All of your files are encrypted!
Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome. Again. ===---
[+] Whats Happen? [+]
Hi there! We wish you to have a good day during these difficult times! We have to notify you that we have completed the downloading all sensitive data, including personal data about your clients, projects, databases, reports etc. Ask us - we will provide you with proofs. We will public all the data in case you refuse to pay.
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension {EXT}.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). In your interests to contact with us ASAP. Otherwise all your valuable information will be published and sold. Believe us, it's gonna cause way more expenses, than the price we ask.
[+] What guarantees? [+]
It's just a business. We absolutely do not care about you and your deals, besides receiving advantages. If we do not make our work and obligations - no one will cooperate with us. This is not in our interests.
To check the ability to return files, you must go to our website. There you can decrypt one file for free. This is our warranty.
If you do not cooperate with our service - for us, it does not matter. But you lose your time and data, because we have a private key. In practice - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/{UID}
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
{KEY}
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
[+] Attention!!! [+]
Also your private data was downloaded.
We will publish it in case you will not get in touch with us asap.
sub
7220
svc
SAVService
azurea
SSISTELEMETRY130
Telemetryserver
ADSync
KACHIPS906995744173948
ssistelemetry
TeamViewer
masvc
AUService
MSSQL$QM
StorageCraft
sophos
swi_service
MSSQLLaunchpad$SQLEXPRESS
McAfeeFramework
VSS
MSSQLServerOLAPService
AzureADConnectHealthSyncInsights
MsDtsServer110
mfemms
MSSQLFDLauncher
DsSvc
klnagent
Altaro.Agent.exe
Altaro.DedupService.exe
Altaro.UI.Service.exe
HuntressAgent
SSASTELEMETRY
ProtectedStorage
ds_notifier
MSSQL$SQLEXPRESS
Amsp
SAVAdminService
kaendchips
VeeamHvIntegrationSvc
sqlservr
ofcservice
bedbg
veeam
MBAMService
ReportServer
mysqld
Microsoft.exchange.store.worker.exe
msseces
tmlisten
AzureADConnectAgentUpdater
ViprePPLSvc
ds_agent
KAVFS
MySQL
AzureADConnectHealthSyncMonitor
AltiFTPUploader
Altaro.OffsiteServer.UI.Service.exe
SQLTELEMETRY
VeeamTransportSvc
mfewc
SntpService
macmnsvc
psqlWGE
SophosFIM
HuntressUpdater
svcGenericHost
KaseyaAgentEndpoint
SBAMSvc
kavfsscs
LTService
MSSQLFDLauncher$SQLEXPRESS
backup
TmCCSF
SQLAgent$MSGPMR
VeeamNFSSvc
msdtsserver
ntrtscan
AltiBack
MSSQL$SQLEXPRESSADV
SQLTELEMETRY$MSGPMR
AltiPhoneServ
MSSQLFDLauncher$TESTBACKUP02DEV
swi_filter
mfevtp
ThreadLocker
Altaro.HyperV.WAN.RemoteService.exe
altaro
sppsvc
VeeamMountSvc
VeeamDeploySvc
Code42Service
SQL
KAENDCHIPS906995744173948
mepocs
VipreAAPSvc
MSSQLTESTBACKUP02DEV
Altaro.OffsiteServer.Service.exe
MSSQL$HPWJA
BackupExecAgentAccelerator
Altaro.SubAgent.N2.exe
Altaro.SubAgent.exe
AltiCTProxy
LTSvcMon
mcafee
memtas
MsDtsServer120
AzureADConnectAuthenticationAgent
TMBMServer
SQLEXPRESSADV
VeeamEndpointBackupSvc
Sage.NA.AT_AU.Service
VeeamDeploymentService
sophossps
ds_monitor
KaseyaAgent
SQLAgent$SQLEXPRESS
MSSQL$MSGPMR
MSSQLServerADHelper100
SQLTELEMETRY$SQLEXPRESS
ALTIVRM
MsDtsServer130
Extracted
Path
C:\g99di8-readme.txt
Family
sodinokibi
Ransom Note
---=== Welcome. Again. ===---
[+] Whats Happen? [+]
Hi there! We wish you to have a good day during these difficult times! We have to notify you that we have completed the downloading all sensitive data, including personal data about your clients, projects, databases, reports etc. Ask us - we will provide you with proofs. We will public all the data in case you refuse to pay.
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension g99di8.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). In your interests to contact with us ASAP. Otherwise all your valuable information will be published and sold. Believe us, it's gonna cause way more expenses, than the price we ask.
[+] What guarantees? [+]
It's just a business. We absolutely do not care about you and your deals, besides receiving advantages. If we do not make our work and obligations - no one will cooperate with us. This is not in our interests.
To check the ability to return files, you must go to our website. There you can decrypt one file for free. This is our warranty.
If you do not cooperate with our service - for us, it does not matter. But you lose your time and data, because we have a private key. In practice - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/41A3A66B16B916B6
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/41A3A66B16B916B6
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
i1lqbv6nk8iYIUfjEMY3TkiaUT6LSYT9N/lTxf/914XPTDlqnGucbdrIZ5s91bmK
7iB7EpZ30brlN6SQvQg1/F45x7CPIYQ2yH1iAfhNLO+P7L0lPAj989duQo+z8OuQ
/n/7Urj8W7zPfhIvMMxiOoQCZZwqxlpQZ2amMHlUvzmSJLVjgQbRz4wAN7H3YMpg
OlxtM8Ju8jFQrLGZDFWO2U8oNy6O9nctv+6VRI4wofEt3W2i9kbUVtR6c3bD+dwJ
ktUTdbY/iiykyuArEJ7ezjzuEbG3y8PTiUdKFhupf5YsyXe02tn0bAxTT0CuwQo5
18jv36wiYyaayH2PafZ+bObhbbpIOaHBOvwPfg1R7ix3M+4VqIkz4I/4c6cvU6GV
dFpcM4YVDOc57weRCtQWAPqfOVgbcWmPcu30Bv5Qq51iRvZ1kFoqcnR0K5G/CsBd
r7EgDm2eA6bXd6fDRKVSwcIFP19eCl5qz9xRFIj8NnwDChUVlHbbs25lYcJzDR9v
+5VS1nMqLj/HpemrdWkrmr5+2PK45Pd4GXvdSOfdiM/AxCbUlU4ckCNoVuXRDtxb
0SvrLi/TbQ3o/SuY1R6XavbWvzTkIMEnehUC7ri8Yu1ZsDM2VL9pp2kGPJAfPpng
Gku65t8HUGp1YMg5wHdtpnh0K6ldsvrH1p+pVzzbE4sX31hD8A1Rdoyit5TXUfCR
ijo7EAAXhjzBDGbscnqooesSFrIvFYS+IOZPj5avYTiitp1asie5bOTtx/XSTxnb
e/lJ/yV6mjdW3Jiqp2P4kv2Ucfw4XkEzxOK1fwx8yiv/9R0DYPs5PdN3zOwJxw+C
fIN2xnKb7N0P5zndtVVjFATTdAncQttnOiHG9uAO9IsXAzkYDlXYsuSjw7rTsMLp
OKtnd27nS37yycZeCJPScpnNGvKDl+FAg6jzNoS7YvCoM7LB0aJoF+8ZNtxEkW/X
+T0DgL6bEKz04vOEAr27Qb4CTM3C8TMUkHNlPbR4IVeL1L1ufrsQjqOvmD4CrJQH
d17Y8qFdGBsfvgfysTl+erE3EpwpBhkSPlyZvWcA5KxtROeEPzf51t9ke7efbT5v
aoqACype4XfoCoRI9IUeZpUMWHivGDc5GDY/38yPuM8zVsAIbUuWACcOTUP91b8J
EviwLG9T/GcOAGXHj9byFlY2OQzoiq37kq/VWQhgiKYJS+dOLvwtMoZdSNOtjBCT
+fGBbO46zGtHnWsNcqGOSvnXwvGXvPc4NXH8GpV/4jISQ1rDcLkV47t+wTk5Uo9i
u1VDws47
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
[+] Attention!!! [+]
Also your private data was downloaded.
We will publish it in case you will not get in touch with us asap.
