diff --git a/clusters/ransomware.json b/clusters/ransomware.json index cc2a759..04866a6 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -4014,12 +4014,29 @@ }, "description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. After the files are decrypted, the shadow files are deleted using the following command: vssadmin.exe Delete Shadows /All /Quiet", "value": "Erebus Ransomware" + }, + { + "meta": { + "synonyms": [ + "WannaCrypt", + "WannaCry", + "WanaCrypt0r", + "WCrypt", + "WCRY" + ], + "refs": [ + "https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168" + ], + "date": "May 2017" + }, + "description": "According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 different languages. The latest version of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly over several hours, with initial reports beginning around 4:00 AM EDT, May 12, 2017. Open-source reporting indicates a requested ransom of .1781 bitcoins, roughly $300 U.S.", + "value": "WannaCry" } ], "source": "Various", "uuid": "10cf658b-5d32-4c4b-bb32-61760a640372", "name": "Ransomware", - "version": 1, + "version": 2, "type": "ransomware", "description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar" }