diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 0b4d225..b8ed7ad 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -9606,12 +9606,32 @@ ] }, "uuid": "ef094aa6-4465-11e8-81ce-739cce28650b" + }, + { + "meta": { + "date": "April 2018", + "encryption": "AES+RSA", + "refs": [ + "https://sensorstechforum.com/nmcrypt-files-ransomware-virus-remove-restore-data/", + "https://www.enigmasoftware.com/nmcryptansomware-removal/" + ], + "extensions": [ + ".NMCRYPT" + ], + "ransomnotes": [ + "Encrypted files! All your files are encrypted. Using AES256-bit encryption and RSA-2048-bit encryption. Making it impossible to recover files without the correct private key. If you are interested in getting is the key and recover your files You should proceed with the following steps. The only way to decrypt your files safely is to buy the Descrypt and Private Key software. Any attempts to restore your files with the third-party software will be fatal for your files! Important use Firefox or Chrome browser To proceed with the purchase you must access one of the link below https://lylh3uqyzay3lhrd.onion.to/ https://lylh3uqyzay3lhrd.onion.link/ If neither of the links is online for a long period of time, there is another way to open it, you should install the Tor Browser...", + "https://sensorstechforum.com/wp-content/uploads/2018/04/stf-NMCRYPT-ransomware-virus-ransom-note-tor-onion-network-page-768x827.png" + ] + }, + "description": "The NMCRYPT Ransomware is a generic file encryption Trojan that was detected in the middle of April 2018. The NMCRYPT Ransomware is a file encoder Trojan that is designed to make data unreadable and convince users to pay a fee for unlocking content on the infected computers. The NMCRYPT Ransomware is nearly identical to hundreds of variants of the HiddenTear open-source ransomware and compromised users are unable to use the Shadow Volume snapshots made by Windows to recover. Unfortunately, the NMCRYPT Ransomware disables the native recovery features on Windows, and you need third-party applications to rebuild your data.", + "value": "NMCRYPT Ransomware", + "uuid": "bd71be69-fb8c-4b1f-9d96-993ab23d5f2b" } ], "source": "Various", "uuid": "10cf658b-5d32-4c4b-bb32-61760a640372", "name": "Ransomware", - "version": 17, + "version": 18, "type": "ransomware", "description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar" }