mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
Merge pull request #517 from Delta-Sierra/master
update ransomware galaxy
This commit is contained in:
commit
cf5830f579
1 changed files with 25 additions and 2 deletions
|
@ -13626,7 +13626,8 @@
|
|||
"meta": {
|
||||
"extensions": [
|
||||
".CIop",
|
||||
".Clop"
|
||||
".Clop",
|
||||
".Ciop"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-001.pdf"
|
||||
|
@ -13709,7 +13710,29 @@
|
|||
},
|
||||
"uuid": "05d5263f-ec23-4279-bb98-55fc233d7e89",
|
||||
"value": "Bart ransomware"
|
||||
},
|
||||
{
|
||||
"description": "Razor was discovered by dnwls0719, it is a part of Garrantydecrypt ransomware family. Like many other programs of this type, Razor is designed to encrypt files (make them unusable/inaccessible), change their filenames, create a ransom note and change victim's desktop wallpaper. Razor renames files by appending the \".razor\" extension to their filenames. For example, it renames \"1.jpg\" to \"1.jpg.razor\", and so on. It creates a ransom note which is a text file named \"#RECOVERY#.txt\", this file contains instructions on how to contact Razor's developers (cyber criminals) and other details.\nAs stated in the \"#RECOVERY#.txt\" file, this ransomware encrypts all files and information about how to purchase a decryption tool can be received by contacting Razor's developers. Victims supposed to contact them via razor2020@protonmail.ch, Jabber client (razor2020@jxmpp.jp) or ICQ client (@razor2020) and wait for further instructions. It is very likely that they will name a price of a decryption tool and/or key and provide cryptocurrency wallet's address that should be used to make a transaction. However, it is never a good idea to trust (pay) any cyber criminals/ransomware developers. It is common that they do not provide decryption tools even after a payment. Another problem is that ransomware-type programs encrypt files with strong encryption algorithms and their developers are the only ones who have tools that can decrypt files encrypted by their ransomware. In most cases victims have the only free and safe option: to restore files from a backup. Also, it is worth mentioning that files remain encrypted even after uninstallation of ransomware, its removal only prevents it from causing further encryptions.",
|
||||
"meta": {
|
||||
"extensions": [
|
||||
".razor"
|
||||
],
|
||||
"ransomnotes": [
|
||||
"All your files have been ENCRYPTED!!!\nWrite to our email: \n razor2020@protonmail.ch\n ICQ:\n @razor2020\n Or contact us via jabber:\n razor2020@jxmpp.jp\nJabber (Pidgin) client installation instructions, you can find on youtube - hxxps://www.youtube.com/results?search_query=pidgin+jabber+install\nAttention!\nDo not rename encrypted files.\nDo not try to decrypt your data using third party software, it may cause permanent data loss.\ntell your unique ID"
|
||||
],
|
||||
"ransomnotes-filenames": [
|
||||
"#RECOVERY#.txt"
|
||||
],
|
||||
"ransomnotes-refs": [
|
||||
"https://www.pcrisk.com/images/stories/screenshots202002/razor-ransom-note.jpg"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.pcrisk.com/removal-guides/17016-razor-ransomware"
|
||||
]
|
||||
},
|
||||
"uuid": "ea35282c-0686-4115-a001-bc4203549418",
|
||||
"value": "Razor"
|
||||
}
|
||||
],
|
||||
"version": 80
|
||||
"version": 82
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue