diff --git a/ransomware/machinetag.json b/ransomware/machinetag.json
index 4298d3c..52f5a30 100644
--- a/ransomware/machinetag.json
+++ b/ransomware/machinetag.json
@@ -2,7 +2,7 @@
   "namespace": "ransomware",
   "expanded": "ransomware types and elements",
   "description": "Ransomware is used to define ransomware types and the elements that compose them.",
-  "version": 2,
+  "version": 3,
   "refs": [
     "https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-evolution-of-ransomware.pdf",
     "https://docs.apwg.org/ecrimeresearch/2018/5357083.pdf",
@@ -40,7 +40,7 @@
         },
         {
           "value": "locker-ransomware",
-          "expanded": "Locker eansomware, also called computer locker, denies access to the computer or device "
+          "expanded": "Locker ransomware, also called computer locker, denies access to the computer or device "
         },
         {
           "value": "crypto-ransomware",
@@ -55,6 +55,18 @@
           "value": "ransomnote",
           "expanded": "A ransomnote is the message left by the attacker to threaten his victim and ask for ransom. It is usually seen as a text file or a picture set as background."
         },
+        {
+          "value": "ransomware-appended-extension",
+          "expanded": "This is the extension added by the ransomware to the files."
+        },
+        {
+          "value": "ransomware-encrypted-extensions",
+          "expanded": "This is the list of extensions that will be encrypted by the ransomware. Beware to keep the order."
+        },
+        {
+          "value": "ransomware-excluded-extensions",
+          "expanded": "This is the list of extensions that will not be encrypted by the ransomware. Beware to keep the order."
+        },
         {
           "value": "dropper",
           "expanded": "A dropper is a means of getting malware into a machine while bypassing the security checks by carring the malware inside of itself."