All of your files are encrypted!
Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension {EXT}
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/{UID}
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
{KEY}
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
sub
7441
svc
mepocs
sophos
memtas
backup
veeam
vss
svc$
sql
Extracted
Path
C:\k8n5d2s8t3-readme.txt
Ransom Note
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension k8n5d2s8t3
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/E6449F08685668F3
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/E6449F08685668F3
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
KRxvteW0uQXY4IMsG3cWSN0iDtcVv2c89boAplpFhcqUii8yLFHVAMy4xAfAsXUx
eQoie0QsI4QE4JgGPxT7SgyaIx9p9KlgMa+FWzOOSlI7Mkncu37beKMEKNDghJG7
w+WixlltqBPNUW0VyQcqgp5VPtGT+KSLSq5YGNavjii4ZPr9Sodi6QpTUa+PkRAC
9ugHHNg5S9FetXlNBCaf/ryLVPR7VGdtQwFNHfU+uaIkSjwafxqD1lAg9WObngaj
pq0h9MlGbJc+Rp8jWRm/ZDvo81UBvjeYCkRPh7MjttPAvXJwETO/TAiSL3LUEgXX
X2wIf7F/nZGaZnloBQGRcM6CnKADV3wQjjE6TkSnu8tVRtHijayiw3yU1OmXehON
Uaj3zJ2xRMmk3dOZ+/OB/bkuncvZCp/eJZZxKx30kqu0nx4m1Tb7FUoVrrmvWgo/
mMSAWTf4IVHUcq7fXjMR5cmq+3Q/Dkirvm2YUyORZUTJBT7NjuiJfp3A1S83KlVb
TsjNmX1AsL3CrwKS2Gul/45Yt4aRYQ4kQiZ4gMp55qoQ7MP8Y4A3PPNW7rtsjmoP
9M3d8bBxHrdYgedMmgS/4C/j4JBg2ahAW5MF1l1diuQ453wjTtlQvnjzCFpCFaCB
6IVrT5SnUwSeKD634GCKDziBfxJeCWJLkrdNvovbikcWYbxzNMduqBLt5lKBzQsE
S0HdHrh9AkeFNfRlH3VQQe73nElncNHhsH7E4e0Q9zNZ187+OQC1bgzQW1VT4z1c
afOR61Y45RU9hQJMgma30JTn3zrn2OL606hNtFIc2RoIeno2LRmHf/rG7rmqVoa+
zYEJ+KgbYfvTJYmyOrCfgmb5Mk6WwG8nCu8bDsdL8J77Nz8VIZEvXJUTs0nGsvS+
ZjRfbXKnaZYoqMjrE/9CYUrQYM6IMrva6vJF8FyQyIHORAjTugLbXp31T54JIPtK
Uda3Hv/84gbMrKkNrLW6ZhLxFb84FlWWh+IbK/GNfIZoBVWUh2cR/ZdF5pZ2GzK7
tp7Fl00SpqHRrdOwpHmYZVo71OMZ5I4MnV44QnedKZVU+eKPnpg2jCqVT2wL0fWC
KXwtW60WNu0RWi431LpNgL1i+xNRhSEmEHBu01fXoEm5N4ljd4P+448qA8kl0ocH
m4xkQU7ZNuIQTRmuOdR6l8RPipUgZQ54PmrS1gOFoWb5bM1uvaGCPNylCM2bPFa0
i5QxyIsoqbmfxSGXoOkmim29fMTsoad3FehwQRr+3ognOV3gAODDt3lGEbevRG/v
Pl/MPSXEXmU1AyzMqaM=
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
