All of your files are encrypted!
Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome. Again. ===---
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension {EXT}.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/{UID}
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
{KEY}
=========Attention!!!=========
Also your private data was downloaded. We will publish it in case you will not get in touch with us asap.
==============================
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
sub
6946
svc
SSASTELEMETRY
"TeamViewer"
Altaro.UI.Service.exe
VeeamEndpointBackupSvc
MySQL
SQLTELEMETRY$MSGPMR
Altaro.SubAgent.N2.exe
VeeamTransportSvc
"StorageCraft Raw Agent"
AzureADConnectAuthenticationAgent
MSSQLTESTBACKUP02DEV
VeeamDeploymentService
kavfsscs
SQLAgent$MSGPMR
Altaro.OffsiteServer.Service.exe
TMBMServer
"Sophos MCS Client"
VeeamDeploySvc
"ProtectedStorage"
Altaro.Agent.exe
"SQLServer Reporting Services (MSSQLSERVER)"
LTSvcMon
MSSQL$MSGPMR
"Sage 100c Advanced 2017 (9917)"
VipreAAPSvc
KACHIPS906995744173948
KAVFS
MSSQLLaunchpad$SQLEXPRESS
MsDtsServer110
mfevtp
TmCCSF
"SophosFIM"
Altaro.OffsiteServer.UI.Service.exe
"ds_notifier"
"Sophos Clean Service"
MSSQL$SQLEXPRESSADV
Code42Service
msseces
ReportServer
ds_monitor
SQLWriter
SSISTELEMETRY130
AltiFTPUploader
MsDtsServer130
"SAVAdminService"
Amsp
AltiBack
mfewc
"Sage 100cloud Advanced 2020 (9920)"
MSSQL$HPWJA
"Sophos Safestore Service"
Altaro.SubAgent.exe
ds_notifier
"Sophos File Scanner Service"
MSSQLFDLauncher$TESTBACKUP02DEV
MSSQLServerOLAPService
MBAMService
ProtectedStorage
"SQLServer Analysis Services (MSSQLSERVER)"
ViprePPLSvc
ALTIVRM
AzureADConnectAgentUpdater
MSSQLFDLauncher$SQLEXPRESS
SQLEXPRESSADV
"Sophos Endpoint Defense Service"
Altaro.DedupService.exe
AzureADConnectHealthSyncInsights
AltiCTProxy
MSSQLFDLauncher
bedbg
HuntressAgent
tmlisten
SQLAgent$SQLEXPRESS
KAENDCHIPS906995744173948
psqlWGE
SQLBrowser
SQLSERVERAGENT
Altaro.HyperV.WAN.RemoteService.exe
BackupExecAgentAccelerator
ntrtscan
ds_agent
"Sophos Health Service"
sqlservr
HuntressUpdater
AUService
"swi_filter"
"ds_agent"
"Sophos Device Control Service"
Telemetryserver
TeamViewer
"Sage.NA.AT_AU.Service"
MSSQL$QM
mfemms
"Amsp"
"Sophos AutoUpdate Service"
"StorageCraft ImageReady"
"SQLServer Integration Services 12.0"
"Sophos MCS Agent"
"SntpService"
sophossps
"StorageCraft Shadow Copy Provider"
MsDtsServer120
AltiPhoneServ
MSSQL$SQLEXPRESS
"ThreadLocker"
ADSync
DsSvc
ThreadLocker
VeeamMountSvc
VeeamHvIntegrationSvc
SQLTELEMETRY$SQLEXPRESS
mysqld
McAfeeFramework
KaseyaAgent
"ds_monitor"
"swi_service"
LTService
VSS
sppsvc
KaseyaAgentEndpoint
"ofcservice"
masvc
"Sophos Web Control Service"
MSSQLSERVER
svcGenericHost
macmnsvc
Microsoft.exchange.store.worker.exe
MSSQLServerADHelper100
SBAMSvc
klnagent
"SAVService"
SQLTELEMETRY
ofcservice
"Sophos System Protection Service"
AzureADConnectHealthSyncMonitor
VeeamNFSSvc
Extracted
Path
C:\dm9w8q-readme.txt
Family
sodinokibi
Ransom Note
---=== Welcome. Again. ===---
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension dm9w8q.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/53AA01451C100B42
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/53AA01451C100B42
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
tZMuHfXYdFucqx6B5U2sU+RI5GVQxUMsE6+tJQISNo6ZHW5Onae1U2QqXnxGxkyp
3+p2ObhIqO+t3AIYI5SWptG92F+NOFw8hO/ELMlK4C+aT1UIocbeokwAptoxOUAu
rg/c3aAdbP33yKlyLzmmL/fk5BLr8QmfAzQZmjEIimfDDXuW1Wudp3hWgDP7VQ7J
c2UW3o5gilFxtsJHds6Fk9LtJIIsHEuqsDqZLCdCsTX5i+fa3GewZXVWiNWbBmwm
6YUfXAYamtmidgbd0xai9f+ZVDniV4i9RauVy8EnN7JRxM/RSScFCxCpn4cEmuSI
Tj355V8SdQzzex5p9RIfurrRc4iaVAbqr0+HGMyMdrzLKIOZWkmYpCbbbFKvW7rb
XDo5rQB8gW/92LdbrO9yRYbDVhU5nWYlZpPP8cSLN+Dc1mRLDG5Z5RUuWlfKCLuh
Kw7Rg71zyy1PHSlWiXvJp946QWf0qSrhevA5nDgDAvUYhE1ek8wWo0kHBDBRbbTR
vqwnYrz+Lk1QJSUOFlhkRv97XKbo8c+YrvT/QO8AGXELrtdkEWyYercNIcVvAVEZ
gF4ckhF9dt5Gj2S4Xp2rCd8O+J/oLW3/kRnCTqVYAkJd15iSiKMPdq5QIK7aUzkc
vrenHyW4K9kwvgq8Rhbzb6U1kSNhMAgnGo404Ppqj/gAtgZr3v2ez5CfMJdS9Me0
N4Ox40YtgpMMLXI6Dk9xS2x4ZLpk7BZgtwt1QyhICPXBfU1RtdCDnsO381HXOTQk
Wx/I6rLmp+Dizfvg3g1vGw5fEvCKdH1gQDXh3YPmLcQLd0hTQwpffysy+okCEi+j
N+kffvwrX2R0LHdineQ9Agcum42uY134QS4iwz/u5QvK5sFc8XLqEP83mrKCnSxS
X3B32UfeTHnABPZ+uIQ/HSq1k/ytA2Tm0jgojyDFzLIj+w5UZC/C5DNQdPEQ9G+M
dn7Zsbku18B6p8KjRQVaGuDYk00ML+zJiEY64ScNKW0VwA2AhDyhZeogtXfgQT8D
MtLfXC+Z9tEvx91l+cV1zRUNHJPCtZ6EDVwsVcvwZcesZQrD+ZnHlpfQuwStS/2W
27NJ5toxVP9Un+qKOVSjHzpsNPbKgLbYNa724yL972cWdGZW36kUhOjDS2SfNmgh
MlKJ9xO7h32EPJQyJ5oyGE3eHQPNpL4IyJs3n/ZkPX8xJdnqBDbMQ1q4MrcH7GqU
Vd9Du5TT7RGHT9SLTLH5kYwpH71Dtsymk4S5SJmN/QKKQw1vssnN8uHsyZ7Ajwdm
ODHy1fBb
=========Attention!!!=========
Also your private data was downloaded. We will publish it in case you will not get in touch with us asap.
==============================
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
