rule StorageCrypt_Encryptor meta: description = "Detects StorageCrypt ransomware binary" author = "ThreatIntel" date = "2025-01-15" strings: $a = "AES-256-CTR" fullword ascii $b = "snapshot_deleted" fullword ascii $c = "storagecrypt@onionmail.org" ascii $d = 53 54 52 59 // "STRY" magic header $e = "rsync --delete -avz /share/" ascii condition: ( $a and $b ) or ( $c and $d ) or ( $e and filesize < 5MB )
Price: 0.5 BTC (USD equivalent ~$15,000) Deadline: 72 hours – after which the private RSA key will be destroyed. storagecrypt