From 3291db17dad748487af178ee7dfdcecdeac0e152 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Mon, 18 Jul 2022 12:43:54 +0200
Subject: [PATCH] Update file_rename_win_ransomware.yml

---
 rules/windows/file_rename/file_rename_win_ransomware.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rules/windows/file_rename/file_rename_win_ransomware.yml b/rules/windows/file_rename/file_rename_win_ransomware.yml
index ae8b4f9bf..aff685a23 100644
--- a/rules/windows/file_rename/file_rename_win_ransomware.yml
+++ b/rules/windows/file_rename/file_rename_win_ransomware.yml
@@ -16,11 +16,13 @@ detection:
             - '.rtf'
             - '.pst'
             - '.docx'
+            - '.jpg'
         TargetFilename|contains: 
             - '.lnk.'
             - '.rtf.'
             - '.pst.'
             - '.docx.'
+            - '.jpg.'
     filter:
         TargetFilename|endswith:
             - '.tmp'