diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 5f131ab2..e72b716b 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -9326,12 +9326,26 @@
           "DONTSLIP"
         ]
       }
+    },
+    {
+      "value": "Qwerty Ransomware",
+      "description": "A new ransomware has been discovered that utilizes the legitimate GnuPG, or GPG, encryption program to encrypt a victim's files.  Currently in the wild, this ransomware is called Qwerty Ransomware and will encrypt a victims files, overwrite the originals, and the append the .qwerty extension to an encrypted file's name.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/qwerty-ransomware-utilizes-gnupg-to-encrypt-a-victims-files/"
+        ],
+        "ransomnotes": [
+          "Your computer is encrypted . Mail cryz1@protonmail.com . Send your ID 5612.\nNote! You have only 72 hours for write on e-mail (see below) or all your files will be lost!",
+          "README_DECRYPT.txt"
+        ]
+      },
+      "uuid": "15c370c0-2799-11e8-a959-57cdcd57e3bf"
     }
   ],
   "source": "Various",
   "uuid": "10cf658b-5d32-4c4b-bb32-61760a640372",
   "name": "Ransomware",
-  "version": 6,
+  "version": 7,
   "type": "ransomware",
   "description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar"
 }