From b100b0cedd09ea749059881d11040d98cbcb9faf Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Mon, 13 Aug 2018 15:50:09 +0200 Subject: [PATCH] add KEYPASS ransomware --- clusters/android.json | 2 +- clusters/ransomware.json | 22 +++++++++++++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/clusters/android.json b/clusters/android.json index 2ff9c0ec..22baca22 100644 --- a/clusters/android.json +++ b/clusters/android.json @@ -4299,7 +4299,7 @@ "https://www.bleepingcomputer.com/news/security/new-mysterybot-android-malware-packs-a-banking-trojan-keylogger-and-ransomware/" ] }, - "uuid": "53e2e7e8-70a8-11e8-b0f8-33fcf651adaf" + "uuid": "53e2e7e8-70a8-11e8-b0f8-33fcf6s51adaf" }, { "value": "Skygofree", diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 2b82c1b1..5b384cac 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -10070,12 +10070,32 @@ ] }, "uuid": "b48a7d62-9bc4-11e8-a7c5-47d13fad265f" + }, + { + "value": "KEYPASS", + "description": "A new distribution campaign is underway for a STOP Ransomware variant called KeyPass based on the amount of victims that have been seen. Unfortunately, how the ransomware is being distributed is unknown at this time.", + "meta": { + "refs": [ + "https://www.bleepingcomputer.com/news/security/new-keypass-ransomware-campaign-underway/" + ], + "synonyms": [ + "KeyPass" + ], + "ransomnotes": [ + "!!!KEYPASS_DECRYPTION_INFO!!!.txt", + "Attention!\n\nAll your files, documents, photos, databases and other important files are encrypted and have the extension: .KEYPASS\n\nThe only method of recovering files is to purchase an decrypt software and unique private key.\n\nAfter purchase you will start decrypt software, enter your unique private key and it will decrypt all your data.\n\nOnly we can give you this key and only we can recover your files.\n\nYou need to contact us by e-mail keypass@bitmessage.ch send us your personal ID and wait for further instructions.\n\nFor you to be sure, that we can decrypt your files - you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.\n\nPrice for decryption $300.\n\nThis price avaliable if you contact us first 72 hours.\n\nE-mail address to contact us:\n\nkeypass@bitmessage.ch\n\n\n\nReserve e-mail address to contact us:\n\nkeypass@india.com\n\n\n\nYour personal id:\n[id]" + ], + "extensions": [ + ".KEYPASS" + ] + }, + "uuid": "22b4070e-9efe-11e8-b617-ab269f54596c" } ], "source": "Various", "uuid": "10cf658b-5d32-4c4b-bb32-61760a640372", "name": "Ransomware", - "version": 27, + "version": 28, "type": "ransomware", "description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar" }