk.org/\n\n If you have any questions please do not hesitate to contact us\n\nContact Email:JeanRenoAParis@protonmail.com\n\nDecrypt-ID:" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/" - ] + "https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/", + "https://id-ransomware.blogspot.com/2017/11/storagecrypter.html" + ], + "payment-method": "Bitcoin", + "price": "0.2 - 0.4 - 2" }, "uuid": "0b920d03-971f-413c-8057-60d187192140", "value": "StorageCrypt" @@ -9999,8 +11074,11 @@ "ALL YOUR FILES WERE ENCRYPTED.\nTO RESTORE THIS FILE, YOU MUST SEND $700 BTC for MASCHINE\nOR $5,000 BTC FOR ALL NETWORK\nADDRESS: 15aM71TGtRZRrY97vdGcDEZeJYBWZhf4FP\nAFTER PAYMENT SENT EMAIL m4zn0v@keemail.me\nALONG WITH YOUR IDENTITY: VVNFUi1QQzA5\nNOT TO TURN OFF YOUR COMPUTER, UNLESS IT WILL BREAK" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/hc7-gotya-ransomware-installed-via-remote-desktop-services-spread-with-psexec/" - ] + "https://www.bleepingcomputer.com/news/security/hc7-gotya-ransomware-installed-via-remote-desktop-services-spread-with-psexec/", + "https://id-ransomware.blogspot.com/2017/12/hc7-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "500 - 700 $" }, "uuid": "9325e097-9fea-490c-9b89-c2d40c166101", "value": "HC7" @@ -10013,8 +11091,11 @@ ], "refs": [ "https://twitter.com/demonslay335/status/935622942737817601?ref_src=twsrc%5Etfw", - "https://www.bleepingcomputer.com/news/security/hc7-gotya-ransomware-installed-via-remote-desktop-services-spread-with-psexec/" - ] + "https://www.bleepingcomputer.com/news/security/hc7-gotya-ransomware-installed-via-remote-desktop-services-spread-with-psexec/", + "http://id-ransomware.blogspot.com/2017/11/hc6-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "2 500 $" }, "uuid": "909fde65-e015-40a9-9012-8d3ef62bba53", "value": "HC6" @@ -10023,8 +11104,11 @@ "description": "Security researchers have discovered a new ransomware strain named qkG that targets only Office documents for encryption and infects the Word default document template to propagate to new Word documents opened through the same Office suite on the same computer.", "meta": { "refs": [ - "https://www.bleepingcomputer.com/news/security/qkg-ransomware-encrypts-only-word-documents-hides-and-spreads-via-macros/" - ] + "https://www.bleepingcomputer.com/news/security/qkg-ransomware-encrypts-only-word-documents-hides-and-spreads-via-macros/", + "http://id-ransomware.blogspot.com/2017/11/qkg-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "300 $" }, "uuid": "1f3eab7f-da0a-4e0b-8a9f-cda2f146c819", "value": "qkG" @@ -10079,8 +11163,10 @@ "https://twitter.com/demonslay335/status/1049316344183836672", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-12th-2018-notpetya-gandcrab-and-more/", "https://twitter.com/Amigo_A_/status/1039105453735784448", - "https://twitter.com/GrujaRS/status/1072057088019496960" - ] + "https://twitter.com/GrujaRS/status/1072057088019496960", + "http://id-ransomware.blogspot.com/2017/06/scarab-ransomware.html" + ], + "payment-method": "Bitcoin Email" }, "uuid": "cf8fbd03-4510-41cc-bec3-712fa7609aa4", "value": "Scarab" @@ -10096,8 +11182,11 @@ "As you may have already noticed, all your important files are encrypted and you no longer have access to them. A unique key has been generated specifically for this PC and two very strong encryption algorithm was applied in that process. Original content of your files are wiped and overwritten with encrypted data so it cannot be recovered using any conventional data recovery tool.\n\nThe good news is that there is still a chance to recover your files, you just need to have the right key.\n\nTo obtain the key, visit our website from the menu above. You have to be fast, after 96 hours the key will be blocked and all your files will remain permanently encrypted since no one will be able to recover them without the key!\n\nRemember, do not try anything stupid, the program has several security measures to delete all your files and cause the damage to your PC.\n\nTo avoid any misunderstanding, please read Help section." ], "refs": [ - "https://www.bleepingcomputer.com/news/security/file-spider-ransomware-targeting-the-balkans-with-malspam/" - ] + "https://www.bleepingcomputer.com/news/security/file-spider-ransomware-targeting-the-balkans-with-malspam/", + "http://id-ransomware.blogspot.com/2017/12/file-spider-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.00725" }, "uuid": "3e75ce6b-b6de-4e5a-9501-8f9f847c819c", "value": "File Spider" @@ -10112,7 +11201,9 @@ "synonyms": [ "FindZip", "Patcher" - ] + ], + "payment-method": "Bitcoin", + "price": "0.25" }, "related": [ { @@ -10139,7 +11230,9 @@ "date": "June 2017", "refs": [ "https://objective-see.com/blog/blog_0x25.html" - ] + ], + "payment-method": "Bitcoin", + "price": "0.25 (700 $)" }, "related": [ { @@ -10177,8 +11270,11 @@ "https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-version-2-released-with-new-crab-extension-and-other-changes/", "https://www.bleepingcomputer.com/news/security/gandcrab-version-3-released-with-autorun-feature-and-desktop-background/", "https://www.bleepingcomputer.com/news/security/new-fallout-exploit-kit-drops-gandcrab-ransomware-or-redirects-to-pups/", - "https://www.bleepingcomputer.com/news/security/gandcrab-v5-ransomware-utilizing-the-alpc-task-scheduler-exploit/" - ] + "https://www.bleepingcomputer.com/news/security/gandcrab-v5-ransomware-utilizing-the-alpc-task-scheduler-exploit/", + "https://id-ransomware.blogspot.com/2018/01/gandcrab-ransomware.html" + ], + "payment-method": "Dash", + "price": "1 - 3" }, "related": [ { @@ -10198,7 +11294,9 @@ "date": "Febuary 2018", "refs": [ "https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/shurl0ckr-ransomware-as-a-service-peddled-on-dark-web-can-reportedly-bypass-cloud-applications" - ] + ], + "payment-method": "Bitcoin", + "price": "0.01 - 0.1" }, "uuid": "cc7f6da3-fafd-444f-b7e9-f0e650fb4d4f", "value": "ShurL0ckr" @@ -10214,7 +11312,8 @@ "https://sensorstechforum.com/fr/fairytail-files-virus-cryakl-ransomware-remove-restore-data/", "https://www.technologynews.tech/cryakl-ransomware-virus", "http://www.zdnet.com/article/cryakl-ransomware-decryption-keys-now-available-for-free/" - ] + ], + "payment-method": "Bitcoin" }, "related": [ { @@ -10243,8 +11342,11 @@ ], "refs": [ "https://mobile.twitter.com/EclecticIQ/status/968478323889332226", - "https://www.eclecticiq.com/resources/thanatos--ransomware-first-ransomware-ask-payment-bitcoin-cash?type=intel-report" - ] + "https://www.eclecticiq.com/resources/thanatos--ransomware-first-ransomware-ask-payment-bitcoin-cash?type=intel-report", + "http://id-ransomware.blogspot.com/2018/02/thanatos-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.1" }, "related": [ { @@ -10282,7 +11384,9 @@ "synonyms": [ "Vagger", "DONTSLIP" - ] + ], + "payment-method": "Bitcoin", + "price": "750 $" }, "uuid": "f80b0a42-21ef-11e8-8ac7-0317408794e2", "value": "RSAUtil" @@ -10296,7 +11400,8 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/qwerty-ransomware-utilizes-gnupg-to-encrypt-a-victims-files/" - ] + ], + "payment-method": "Bitcoin" }, "uuid": "15c370c0-2799-11e8-a959-57cdcd57e3bf", "value": "Qwerty Ransomware" @@ -10309,8 +11414,10 @@ "*** All your files has been encrypted ***\n\nI am ZENIS. A mischievous boy who loves cryptography, hardware and programming. My world is full of unanswered questions and puzzles half and half, and I'm coming to discover a new world. A world in digital space that you are supposed to play the role of my toys.\n\nIf you want to win in this game, you have to listen carefully to my instructions, otherwise you will be caught up in a one-step game and you will become the main loser of the story.\n\nMy instructions are simple and clear. Then follow these steps:\n\n1. Send this file (Zenis-Instructions.html) to my email with one your encrypted file less than 2 MB to trust to the game.\n\n2. I decrypt your file for free and send for you.\n\n3. If you confirm the correctness of the files, verify that the files are correct via email\n\n4. Then receive the price of decrypting files\n\n5. After you have deposited, please send me the payment details\n\n6. After i confirm deposit, i send you the \"Zenis Decryptor\" along with \"Private Key\" to recovery all your files.\n\nNow you can finish the game. You won the game. congratulations.\n\n\nPlease submit your request to both emails:\n\nTheZenis@Tutanota.com\n\nTheZenis@MailFence.com\n\nIf you did not receive an email after six hours, submit your request to the following emails:\n\nTheZenis@Protonmail.com\n\nTheZenis@Mail2Tor.com (On the TOR network)\n\n\nWarning: 3rd party and public programs, It may cause irreversible damage to your files. And your files will be lost forever." ], "refs": [ - "https://www.bleepingcomputer.com/news/security/zenis-ransomware-encrypts-your-data-and-deletes-your-backups/" - ] + "https://www.bleepingcomputer.com/news/security/zenis-ransomware-encrypts-your-data-and-deletes-your-backups/", + "https://id-ransomware.blogspot.com/2018/03/zenis-ransomware.html" + ], + "payment-method": "Bitcoin Email (Tor)" }, "uuid": "cbe3ee70-2d11-11e8-84bb-9b3c525a48d9", "value": "Zenis Ransomware" @@ -10318,8 +11425,11 @@ { "meta": { "refs": [ - "https://www.bleepingcomputer.com/news/security/author-of-polski-vortex-and-flotera-ransomware-families-arrested-in-poland/" - ] + "https://www.bleepingcomputer.com/news/security/author-of-polski-vortex-and-flotera-ransomware-families-arrested-in-poland/", + "http://id-ransomware.blogspot.com/2017/03/flotera-ransomware.html" + ], + "payment-method": "Dollars", + "price": "199" }, "uuid": "aab356ac-396c-11e8-90c8-631229f19d7a", "value": "Flotera Ransomware" @@ -10337,7 +11447,8 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/black-ruby-ransomware-skips-victims-in-iran-and-adds-a-miner-for-good-measure/", "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf" - ] + ], + "payment-method": "Monero miner on the computer" }, "uuid": "abf3001c-396c-11e8-8da6-ef501eef12e1", "value": "Black Ruby" @@ -10354,8 +11465,10 @@ "[Rose ASCII art]\n\n[WhiteRose written in ASCII art]\n\nThe singing of the sparrows, the breezes of the northern mountains and smell of the earth that was raining in the morning filled the entire garden space. I'm sitting on a wooden chair next to a bush tree, I have a readable book in my hands and I am sweating my spring with a cup of bitter coffee. Today is a different day.\n\nBehind me is an empty house of dreams and in front of me, full of beautiful white roses. To my left is an empty blue pool of red fish and my right, trees full of spring white blooms.\n\n I drink coffee, I'll continue to read a book from William Faulkner. In the garden environment, peace and quiet. My life always goes that way. Always alone without even an intimate friend.\n\nI have neither a pet, nor a friend or an enemy; I am a normal person with fantastic wishes among the hordes of white rose flowers. Everything is natural. I'm just a little interested in hacking and programming. My only electronic devices in this big garden are an old laptop for do projects and an iPhone for check out the news feeds for malware analytics on Twitter without likes posts.\n\nBelieve me, my only assets are the white roses of this garden. I think of days and write at night: the story, poem, code, exploit or the accumulation of the number of white roses sold and I say to myself that the wealth is having different friends of different races, languages, habits and religions, Not only being in a fairly stylish garden with full of original white roses.\n\nToday, I think deeply about the decision that has involved my mind for several weeks. A decision to freedom and at the worth of unity, intimacy, joy and love and is the decision to release white roses and to give gifts to all peoples of the world.\n\nI do not think about selling white roses again. This time, I will plant all the white roses of the garden to bring a different gift for the people of each country. No matter where is my garden and where I am from, no matter if you are a housekeeper or a big company owner, it does not matter if you are the west of the world or its east, it's important that the white roses are endless and infinite. You do not need to send letters or e-mails to get these roses. Just wait it tomorrow. Wait for good days with White Rose.\n\nI hope you accept this gift from me and if it reaches you, close your eyes and place yourself in a large garden on a wooden chair and feel this beautiful scene to reduce your anxiety and everyday tension.\n\nThank you for trusting me. Now open your eyes. Your system has a flower like a small garden; A white rose flower.\n\n/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\n[Recovery Instructions]\n\n I. Download qTox on your computer from [https://tox.chat/download.html]\nII. Create new profile then enter our ID in search contacts\n Our Tox ID: \"6F548F217897AA4140FB4C514C8187F2FFDBA3CAFC83795DEE2FBCA369E689006B7CED4A18E9\". III. Wait for us to accept your request.\nIV. Copy '[PersonalKey]' in \"HOW-TO-RECOVERY-FILES.TXT\" file and send this key with one encrypted file less size then 2MB for trust us in our Tox chat.\n IV.I. Only if you did not receive a reply after 24 hours from us, send your message to our secure tor email address \"TheWhiteRose@Torbox3uiot6wchz.onion\".\n IV.II. For perform \"Step IV.I\" and enter the TOR network, you must download tor and register in \"http://torbox3uiot6wchz.onion\" Mail Service)\nV. We decrypt your two files and we will send you.\nVI. After ensuring the integrity of the files, We will send you payment info.\nVII. Now after payment, you get \"WhiteRose Decryptor\" Along with the private key of your system.\nVIII.Everything returns to the normal and your files will be released.\n\n/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\n\nWhat is encryption?\n\n In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it, and those who are not authorized cannot. Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor. In an encryption scheme, the intended information or message, referred to as plaintext, is encrypted using an encryption algorithm – a cipher – generating ciphertext that can be read only if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, considerable computational resources and skills are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients but not to unauthorized users. in your case “WhiteRose Decryptor” software for safe and complete decryption of all your files and data.\n\nAny other way?\n\nIf you look through this text in the Internet and realise that something is wrong with your files but you do not have any instructions to restore your files, please contact your antivirus support." ], "refs": [ - "https://www.bleepingcomputer.com/news/security/the-whiterose-ransomware-is-decryptable-and-tells-a-strange-story/" - ] + "https://www.bleepingcomputer.com/news/security/the-whiterose-ransomware-is-decryptable-and-tells-a-strange-story/", + "http://id-ransomware.blogspot.com/2018/03/whiterose-ransomware.html" + ], + "payment-method": "Website Tor" }, "uuid": "abc80362-396c-11e8-bc5c-8bca89c0f797", "value": "WhiteRose" @@ -10370,8 +11483,11 @@ "https://www.bleepstatic.com/images/news/ransomware/p/pubg-ransomware/pubg-ransomware.jpg" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/pubg-ransomware-decrypts-your-files-if-you-play-playerunknowns-battlegrounds/" - ] + "https://www.bleepingcomputer.com/news/security/pubg-ransomware-decrypts-your-files-if-you-play-playerunknowns-battlegrounds/", + "https://id-ransomware.blogspot.com/2018/04/pubg-ransomware.html" + ], + "payment-method": "Game", + "price": "Play to decrypt" }, "uuid": "2239b3ca-3c9b-11e8-873e-53608d51ee71", "value": "PUBG Ransomware" @@ -10389,8 +11505,11 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/lockcrypt-ransomware-cracked-due-to-bad-crypto/", "https://twitter.com/malwrhunterteam/status/1034436350748053504", - "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-31st-2018-devs-on-vacation/" - ] + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-31st-2018-devs-on-vacation/", + "http://id-ransomware.blogspot.com/2017/06/lockcrypt-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.5 - 1" }, "uuid": "ac070e9a-3cbe-11e8-9f9d-839e888f2340", "value": "LockCrypt" @@ -10410,8 +11529,11 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/decrypters-for-some-versions-of-magniber-ransomware-released/", "https://www.bleepingcomputer.com/news/security/goodbye-cerber-hello-magniber-ransomware/", - "https://twitter.com/demonslay335/status/1005133410501787648" - ] + "https://twitter.com/demonslay335/status/1005133410501787648", + "http://id-ransomware.blogspot.com/2017/10/my-decryptor-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.2" }, "uuid": "a0c1790a-3ee7-11e8-9774-93351d675a9e", "value": "Magniber Ransomware" @@ -10426,8 +11548,11 @@ "UNCRYPT.README" ], "refs": [ - "https://twitter.com/siri_urz/status/981191281195044867" - ] + "https://twitter.com/siri_urz/status/981191281195044867", + "http://id-ransomware.blogspot.com/2018/04/vurten-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "10 000 $" }, "uuid": "7666e948-3f09-11e8-b0b2-af79c067d856", "value": "Vurten" @@ -10439,7 +11564,9 @@ "https://www.bleepingcomputer.com/news/security/microsoft-engineer-charged-in-reveton-ransomware-case/", "https://en.wikipedia.org/wiki/Ransomware#Reveton", "https://nakedsecurity.sophos.com/2012/08/29/reveton-ransomware-exposed-explained-and-eliminated/" - ] + ], + "payment-method": "Bitcoin", + "price": "200 $" }, "uuid": "1912ec68-4145-11e8-ac06-9b6643035a71", "value": "Reveton ransomware" @@ -10449,7 +11576,9 @@ "meta": { "refs": [ "https://en.wikipedia.org/wiki/Ransomware#Fusob" - ] + ], + "payment-method": "Bitcoin", + "price": "100 - 200 $" }, "uuid": "c921d9ac-4145-11e8-965b-df5002d4cad8", "value": "Fusob" @@ -10471,6 +11600,13 @@ "value": "OXAR" }, { + "meta": { + "refs": [ + "http://id-ransomware.blogspot.com/2018/03/bansomqarewanna-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "100 $" + }, "uuid": "b95a76d8-4171-11e8-b9b3-1bf62ec3265e", "value": "BansomQare Manna Ransomware" }, @@ -10481,8 +11617,10 @@ { "meta": { "refs": [ - "https://twitter.com/malwrhunterteam/status/982229994364547073" - ] + "https://twitter.com/malwrhunterteam/status/982229994364547073", + "http://id-ransomware.blogspot.com/2018/04/skyfile-ransomware.html" + ], + "payment-method": "Bitcoin Email" }, "uuid": "b4654c94-417a-11e8-8c2c-5b5748496f92", "value": "SkyFile" @@ -10492,7 +11630,8 @@ "meta": { "refs": [ "https://www.bleepingcomputer.com/news/security/minecraft-and-cs-go-ransomware-strive-for-media-attention/" - ] + ], + "payment-method": "Game" }, "uuid": "443c55c6-43d1-11e8-9072-6fdcf89aa4e6", "value": "MC Ransomware" @@ -10502,7 +11641,9 @@ "meta": { "refs": [ "https://www.bleepingcomputer.com/news/security/minecraft-and-cs-go-ransomware-strive-for-media-attention/" - ] + ], + "payment-method": "Game", + "price": "Play during 5 hours" }, "uuid": "449e18b0-43d1-11e8-847e-0fed641732a1", "value": "CSGO Ransomware" @@ -10563,8 +11704,11 @@ "https://twitter.com/struppigel/status/926748937477939200", "https://twitter.com/demonslay335/status/968552114787151873", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/", - "https://twitter.com/malwrhunterteam/status/1004048636530094081" - ] + "https://twitter.com/malwrhunterteam/status/1004048636530094081", + "https://id-ransomware.blogspot.com/2017/10/xiaoba-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1 200 yuan (180,81 $)" }, "uuid": "ef094aa6-4465-11e8-81ce-739cce28650b", "value": "XiaoBa ransomware" @@ -10584,7 +11728,9 @@ "refs": [ "https://sensorstechforum.com/nmcrypt-files-ransomware-virus-remove-restore-data/", "https://www.enigmasoftware.com/nmcryptansomware-removal/" - ] + ], + "payment-method": "Bitcoin", + "price": "7000 $" }, "uuid": "bd71be69-fb8c-4b1f-9d96-993ab23d5f2b", "value": "NMCRYPT Ransomware" @@ -10597,8 +11743,11 @@ "We’re very sorry that all of your personal files have been encrypted :( But there are good news – they aren’t gone, you still have the opportunity to restore them! Statistically, the lifespan of a hard-drive is anywhere from 3 to 5 years. If you don’t make copies of important information, you could lose everything! Just imagine! In order to receive the program that will decrypt all of your files, you will need to pay a certain amount. But let’s start with something else…" ], "refs": [ - "https://bartblaze.blogspot.lu/2018/04/maktub-ransomware-possibly-rebranded-as.html" - ] + "https://bartblaze.blogspot.lu/2018/04/maktub-ransomware-possibly-rebranded-as.html", + "http://id-ransomware.blogspot.com/2018/04/ironlocker-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.2" }, "uuid": "ba64d47c-46cd-11e8-87df-ff6252b4ea76", "value": "Iron" @@ -10612,8 +11761,11 @@ "https://pbs.twimg.com/media/DavxIr-W4AEq3Ny.jpg" ], "refs": [ - "https://twitter.com/malwrhunterteam/status/985152346773696512" - ] + "https://twitter.com/malwrhunterteam/status/985152346773696512", + "http://id-ransomware.blogspot.com/2018/04/tron-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.007305 - 0.05" }, "uuid": "94290f1c-46ff-11e8-b9c6-ef8852c58952", "value": "Tron ransomware" @@ -10630,7 +11782,9 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/new-c-ransomware-compiles-itself-at-runtime/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.14" }, "uuid": "c1788ac0-4fa0-11e8-b0fd-63f5a2914926", "value": "Unnamed ramsomware 1" @@ -10643,8 +11797,11 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/ransomware-hits-hpe-ilo-remote-management-interfaces/", - "https://twitter.com/M_Shahpasandi/status/989157283799162880" - ] + "https://twitter.com/M_Shahpasandi/status/989157283799162880", + "https://id-ransomware.blogspot.com/2018/04/hpe-ilo-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "2" }, "uuid": "39cb0268-528b-11e8-ac30-0fa44afdc8de", "value": "HPE iLO 4 Ransomware" @@ -10662,8 +11819,11 @@ "RESTORE-SIGRUN.txt" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/sigrun-ransomware-author-decrypting-russian-victims-for-free/" - ] + "https://www.bleepingcomputer.com/news/security/sigrun-ransomware-author-decrypting-russian-victims-for-free/", + "http://id-ransomware.blogspot.com/2018/05/sigrun-ransomware.html" + ], + "payment-method": "Bitcoin Email", + "price": "2500 $" }, "uuid": "5a53eec2-6993-11e8-a4d5-67480005dcbd", "value": "Sigrun Ransomware" @@ -10679,8 +11839,10 @@ ], "refs": [ "https://twitter.com/malwrhunterteam/status/1002953824590614528", - "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/" - ] + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/", + "https://id-ransomware.blogspot.com/2018/06/crybrazil-ransomware.html" + ], + "payment-method": "Website" }, "uuid": "30625df6-6e3e-11e8-b0cf-a7103cb03e05", "value": "CryBrazil" @@ -10692,8 +11854,11 @@ "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/june/8/De00yEDVQAE_p9z[1].jpg" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/ " - ] + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/ ", + "http://id-ransomware.blogspot.com/2018/06/pedcont-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.0065 (50 $)" }, "uuid": "b0e074fc-6e45-11e8-8366-dbfc88552a23 ", "value": "Pedcont" @@ -10714,7 +11879,8 @@ ], "synonyms": [ "Scarab-DiskDoctor" - ] + ], + "payment-method": "Bitcoin Email" }, "uuid": "aa66e0c2-6fb5-11e8-851d-4722b7b3e9b9", "value": "DiskDoctor" @@ -10731,8 +11897,11 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/", "https://twitter.com/JakubKroustek/status/1004463935905509376", - "https://bartblaze.blogspot.com/2018/06/redeye-ransomware-theres-more-than.html" - ] + "https://bartblaze.blogspot.com/2018/06/redeye-ransomware-theres-more-than.html", + "https://id-ransomware.blogspot.com/2018/06/redeye-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.1" }, "uuid": "e675e8fa-7065-11e8-95e0-cfdc107099d8", "value": "RedEye" @@ -10761,11 +11930,14 @@ "https://www.spamfighter.com/News-21588-Aurora-Ransomware-Circulating-the-Cyber-Space.htm", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/", "https://twitter.com/demonslay335/status/1004435398687379456", - "https://www.bleepingcomputer.com/news/security/aurora-zorro-ransomware-actively-being-distributed/" + "https://www.bleepingcomputer.com/news/security/aurora-zorro-ransomware-actively-being-distributed/", + "https://id-ransomware.blogspot.com/2018/05/aurora-ransomware.html" ], "synonyms": [ "Zorro Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "100 - 500" }, "uuid": "3ee0664e-706d-11e8-800d-9f690298b437", "value": "Aurora Ransomware" @@ -10776,11 +11948,14 @@ ".digiworldhack@tutanota.com" ], "ransomnotes": [ - "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/june/8/pgpsnippet-variant.jpg" + "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/june/8/pgpsnippet-variant.jpg", + "http://id-ransomware.blogspot.com/2018/05/pgpsnippet-ransomware.html" ], "refs": [ "https://twitter.com/demonslay335/status/1005138187621191681" - ] + ], + "payment-method": "Bitcoin", + "price": "500 $" }, "uuid": "682ff7ac-7073-11e8-8c8b-bf1271b8800b", "value": "PGPSnippet Ransomware" @@ -10791,8 +11966,10 @@ ".SF" ], "refs": [ - "https://twitter.com/demonslay335/status/1005136022282428419" - ] + "https://twitter.com/demonslay335/status/1005136022282428419", + "https://id-ransomware.blogspot.com/2018/04/spartacus-ransomware.html" + ], + "payment-method": "Bitcoin Email" }, "uuid": "fe42c270-7077-11e8-af82-d7bf7e6ab8a9", "value": "Spartacus Ransomware" @@ -10808,8 +11985,11 @@ ], "refs": [ "https://twitter.com/siri_urz/status/1005438610806583296", - "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-15th-2018-dbger-scarab-and-more/" - ] + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-15th-2018-dbger-scarab-and-more/", + "http://id-ransomware.blogspot.com/2018/06/donut-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "100 $" }, "uuid": "e57e1f4a-72da-11e8-8c0d-af46e8f393d2", "value": "Donut" @@ -10819,8 +11999,11 @@ "meta": { "refs": [ "https://twitter.com/Damian1338B/status/1005411102660923392", - "https://www.bleepingcomputer.com/news/security/nemes1s-raas-is-padcrypt-ransomwares-affiliate-system/" - ] + "https://www.bleepingcomputer.com/news/security/nemes1s-raas-is-padcrypt-ransomwares-affiliate-system/", + "https://id-ransomware.blogspot.com/2017/01/nemesis-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "10" }, "uuid": "3ac0f41e-72e0-11e8-85a8-f7ae254ab629", "value": "NemeS1S Ransomware" @@ -10836,8 +12019,10 @@ ], "refs": [ "https://twitter.com/malwrhunterteam/status/1005420103415017472", - "https://twitter.com/malwrhunterteam/status/993499349199056897" - ] + "https://twitter.com/malwrhunterteam/status/993499349199056897", + "http://id-ransomware.blogspot.com/2017/09/paradise-ransomware.html" + ], + "payment-method": "Bitcoin Email" }, "uuid": "db06d2e0-72f9-11e8-9413-73999e1a9373", "value": "Paradise Ransomware" @@ -10856,8 +12041,11 @@ "Your files were encrypted with AES-256.\n\nAsk how to restore your files by email ssananunak1987@protonmail.com\n\nUse only gmail.com, yahoo.com, protonmail.com.\nMessages written from other mail services we can not get.\n\nWe always respond to messages. If there is no answer within 24 hours, then write us with another email service.\n\n[OR]\n\nIf within 24 hours you have not received a response, you need to follow the following instructions:\n\na) Download and install TOR browser: https://www.torproject.org/download/download-easy.html.en\nb) From the TOR browser, follow the link: torbox3uiot6wchz.onion\nc) Register your e-mail (Sign Up)\nd) Write us on e-mail: ssananunak1987@torbox3uiot6wchz.onion\nATTENTION: e-mail (ssananunak1987@torbox3uiot6wchz.onion) accepts emails, only with e-mail registered in the TOR browser at torbox3uiot6wchz.onion\n\n################################\n\nAny actions on your part over encrypted files can damage them. Be sure to make backups!\n\n################################\n\nIn the message write us this ID:\n[redacted base64]" ], "refs": [ - "https://twitter.com/demonslay335/status/1006220895302705154" - ] + "https://twitter.com/demonslay335/status/1006220895302705154", + "https://id-ransomware.blogspot.com/2018/03/b2dr-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.1 - 0.3" }, "uuid": "4a341cf4-72ff-11e8-8371-b74902a1dff3", "value": "B2DR Ransomware" @@ -10873,8 +12061,10 @@ "Hello. Your files have been encrypted.\n\nFor help, write to this e-mail: codyprince92@mail.com\nAttach to the letter 1-2 files (no more than 3 MB) and your personal key.\n\n\nIf within 24 hours you have not received a response, you need to follow the following instructions:\n\n\na) Download and install TOR browser: https://www.torproject.org/download/download-easy.html.en\nb) From the TOR browser, follow the link: torbox3uiot6wchz.onion\nc) Register your e-mail (Sign Up)\nd) Write us on e-mail: codyprince@torbox3uiot6wchz.onion\n\n\nATTENTION: e-mail (codyprince@torbox3uiot6wchz.onion) accepts emails, only with e-mail registered in the TOR browser at torbox3uiot6wchz.onion\n\n\n\nYour personal key:\n\n[redacted hex]" ], "refs": [ - "https://twitter.com/demonslay335/status/1006237353474756610" - ] + "https://twitter.com/demonslay335/status/1006237353474756610", + "http://id-ransomware.blogspot.com/2017/05/yyto-ransomware.html" + ], + "payment-method": "Email Tor" }, "uuid": "ef38d8b4-7392-11e8-ba1e-cfb37f0b9c73", "value": "YYTO Ransomware" @@ -10890,7 +12080,8 @@ ], "refs": [ "https://twitter.com/demonslay335/status/1007334654918250496" - ] + ], + "payment-method": "Email" }, "uuid": "53e6e068-739c-11e8-aae4-df58f7f27ee5", "value": "Unnamed ramsomware 2" @@ -10909,8 +12100,11 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/decryptor-released-for-the-everbe-ransomware/", "https://twitter.com/malwrhunterteam/status/1065675918000234497", - "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/" - ] + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/", + "http://id-ransomware.blogspot.com/2018/03/everbe-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "3003 $" }, "uuid": "9d09ac4a-73a0-11e8-b71c-63b86eedf9a2", "value": "Everbe Ransomware" @@ -10919,7 +12113,8 @@ "meta": { "refs": [ "https://www.johannesbader.ch/2015/03/the-dga-of-dircrypt/" - ] + ], + "payment-method": "Bitcoin" }, "related": [ { @@ -10945,8 +12140,11 @@ "https://www.bleepstatic.com/images/news/u/986406/Ransomware/DBGer/DBGer-ransom-note.png" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/dbger-ransomware-uses-eternalblue-and-mimikatz-to-spread-across-networks/" - ] + "https://www.bleepingcomputer.com/news/security/dbger-ransomware-uses-eternalblue-and-mimikatz-to-spread-across-networks/", + "http://id-ransomware.blogspot.com/2018/06/dbger-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "541a479c-73a5-11e8-9d70-47736508231f", "value": "DBGer Ransomware" @@ -10955,8 +12153,11 @@ "description": "Hidden Tear variant discovered in October 2016. After activation, provides victims with an unlimited amount of time to gather the requested ransom money and pay it. Related unlock keys and the response sent to and from a Gmail addres", "meta": { "refs": [ - "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf" - ] + "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf", + "https://id-ransomware.blogspot.com/2017/11/rastakhiz-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "250 $" }, "uuid": "884eaa14-9ba8-11e8-a6ec-7f903f720e60", "value": "RASTAKHIZ" @@ -10965,11 +12166,14 @@ "description": "DUMB variant discovered on November 16, 2017. Disguised itself as a popular virtual private network (VPN) in Iran known as Psiphon and infected Iranian users. Included Farsi-language ransom note, decryptable in the same way as previous DUMB-based variants. Message requested only US$15 for unlock key. Advertised two local and Iran-based payment processors: exchange.ir and webmoney.ir.Shared unique and specialized indicators with RASTAKHIZ; iDefense threat intelligence analysts believe this similarity confirms that the same actor was behind the repurposing of both types of ransomware.", "meta": { "refs": [ - "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf" + "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf", + "http://id-ransomware.blogspot.com/2017/10/tyrant-ransomware.html" ], "synonyms": [ "Crypto Tyrant" - ] + ], + "payment-method": "Bitcoin", + "price": "15 $" }, "uuid": "701f2a3e-9baa-11e8-a044-4b8bc49ea971", "value": "TYRANT" @@ -10978,8 +12182,11 @@ "description": "zCrypt variant discovered on November 17, 2017, one day after the discovery of TYRANT. Used Farsi-language ransom note asking for a staggering 20 Bitcoin ransom payment. Also advertised local Iran-based payment processors and exchanges—www.exchangeing[.]ir, www.payment24[.]ir, www.farhadexchange.net, and www.digiarz.com)—through which Bitcoins could be acquired.", "meta": { "refs": [ - "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf" - ] + "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf", + "https://id-ransomware.blogspot.com/2017/11/wannasmile-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "20" }, "uuid": "b3f04486-9bc4-11e8-bbfe-cf096483b45e", "value": "WannaSmile" @@ -10989,7 +12196,8 @@ "meta": { "refs": [ "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf" - ] + ], + "payment-method": "Email" }, "uuid": "b48a7d62-9bc4-11e8-a7c5-47d13fad265f", "value": "Unnamed Android Ransomware" @@ -11010,7 +12218,9 @@ ], "synonyms": [ "KeyPass" - ] + ], + "payment-method": "Bitcoin", + "price": "300 $" }, "uuid": "22b4070e-9efe-11e8-b617-ab269f54596c", "value": "KEYPASS" @@ -11031,8 +12241,11 @@ "refs": [ "https://twitter.com/Emm_ADC_Soft/status/1064459080016760833", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/", - "https://twitter.com/MarceloRivero/status/1065694365056679936" - ] + "https://twitter.com/MarceloRivero/status/1065694365056679936", + "http://id-ransomware.blogspot.com/2017/12/stop-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "200 - 600 $" }, "uuid": "c76c4d24-9f99-11e8-808d-a7f1c66a53c5", "value": "STOP Ransomware" @@ -11046,11 +12259,13 @@ ], "refs": [ "https://twitter.com/malwrhunterteam/status/1032242391665790981", - "https://www.bleepingcomputer.com/news/security/barack-obamas-blackmail-virus-ransomware-only-encrypts-exe-files/" + "https://www.bleepingcomputer.com/news/security/barack-obamas-blackmail-virus-ransomware-only-encrypts-exe-files/", + "https://id-ransomware.blogspot.com/2018/08/barack-obamas-ransomware.html" ], "synonyms": [ "Barack Obama's Blackmail Virus Ransomware" - ] + ], + "payment-method": "Bitcoin" }, "uuid": "1a98f5ca-b024-11e8-b828-1fb7dbd6619e", "value": "Barack Obama's Everlasting Blue Blackmail Virus Ransomware" @@ -11068,8 +12283,11 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/cryptonar-ransomware-discovered-and-quickly-decrypted/", - "https://twitter.com/malwrhunterteam/status/1034492151541977088" - ] + "https://twitter.com/malwrhunterteam/status/1034492151541977088", + "https://id-ransomware.blogspot.com/2018/08/cryptonar-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "200 $" }, "related": [ { @@ -11091,8 +12309,10 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-31st-2018-devs-on-vacation/", - "https://twitter.com/JakubKroustek/status/1033656080839139333" - ] + "https://twitter.com/JakubKroustek/status/1033656080839139333", + "https://id-ransomware.blogspot.com/2018/08/creampie-ransomware.html" + ], + "payment-method": "Bitcoin" }, "uuid": "1b5a756e-b034-11e8-9e7d-c3271796acab", "value": "CreamPie Ransomware" @@ -11121,8 +12341,11 @@ ], "refs": [ "https://twitter.com/demonslay335/status/1034213399922524160", - "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-31st-2018-devs-on-vacation/" - ] + "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-31st-2018-devs-on-vacation/", + "https://id-ransomware.blogspot.com/2018/08/cassetto-ransomware.html" + ], + "payment-method": "Bitcoin", + "price": "0.5" }, "uuid": "7d3287f0-b03d-11e8-b1ef-23485f43e7f9", "value": "Cassetto Ransomware" @@ -11139,7 +12362,9 @@ ], "synonyms": [ "Acroware Screenlocker" - ] + ], + "payment-method": "Bitcoin", + "price": "80 $" }, "uuid": "f1b76b66-b044-11e8-8ae7-cbe7e28dd584", "value": "Acroware Cryptolocker Ransomware" @@ -11156,7 +12381,9 @@ "refs": [ "https://twitter.com/B_H101/status/1034379267956715520", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-31st-2018-devs-on-vacation/" - ] + ], + "payment-method": "Bitcoin", + "price": "100 - 500 $" }, "uuid": "a8a772b4-b04d-11e8-ad94-ab9124dff412", "value": "Termite Ransomware" @@ -11177,7 +12404,9 @@ ], "synonyms": [ "Pico Ransomware" - ] + ], + "payment-method": "Bitcoin", + "price": "100 $" }, "uuid": "5d0c28f6-b050-11e8-95a8-7b8e480b9bd2", "value": "PICO Ransomware" @@ -11193,7 +12422,9 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/sigma-ransomware-being-distributed-using-fake-craigslist-malspam/" - ] + ], + "payment-method": "Bitcoin", + "price": "400 $" }, "uuid": "df025902-b29e-11e8-a2ab-739167419c52", "value": "Sigma Ransomware" @@ -11210,7 +12441,9 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/mongo-lock-attack-ransoming-deleted-mongodb-databases/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.1" }, "uuid": "2aa481fe-c254-11e8-ad1c-efee78419960", "value": "Mongo Lock" @@ -11226,7 +12459,9 @@ "https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/", "https://twitter.com/MarceloRivero/status/1059575186117328898", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-9th-2018-mostly-dharma-variants/" - ] + ], + "payment-method": "Dollars", + "price": "80" }, "uuid": "c49f88f6-c87d-11e8-b005-d76e8162ced5", "value": "Kraken Cryptor Ransomware" @@ -11242,7 +12477,8 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/fallout-exploit-kit-pushing-the-savefiles-ransomware/" - ] + ], + "payment-method": "Email" }, "uuid": "76bfb132-cc70-11e8-8623-bb3f209be6c9", "value": "SAVEfiles" @@ -11260,7 +12496,9 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/file-locker-ransomware-targets-korean-victims-and-asks-for-50k-won/" - ] + ], + "payment-method": "Won", + "price": "50 000 (50 $)" }, "uuid": "c06a1938-dcee-11e8-bc74-474b0080f0e5", "value": "File-Locker" @@ -11278,7 +12516,9 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/commonransom-ransomware-demands-rdp-access-to-decrypt-files/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.1" }, "uuid": "c0dffb94-dcee-11e8-81b9-3791d1c6638f", "value": "CommonRansom" @@ -11293,7 +12533,8 @@ "synonyms": [ "Godsomware v1.0", "Ransomware God Crypt" - ] + ], + "payment-method": "Bitcoin Website" }, "uuid": "7074f228-e0ee-11e8-9c49-7fc798e92ddbx§", "value": "God Crypt Joke Ransomware" @@ -11311,7 +12552,8 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-12th-2018-notpetya-gandcrab-and-more/", "https://twitter.com/demonslay335/status/1049325784979132417" - ] + ], + "payment-method": "Email" }, "uuid": "a920dea5-9f30-4fa2-9665-63f306874381", "value": "DecryptFox Ransomware" @@ -11328,7 +12570,9 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-12th-2018-notpetya-gandcrab-and-more/", "https://www.bleepingcomputer.com/news/security/ransomware-pretends-to-be-proton-security-team-securing-data-from-hackers/" - ] + ], + "payment-method": "Bitcoin", + "price": "780 $" }, "uuid": "f251740b-1594-460a-a378-371f3a2ae92c", "value": "garrantydecrypt" @@ -11345,7 +12589,9 @@ "refs": [ "https://twitter.com/siri_urz/status/1039077365039673344", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-14th-2018-kraken-dharma-and-matrix/" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "ea643bfd-613e-44d7-9408-4991d53e08fa", "value": "MVP Ransomware" @@ -11360,7 +12606,9 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-14th-2018-kraken-dharma-and-matrix/", "" - ] + ], + "payment-method": "Bitcoin", + "price": "0.8" }, "uuid": "3675e50d-3f76-45f8-b3f3-4a645779e14d", "value": "StorageCrypter" @@ -11374,7 +12622,8 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-14th-2018-kraken-dharma-and-matrix/", "https://twitter.com/GrujaRS/status/1040677247735279616" - ] + ], + "payment-method": "Email" }, "uuid": "e90a57b5-cd17-4dce-b83f-d007053c7b35", "value": "Rektware" @@ -11394,7 +12643,9 @@ "synonyms": [ "M@r1a", "BlackHeart" - ] + ], + "payment-method": "Bitcoin", + "price": "0.002 (50 $)" }, "uuid": "1009b7f3-e737-49fd-a872-1e0fd1df4c00", "value": "M@r1a ransomware" @@ -11411,7 +12662,9 @@ "refs": [ "https://twitter.com/demonslay335/status/1059470985055875074", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-9th-2018-mostly-dharma-variants/" - ] + ], + "payment-method": "Bitcoin", + "price": "25 000 sek (sweden)" }, "uuid": "ad600737-6d5f-4771-ae80-3e434e29c749", "value": "\"prepending (enc) ransomware\" (Not an official name)" @@ -11428,7 +12681,9 @@ ], "refs": [ "https://twitter.com/demonslay335/status/1060921043957755904" - ] + ], + "payment-method": "Bitcoin", + "price": "300 $" }, "uuid": "f7fa6978-c932-4e62-b4fc-3fbbbc195602", "value": "PyCL Ransomware" @@ -11445,7 +12700,8 @@ "refs": [ "https://twitter.com/malwrhunterteam/status/1063769884608348160", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/" - ] + ], + "payment-method": "Email" }, "uuid": "f53205a0-7a8f-41d1-a427-bf3ab9bd77bb", "value": "Vapor Ransomware" @@ -11462,7 +12718,9 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/", "https://twitter.com/GrujaRS/status/1063930127610986496" - ] + ], + "payment-method": "Bitcoin", + "price": "0.00000001" }, "uuid": "677aeb47-587d-40a4-80b7-22672ba1160c", "value": "EnyBenyHorsuke Ransomware" @@ -11485,7 +12743,9 @@ ], "synonyms": [ "DelphiMorix" - ] + ], + "payment-method": "Bitcoin", + "price": "999999.5" }, "uuid": "7f82fb04-1bd2-40a1-9baa-895b53c6f7d4", "value": "DeLpHiMoRix" @@ -11505,7 +12765,9 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-30th-2018-indictments-sanctions-and-more/", "https://twitter.com/GrujaRS/status/1066799421080461312", "https://www.youtube.com/watch?v=_aaFon7FVbc" - ] + ], + "payment-method": "Bitcoin", + "price": "0.00000001" }, "uuid": "950d5501-b5eb-4f53-b33d-76e789912c16", "value": "EnyBeny Nuclear Ransomware" @@ -11523,7 +12785,9 @@ "refs": [ "https://twitter.com/demonslay335/status/1067109661076262913", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-30th-2018-indictments-sanctions-and-more/" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "a8eb9743-dfb6-4e13-a95e-e68153df94e9", "value": "Lucky Ransomware" @@ -11537,7 +12801,9 @@ ], "synonyms": [ "UNNAMED1989" - ] + ], + "payment-method": "Yuan", + "price": "110 (16 $)" }, "uuid": "b2aa807d-98fa-48e4-927b-4e81a50736e5", "value": "WeChat Ransom" @@ -11555,7 +12821,8 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-7th-2018-wechat-ransomware-scammers-and-more/", "https://www.youtube.com/watch?v=QevoUzbqNTQ", "https://twitter.com/GrujaRS/status/1070011234521673728" - ] + ], + "payment-method": "Politic" }, "uuid": "3ade75c8-6ef7-4c54-84d0-cab0161d3415", "value": "IsraBye" @@ -11571,7 +12838,8 @@ "refs": [ "https://twitter.com/struppigel/status/1069905624954269696", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-7th-2018-wechat-ransomware-scammers-and-more/" - ] + ], + "payment-method": "Bitcoin Website" }, "related": [ { @@ -11601,7 +12869,8 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-7th-2018-wechat-ransomware-scammers-and-more/", "https://twitter.com/petrovic082/status/1071003939015925760", "https://twitter.com/Emm_ADC_Soft/status/1071716275590782976" - ] + ], + "payment-method": "Email" }, "uuid": "3bcc725f-6b89-4350-ad79-f50daa30f74e", "value": "Gerber Ransomware 1.0" @@ -11622,7 +12891,9 @@ "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-7th-2018-wechat-ransomware-scammers-and-more/", "https://twitter.com/GrujaRS/status/1071153192975642630", "https://www.youtube.com/watch?v=iB019lDvArs" - ] + ], + "payment-method": "Bitcoin", + "price": "900 $" }, "uuid": "9ebfa028-a9dd-46ec-a915-1045fb297824", "value": "Outsider" @@ -11633,7 +12904,9 @@ "refs": [ "https://twitter.com/demonslay335/status/1071123090564923393", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-7th-2018-wechat-ransomware-scammers-and-more/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.3" }, "uuid": "23fcbbf1-93ee-4baf-9082-67ca26553643", "value": "JungleSec" @@ -11652,7 +12925,9 @@ "https://twitter.com/GrujaRS/status/1071349228172124160", "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-14th-2018-slow-week/", "https://www.youtube.com/watch?v=uHYY6XZZEw4" - ] + ], + "payment-method": "Bitcoin", + "price": "1" }, "uuid": "edd4c8d0-d971-40a6-b7c6-5c57a4b51e48", "value": "EQ Ransomware" @@ -11669,7 +12944,8 @@ ], "refs": [ "https://twitter.com/demonslay335/status/1072164314608480257" - ] + ], + "payment-method": "Email" }, "uuid": "968cf828-0653-4d86-a01d-186db598f391", "value": "Mercury Ransomware" @@ -11685,7 +12961,8 @@ ], "refs": [ "https://twitter.com/GrujaRS/status/1072468548977680385" - ] + ], + "payment-method": "Email" }, "uuid": "ea390fa7-94ac-4287-8a2d-c211330671b0", "value": "Forma Ransomware" @@ -11701,7 +12978,8 @@ ], "refs": [ "https://twitter.com/demonslay335/status/1072907748155842565" - ] + ], + "payment-method": "Email" }, "uuid": "e37ddc9e-8ceb-4817-a17e-755aa379ed14", "value": "Djvu" @@ -11718,7 +12996,9 @@ ], "refs": [ "https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/" - ] + ], + "payment-method": "Bitcoin", + "price": "13.57" }, "uuid": "f9464c80-b776-4f37-8682-ffde0cf8f718", "value": "Ryuk ransomware" @@ -11728,7 +13008,8 @@ "meta": { "refs": [ "https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/" - ] + ], + "payment-method": "Bitcoin Email" }, "uuid": "09fa0e0a-f0b2-46ea-8477-653e627b1c22", "value": "BitPaymer" @@ -11746,7 +13027,8 @@ ], "refs": [ "https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-allegedly-used-in-altran-attack/" - ] + ], + "payment-method": "Email" }, "uuid": "1e19dae5-80c3-4358-abcd-2bf0ba4c76fe", "value": "LockerGoga" @@ -11756,7 +13038,9 @@ "meta": { "refs": [ "https://blog.trendmicro.com/trendlabs-security-intelligence/ransomware-as-a-service-princess-evolution-looking-for-affiliates/" - ] + ], + "payment-method": "Bitcoin", + "price": "0.12 (773 $)" }, "uuid": "53da7991-62b7-4fe2-af02-447a0734f41d", "value": "Princess Evolution" @@ -11769,7 +13053,9 @@ ], "synonyms": [ "Fake GandCrab" - ] + ], + "payment-method": "Bitcoin", + "price": "0.0077" }, "uuid": "8cfa694b-3e6b-410a-828f-037d981870b2", "value": "Jokeroo"