diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 5f131ab..e72b716 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -9326,12 +9326,26 @@ "DONTSLIP" ] } + }, + { + "value": "Qwerty Ransomware", + "description": "A new ransomware has been discovered that utilizes the legitimate GnuPG, or GPG, encryption program to encrypt a victim's files. Currently in the wild, this ransomware is called Qwerty Ransomware and will encrypt a victims files, overwrite the originals, and the append the .qwerty extension to an encrypted file's name.", + "meta": { + "refs": [ + "https://www.bleepingcomputer.com/news/security/qwerty-ransomware-utilizes-gnupg-to-encrypt-a-victims-files/" + ], + "ransomnotes": [ + "Your computer is encrypted . Mail cryz1@protonmail.com . Send your ID 5612.\nNote! You have only 72 hours for write on e-mail (see below) or all your files will be lost!", + "README_DECRYPT.txt" + ] + }, + "uuid": "15c370c0-2799-11e8-a959-57cdcd57e3bf" } ], "source": "Various", "uuid": "10cf658b-5d32-4c4b-bb32-61760a640372", "name": "Ransomware", - "version": 6, + "version": 7, "type": "ransomware", "description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar" }