From ac6b8127fb40fd23029f59f28c804e0d8974e15e Mon Sep 17 00:00:00 2001
From: SwitHak <SwitHak@users.noreply.github.com>
Date: Thu, 11 Apr 2019 23:11:49 +0200
Subject: [PATCH 1/2] Update Ransomware galaxy

Date: 2019-04-11
Author: SwitHak
Purpose: Add 3 meta tag to be able to give specification of extensions usage:
- ransomware-appended-extension
   -> This is the extension added by the ransomware to the files.
- ransomware-encrypted-extensions",
   -> This is the list of extensions that will be encrypted by the ransomware. Beware to keep the order.
- ransomware-excluded-extensions",
    -> This is the list of extensions that will not be encrypted by the ransomware. Beware to keep the order.

If I missed something, tell me through the PR or via Twitter: @SwitHak
---
 ransomware/machinetag.json | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/ransomware/machinetag.json b/ransomware/machinetag.json
index 4298d3c..7a05fbb 100644
--- a/ransomware/machinetag.json
+++ b/ransomware/machinetag.json
@@ -2,7 +2,7 @@
   "namespace": "ransomware",
   "expanded": "ransomware types and elements",
   "description": "Ransomware is used to define ransomware types and the elements that compose them.",
-  "version": 2,
+  "version": 2.1,
   "refs": [
     "https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-evolution-of-ransomware.pdf",
     "https://docs.apwg.org/ecrimeresearch/2018/5357083.pdf",
@@ -40,7 +40,7 @@
         },
         {
           "value": "locker-ransomware",
-          "expanded": "Locker eansomware, also called computer locker, denies access to the computer or device "
+          "expanded": "Locker ransomware, also called computer locker, denies access to the computer or device "
         },
         {
           "value": "crypto-ransomware",
@@ -55,6 +55,18 @@
           "value": "ransomnote",
           "expanded": "A ransomnote is the message left by the attacker to threaten his victim and ask for ransom. It is usually seen as a text file or a picture set as background."
         },
+        {
+          "value": "ransomware-appended-extension",
+          "expanded": "This is the extension added by the ransomware to the files."
+        },
+        {
+          "value": "ransomware-encrypted-extensions",
+          "expanded": "This is the list of extensions that will be encrypted by the ransomware. Beware to keep the order."
+        },
+        {
+          "value": "ransomware-excluded-extensions",
+          "expanded": "This is the list of extensions that will not be encrypted by the ransomware. Beware to keep the order."
+        },
         {
           "value": "dropper",
           "expanded": "A dropper is a means of getting malware into a machine while bypassing the security checks by carring the malware inside of itself."

From 4ac6b5c4b0d6a0618c65540a597a802ca1bf65f6 Mon Sep 17 00:00:00 2001
From: SwitHak <SwitHak@users.noreply.github.com>
Date: Thu, 11 Apr 2019 23:27:16 +0200
Subject: [PATCH 2/2] Update Ransomware taxonomy

Integer value (sic)
---
 ransomware/machinetag.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ransomware/machinetag.json b/ransomware/machinetag.json
index 7a05fbb..52f5a30 100644
--- a/ransomware/machinetag.json
+++ b/ransomware/machinetag.json
@@ -2,7 +2,7 @@
   "namespace": "ransomware",
   "expanded": "ransomware types and elements",
   "description": "Ransomware is used to define ransomware types and the elements that compose them.",
-  "version": 2.1,
+  "version": 3,
   "refs": [
     "https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-evolution-of-ransomware.pdf",
     "https://docs.apwg.org/ecrimeresearch/2018/5357083.pdf",