From 6d6da39da45dca7224eaa1c853743e42e89c734f Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Wed, 13 May 2020 11:58:33 +0200 Subject: [PATCH 1/2] add Snake Ransomware --- clusters/ransomware.json | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 9d50186..6da8281 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -13839,7 +13839,25 @@ }, "uuid": "575b2b3c-d762-4ba6-acbd-51ecdb57249f", "value": "CoronaVirus" + }, + { + "description": "", + "meta": { + "ransomnotes-filenames": [ + "Decrypt-Your-Files.txt" + ], + "ransomnotes-refs": [ + "https://www.bleepstatic.com/images/news/ransomware/s/SNAKE/may-2020-campaign/snake-ransom-note.jpg" + ], + "refs": [ + "https://www.cybersecurity-insiders.com/meet-the-snake-ransomware-which-encrypts-all-connected-devices/", + "https://www.tripwire.com/state-of-security/security-data-protection/massive-spike-in-snake-ransomware-activity-attributed-to-new-campaign/", + "https://www.bleepingcomputer.com/news/security/large-scale-snake-ransomware-campaign-targets-healthcare-more/" + ] + }, + "uuid": "e390e1bb-2af1-4139-8e61-6e534d707dfb", + "value": "Snake Ransomware" } ], - "version": 85 + "version": 86 } From b943a7dacaa7a09b787ca80f8ccc306fb3c30a90 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 15 May 2020 09:00:34 +0200 Subject: [PATCH 2/2] fix missing description --- clusters/ransomware.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 6da8281..cd8c91a 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -13841,7 +13841,7 @@ "value": "CoronaVirus" }, { - "description": "", + "description": "Snake ransomware first attracted the attention of malware analysts in January 2020 when they observed the crypto-malware family targeting entire corporate networks.\nShortly after this discovery, the threat quieted down. It produced few new detected infections in the wild for the next few months. That was until May 4, when ID Ransomware registered a sudden spike in submissions for the ransomware.", "meta": { "ransomnotes-filenames": [ "Decrypt-Your-Files.txt"