All of your files are encrypted!
Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension {EXT}
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/{UID}
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
{KEY}
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
sub
7528
svc
memtas
vss
sql
sophos
svc$
veeam
backup
mepocs
Extracted
Path
C:\z98jz35np-readme.txt
Ransom Note
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension z98jz35np
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2FC39F2BD6758A12
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/2FC39F2BD6758A12
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
EGaPT79LywfyMnULjRbPygdYXnjgUtbauz7zys2LVIdxo/wks/+HbiiBlA85rN2n
SrtHQua98/9FwK/wl+Zr7UbXd34kSDEWA8HAx6BcwSiwvoweNT2y/3FedR+s3jAC
sKMYDrDxn7Y1wt1D7VmbUOtQ40AHCsswtrnuLNp+w++97VZJRygl2BHkDwOgMvnZ
Oe1EFR1Rvmh8VYsnIt+RWjkdeRcgWcq0Ue1n7xB199W14KVZLCiXcP8H+ixfVISE
05R9kVqpsILr85tm70FAWRMxntFA3Z11yl5QDUvYF7njoDuAoWhF0LvSRy1HyntM
tm+1nJabsCNi7QOxx8UF4jU3FjzLgDRrjR9CquphEftAoqNp0I3jAtzN0Jhyr6AI
CBDdlNgbrE2a0V/FoxcNpJyvXMaPC92k6EtYAt+gp2gpB+QG1UezhHvVyCqGMY1w
pEXRcMWUr0IoTZkSDyCPniX+GIEbH4dtg+RzithF0sfu2RnXhcc/wdQlgFdZjk61
ojW6TWB57KvdRGClAejPbRraCfc6U/sjRASpQ8ZCBmIb20/nrry4YvklsHv0Njrc
ykXQosB6ll4rBeAVuti7iaTUbp/C0O3dVkKQLmTStdE/qsdv0rTkBW5fX9ANEhEn
cWIYc/W+5MaM9VhuPz5FCan2unlrDvmPgmX9Ax7qCVcnE2/oZjE9aVmgNCHrYimr
QR7V3UWSXRIe5Kv1LS11+eZIebchEyq4fhgaNh8/NW/oTlt3tjWj7DKpotDvifSy
UXxIM5WKwgA+tsLDQPEjtRAppPq3CwsXrkmikjqaJyZaQHheDGwGPNwJwrNs5Q9g
BcWE9CegLWsJhOiLb+w6GzFbnJSaoxKY+xs/ImXhKgHuqoRk01TAId8Jn/aRwImr
9jvtPDogAxns2JjTtQSUjGzK1+OcVLojSRMZopkeXZzsaIo4oDm+UhVe3T9k3Cqg
E5xVRYL8+SMsPnNeUq5eCDM5ldPUboet39NSt4yVM5+o3OC/3nx1dxtD+2k6Bwbj
iJrU4wUcp8diqulJ1A+MNn5H5AQqoXj4dl8q2QmDKNkqL7TA4B6DmtgKzSrnZdeD
Z1CqElJwGJ2AoTx/rJhhB226CIWKMePioYtKFocfBSyyhgP0EHGDEuDwtspWiYfe
ErU1mkXmxC6sarcQIPvjGJFm/2vNs30QvScaX5yMQkWybco5M7uiYdyp+n0nnvv1
KplHS6UNGNj3TFupMc2GLnbiWqnKUxWG8ch+kcvu7BvpaCyXDcOjQuS4qX0i3MH9
mt1t63R8QuXcu+vY
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
