From f49b54281b7645b703663a99613f6909ebc7a989 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Wed, 2 Feb 2022 22:36:14 +0100
Subject: [PATCH] chg: [ransomware] set encryption only

---
 clusters/ransomware.json | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index a882f00..2c6a281 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -24229,11 +24229,7 @@
       "description": "BlackCat (ALPHV) is ransomware written in Rust. The ransomware makes heavy use of plaintext JSON configuration files to specify the ransomware functionality. BlackCat has many advanced capabilities like escalating privileges and bypassing UAC make use of AES and ChaCha20 or Salsa encryption, may use the Restart Manager, can delete volume shadow copies, can enumerate disk volumes and network shares automatically, and may kill specific processes and services. The ransomware exists for both Windows, Linux, and ESXi systems. Multiple extortion techniques are used by the BlackCat gang, such as exfiltrating victim data before the ransomware deployment, threats to release data if the ransomw is not paid, and distributed denial-of-service (DDoS) attacks.",
       "meta": {
         "date": "June 2021",
-        "encryption": [
-          "AES",
-          "ChaCha20",
-          "Salsa"
-        ],
+        "encryption": "AES",
         "ransomnotes-refs": [
           "https://unit42.paloaltonetworks.com/wp-content/uploads/2022/01/word-image-78.png"
         ],