Merge pull request #156 from Delta-Sierra/master

complete gandcrab - add ransomnotes
2024-12-03 12:17:20 +00:00 · 2018-02-19 16:53:04 +01:00 · 2018-02-19 16:53:04 +01:00 · 84afc21d2f
commit 84afc21d2f
parent d7452595c9 aa9fe74596
1 changed files with 4 additions and 0 deletions
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@ -8716,6 +8716,10 @@
        "refs": [
          "https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-distributed-by-exploit-kits-appends-gdcb-extension/",
          "https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-being-distributed-via-malspam-disguised-as-receipts/"
+        ],
+        "ransomnotes": [
+          "GDCB-DECRYPT.txt",
+          "---= GANDCRAB =---\n\nAttention!\nAll your files documents, photos, databases and other important files are encrypted and have the extension: .GDCB \nThe only method of recovering files is to purchase a private key. It is on our server and only we can recover your files.\nThe server with your key is in a closed network TOR. You can get there by the following ways:\n1. Download Tor browser - https://www.torproject.org/\n2. Install Tor browser\n3. Open Tor Browser\n4. Open link in tor browser:http://gdcbghvjyqy7jclk.onion/[id]\n5. Follow the instructions on this page\n\nIf Tor/Tor browser is locked in your country or you can not install it, open one of the following links in your regular browser:\n1. http://gdcbghvjyqy7jclk.onion.top/[id]\n2. http://gdcbghvjyqy7jclk.onion.casa/[id]\n3. http://gdcbghvjyqy7jclk.onion.guide/[id]\n4. http://gdcbghvjyqy7jclk.onion.rip/[id]\n5. http://gdcbghvjyqy7jclk.onion.plus/[id]\n\nOn our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.\n\nDANGEROUS!\nDo not try to modify files or use your own private key - this will result in the loss of your data forever!"
        ]
      }
    }