Description
Ransomware family generally distributed through RDP bruteforce attacks.
d85188c58acb395ae88ad2be1f48044090eb03f125c97692c20787b933bbbd1a.bin
2MB
210317-6vkqva8c6a
1a2978ce842c0d4c2fc309801cbbcabb
45adb2e2ee26e9221b76e71180dc955b7c9eff70
d85188c58acb395ae88ad2be1f48044090eb03f125c97692c20787b933bbbd1a
5cefd6c89153259835cdd0e4be1c68bf61ccf25c63c8a2bcf78e0bcbde354ca588e39e06699820ca4da488f3e69a14e04f89d25cd1be6c01c80fb210f9da23ac
Path | C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\HOW TO RESTORE YOUR FILES.TXT |
Ransom Note |
Hello! All your files are encrypted and only we can decrypt them.
Contact us: legalrestore@airmail.cc or master1restore@cock.li
Write us if you want to return your files - we can do it very quickly!
The header of letter must contain extension of encrypted files.
We always reply within 24 hours. If not - check spam folder, resend your letter or try send letter from another email service (like protonmail.com).
Attention!
Do not rename or edit encrypted files: you may have permanent data loss.
Do not edit or delete any virtual machines files
To prove that we can recover your files, we am ready to decrypt any three files (less than 1Mb) for free (except databases, Excel and backups).
HURRY UP!
If you do not email us in the next 48 hours then your data may be lost permanently.
|
Emails |
legalrestore@airmail.cc master1restore@cock.li |
d85188c58acb395ae88ad2be1f48044090eb03f125c97692c20787b933bbbd1a.bin
1a2978ce842c0d4c2fc309801cbbcabb
2MB
45adb2e2ee26e9221b76e71180dc955b7c9eff70
d85188c58acb395ae88ad2be1f48044090eb03f125c97692c20787b933bbbd1a
5cefd6c89153259835cdd0e4be1c68bf61ccf25c63c8a2bcf78e0bcbde354ca588e39e06699820ca4da488f3e69a14e04f89d25cd1be6c01c80fb210f9da23ac
Ransomware family generally distributed through RDP bruteforce attacks.
Ransomware often targets backup files to inhibit system recovery.
Ransomware generally changes the extension on encrypted files.
Detects executables packed with UPX/modified UPX open source packer.
Infostealers often target stored browser data, which can include saved credentials etc.