From e561e3e4f01baafa4be1358b56898283d2bd3f8d Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Wed, 6 Jun 2018 16:29:24 +0200 Subject: [PATCH] add Sigrun ransomwaremeta data --- clusters/ransomware.json | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 29f7d4f6..285e6486 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -9701,6 +9701,13 @@ "meta": { "refs": [ "https://www.bleepingcomputer.com/news/security/sigrun-ransomware-author-decrypting-russian-victims-for-free/" + ], + "extensions": [ + ".sigrun" + ], + "ransomnotes": [ + "SIGRUN 1.0 RANSOMWARE\n\nAll your important files are encrypted\n\nYour files has been encrypted by sigrun ransomware with unique decryption key.\n\nThere is only one way to get your files back: contact with us, pay, and get decryptor software. \n\nWe accept Bitcoin and Dash, you can find exchangers on https://www.bitcoin.com/buy-bitcoin and https://www.dash.org/exchanges/ and others.\n\nYou have unique idkey (in a yellow frame), write it in letter when contact with us.\n\nAlso you can decrypt 3 files for test, its guarantee what we can decrypt your files.\n\nIDKEY:\n>>> [id_key] <<<\nContact information:\n\nemail: sigrun_decryptor@protonmail.ch", + "~~~~~~SIGRUN 1.0 RANSOMWARE~~~~~~~~~\n\nAttention! \n\nAll your files documents, photos, databases and other important files are encrypted and have the extension: .sigrun\n\nThe only method of recovering files is to purchase a private key. It is on our server and only we can recover your files. \n\nBut don't worry! You still can restore it!\n\nIn order to restore it you need to contact with us via e-mail.\n\n-----------------------------------------------\n|Our e-mail is: sigrun_decryptor@protonmail.ch|\n-----------------------------------------------\n\nAs a proof we will decrypt 3 files for free!\n\nPlease, attach this to your message:\n[id_key]" ] }, "uuid": "5a53eec2-6993-11e8-a4d5-67480005dcbd"