All of your files are encrypted!
Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome. ===---
Merry Christmas and Happy Holidays everyone!
You have a great opportunity to enter the new year, leaving all the bad in the outgoing year.
I advise you to write to us as soon as possible and not waste your precious time that you can spend with your family.
With our decryptors recovery will take you the least time, without us you will have a very hard time and some of your files will not be recovered never.
The longer you think, the harder it will be for us to negotiate with you .
Waiting for your dialogues in our chat, below you can get acquainted with what happened.
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension {EXT}.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decryptor.top/{UID}
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
{KEY}
Extension name:
{EXT}
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
For google: Revil/Sodinokibi
sub
2361
svc
sophos
veeam
vss
AcronisAgent
BackupExecJobEngine
AcrSch2Svc
BackupExecManagementService
BackupExecVSSProvider
mepocs
stc_raw_agent
bedbg
MSExchange$
MSExchange
MVArmor
CAARCUpdateSvc
memtas
MSSQL$
BackupExecAgentBrowser
PDVFSService
WSBExchange
sql
ARSM
svc$
VeeamNFSSvc
BackupExecRPCService
CASAD2DWebSvc
VeeamTransportSvc
VeeamDeploymentService
backup
MVarmor64
BackupExecAgentAccelerator
BackupExecDiveciMediaService
VSNAPVSS
MSSQL
Extracted
Path
C:\i9gww0t2b-readme.txt
Ransom Note
---=== Welcome. ===---
Merry Christmas and Happy Holidays everyone!
You have a great opportunity to enter the new year, leaving all the bad in the outgoing year.
I advise you to write to us as soon as possible and not waste your precious time that you can spend with your family.
With our decryptors recovery will take you the least time, without us you will have a very hard time and some of your files will not be recovered never.
The longer you think, the harder it will be for us to negotiate with you .
Waiting for your dialogues in our chat, below you can get acquainted with what happened.
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension i9gww0t2b.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F40AD04A4401D40A
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decryptor.top/F40AD04A4401D40A
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
L+KM4smtn8VQMY5Zsf/dujkJQmTUw54EtUJ05ARZAT5DBVTI+w1MCSmtHSTk/igH
cx8PsLYH9iV3GQfso/Czz62ZlOdJWfCQevFgR0ZO2ABaXRJ4OzsT0zE+RWY//De4
nn6rqEOgkwruB2H5pcqVBdlOMluJJib15yQ3uXvgl6UOOrFEkOpdmlKbIrw9u1cK
jLmQbgJQZ24zfIMJZQhPkrwKMf7YayohTcAvae/pmYOfqBByPIaGLpvYrF5aal72
F1BRn949x2xj9wV6a0VDK3KwXBSFMchUkzH5yPf42lBzm6zHJ94SelhVIbbIM4rp
SIXnWcTf92SaM9Xtaj+1R56eFM9dZ0jrxnlpUkS/WCWUWXoBxg44ImquIxIPWBuF
TRXVAwN2so+watPKGZ93reTS7F86udFTHWz8ZXYdOst+nWN05ckCkuDrGeos7Bll
weI7qxl/JjbsZKV5ljvkif6QhukD7e37cq3z1/K+pHOzsV0b/Pf/1RUAfP6K0Lo6
PHtuMoMQ+b/brH+T7Tb10DqY+IBR3IeTE90VgB9m/twHs+xrUEQhYal5lFLQ3B1y
TPamYQxUIn5eemdGycsjl8f2AYilkgOQQYQdATrVmEnKN0aDIL+u7UmXeL/rE8bX
qyYLwj44P5eBB7nyLO1FZJJwuo8fv0gK93VPgYLjFMXhfJJlRZFfrii2hNW4IOJ3
6OEXMmZ1kmR9OQAX4n7zVEglFW4bZr47fNdelm1kkXify0l2oafmxkPoLtSDsPsy
5Xdth7ua2QPa+Oo6T74YlOJGGWq0EnAXspgKIWBZYcRi3PhytJi0VXgB4cqxDYes
rQtXPhqrd78VUEjEEWEW3Qc3bq92pzY+wlX4FO9Fc1nEc1MMAYCAbXIAFcnoNvuZ
WqdvgXGBdcNpZkkgi1CPsIsCvd3fiiA1v8pW3BkBZxK18cmFU09yhxLpFKWonT9K
qDGm7HOD5t2gWU/LqL0KOY9TtqyC1fkZWMQ1ChVdbJZ43Tg7oLOySfPgp7ONinxl
tuUSKQIVpxoUV7NIE6iEk4wvtVZ+CWrkDZMfjkJNJff1NEBpT2viCiorzgjkA5fB
Axp86aAK4XHGpQ60BWgzTaGbPd064Ti+sbNvUddgu1eHv9KOjZR0KwdrtgmP60Am
Duk=
Extension name:
i9gww0t2b
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
For google: Revil/Sodinokibi
