add ransomwares

This commit is contained in:
Deborah Servili 2018-10-31 14:52:40 +01:00
parent e6b1eec329
commit ad07b70a03
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1

View file

@ -11107,7 +11107,43 @@
},
"uuid": "76bfb132-cc70-11e8-8623-bb3f209be6c9",
"value": "SAVEfiles"
},
{
"description": "The File-Locker Ransomware is a Hidden Tear variant that is targeting victims in Korea. When victim's are infected it will leave a ransom requesting 50,000 Won, or approximately 50 USD, to get the files back. This ransomware uses AES encryption with a static password of \"dnwls07193147\", so it is easily decryptable.",
"meta": {
"extensions": [
".locked"
],
"ransomnotes": [
"Warning!!!!!!.txt",
"https://www.bleepstatic.com/images/news/ransomware/f/file-locker/ransom-note%20-%20Copy.jpg",
"한국어: 경고!!! 모든 문서, 사진, 데이테베이스 및 기타 중요한 파일이 암호화되었습니다!!\n당신은 돈을 지불해야 합니다\n비트코인 5만원을 fasfry2323@naver.com로 보내십시오 비트코인 지불코드: 1F1tAaz5x1HUXrCNLbtMDqcw6o5GNn4xqX 결제 사이트 http://www.localbitcoins.com/ \nEnglish: Warning!!! All your documents, photos, databases and other important personal files were encrypted!!\nYou have to pay for it.\nSend fifty thousand won to fasfry2323@naver.com Bitcoin payment code: 1BoatSLRHtKNngkdXEeobR76b53LETtpyT Payment site http://www.localbitcoins.com/"
],
"refs": [
"https://www.bleepingcomputer.com/news/security/file-locker-ransomware-targets-korean-victims-and-asks-for-50k-won/"
]
},
"uuid": "c06a1938-dcee-11e8-bc74-474b0080f0e5",
"value": "File-Locker"
},
{
"description": "A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the victim's files.",
"meta": {
"extensions": [
".[old@nuke.africa].CommonRansom"
],
"ransomnotes": [
"DECRYPTING.txt",
"https://www.bleepstatic.com/images/news/ransomware/c/CommonRansom/ransom-note.jpg",
"+-----------------------+\n¦----+CommonRansom+-----¦\n+-----------------------+\nHello dear friend,\nYour files were encrypted!\nYou have only 12 hours to decrypt it\nIn case of no answer our team will delete your decryption password\nWrite back to our e-mail: old@nuke.africa\n\n\nIn your message you have to write:\n1. This ID-[VICTIM_ID]\n2. [IP_ADDRESS]:PORT(rdp) of infected machine\n3. Username:Password with admin rights\n4. Time when you have paid 0.1 btc to this bitcoin wallet:\n35M1ZJhTaTi4iduUfZeNA75iByjoQ9ibgF\n\n\nAfter payment our team will decrypt your files immediatly\n\n\nFree decryption as guarantee:\n1. File must be less than 10MB\n2. Only .txt or .lnk files, no databases\n3. Only 5 files\n\n\nHow to obtain bitcoin:\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\nhttps://localbitcoins.com/buy_bitcoins\nAlso you can find other places to buy Bitcoins and beginners guide here:\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/"
],
"refs": [
"https://www.bleepingcomputer.com/news/security/commonransom-ransomware-demands-rdp-access-to-decrypt-files/"
]
},
"uuid": "c0dffb94-dcee-11e8-81b9-3791d1c6638f",
"value": "CommonRansom"
}
],
"version": 39
"version": 40
}