diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index c2dcb57..0805fe8 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -13752,7 +13752,25 @@
       ],
       "uuid": "42148074-196b-4f8c-b149-12163fc385fa",
       "value": "Wadhrama"
+    },
+    {
+      "description": "Mespinoza ransomware is used at least since october 2018. First versions used the common extension \".locked\". SInce december 2019 a new version in open sourced and documented, this new version uses the \".pyza\" extension.",
+      "meta": {
+        "extensions": [
+          ".pyza",
+          ".locked"
+        ],
+        "refs": [
+          "https://www.cert.ssi.gouv.fr/cti/CERTFR-2020-CTI-002/",
+          "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-002.pdf"
+        ],
+        "synonyms": [
+          "Pyza"
+        ]
+      },
+      "uuid": "deed3c10-93b6-41b9-b150-f4dd1b665d87",
+      "value": "Mespinoza"
     }
   ],
-  "version": 83
+  "version": 84
 }