From 37a0b96a7b2e2282126da64b6b1a0815b42d7901 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Thu, 15 Mar 2018 10:40:34 +0100
Subject: [PATCH] add qwertyransomware

---
 clusters/ransomware.json | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 5f131ab..1992255 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -9325,13 +9325,27 @@
           "Vagger",
           "DONTSLIP"
         ]
-      }
+      },
+    },
+    {
+      "value": "Qwerty Ransomware",
+      "description": "A new ransomware has been discovered that utilizes the legitimate GnuPG, or GPG, encryption program to encrypt a victim's files.  Currently in the wild, this ransomware is called Qwerty Ransomware and will encrypt a victims files, overwrite the originals, and the append the .qwerty extension to an encrypted file's name.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/qwerty-ransomware-utilizes-gnupg-to-encrypt-a-victims-files/"
+        ],
+        "ransomnotes": [
+          "Your computer is encrypted . Mail cryz1@protonmail.com . Send your ID 5612.\nNote! You have only 72 hours for write on e-mail (see below) or all your files will be lost!",
+          "README_DECRYPT.txt"
+        ]
+      },
+      "uuid": "15c370c0-2799-11e8-a959-57cdcd57e3bf"
     }
   ],
   "source": "Various",
   "uuid": "10cf658b-5d32-4c4b-bb32-61760a640372",
   "name": "Ransomware",
-  "version": 6,
+  "version": 7,
   "type": "ransomware",
   "description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar"
 }