All of your files are encrypted!
Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension {EXT}
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/{UID}
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
{KEY}
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
sub
7441
svc
mepocs
sophos
memtas
backup
veeam
vss
svc$
sql
Extracted
Path
C:\0dvg987-readme.txt
Ransom Note
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension 0dvg987
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/23B042C9399F8A7C
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/23B042C9399F8A7C
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
U6/bkvVcqyQ/oA35g+HvapxUNilJhXPWxXuqC8YIoldtTmbJHEXoLG1Qd0mwY+iT
ORoPzoAD9QmwK9jBT69rwBRi9i1fqMwdkf1W70fUuKqikf1dPOcwjUHK3VGr4KB7
4nPTaOoCCNqK4ycIWobg8IUplvcXWAszUUCQYTvxItb7nLb3C874bOiX6vBr4i6X
+zE3An6MmSD14uM5Ja6m4j/lI0UCl0lW6k8r8ulXkXdJm6SOK7qX9ylWFcHWveTs
KL7mTT63nt+mkMWD/5TLSUPSEPGYVSzakIcRe14u/0nqmv2FxBCSIERS1T3zq5TV
BcnKm5XgiL2njHvdDMpnEHpSkNVoqBMGxnC2BsfxSATtp4tpUppBZCw9/Ud7fzHw
5iGJ5DQyLTQ86wdbHRdtDhmPF9X/K7HxI7Sn0vnPY0nx1SWnqXugVxEskYbA7Svb
3ZnU+PXezGIWNht2dkcoiFNFSiLJrr2+D3Kql/Kusv79sT7FxPw4rZDd5RFX1SS3
zt6qRb8y49WMsUxeO+Vdq6AU5KOsBgllNppLahBTJmSom/JqOJVWOhkD5f3Rv/8i
0ZTKSa885j53obl/s3+9K+mB/m89rO/dZHA53BgO4ZCghOB4wtA5FeRI/+n+zQV7
tTF2YNzlKeSk3C7apmnU7yp37UiF1XPkCDE3JB5jCLZll8Bm2XydtpCVcGnE08rO
pz+th+iiVFNDddOfwNRYKvgu9YGPsVTjmsXC38pHwgswFNP3UpCr5VH2JTY7rAvz
MEpgp7V+Wxk0/ey1wuCABMQkV9PWoXYFwMGb8LtZO/Q0U+bDnVUPAtdGVjJsHhw+
4NV2HHIfn1k1bchMAIDCa5OKe1ATlsXscpeLIdOBhie3y0W5iDGghZ52CjRicjyX
W2BOlOq3xWWU/UyM/7gGyZDRyfn6rE5M+KPfw9ckbhLY9kBM1s5up1WqNQoi6Agr
AM8xJRgi3qQQz2ahH5RFk6ndHx0NhO/EJ7cRLxKQKlQozL7N/2DCXa4WxQIbNgy9
HKid7P0lJ8PIAcERYKIqzPbIVHeIYWvkl1Ql7kxaL7YFSV/fDdFiutlYfCAQJjE8
tA7GuwAEmFtiR1qUo/jPdetzj+opHy/H8YnougrYWDqCa+YhQTQptwt4+L3i08rb
qYpFuisZsS9m70Y4oNNxWGrnvTHzTlPv7v8IJEJ7AqjojS3mRnnd3TDU3XjUn9Yu
ECXZiRQC7iqycWely+MZa8X4FCsbjodzCiBQdwTa9iGLr0s8xLLkGJaOJtHeDqD4
YUOSeeE80Nj0a/lg5JFpdXVqwfOQPMJ1
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension 50g5qf8pk2
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/7705791F2E28C757
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/7705791F2E28C757
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
VOktbKheg60qTAWrd9GAZtG4T1WAwzQgLjr8fQT8Son5/ny4bFUK4a0o3aKot1hD
77oOMkV+4HLhbWDDwXuBnXcbXphaAkemvwInXUo5UdFsWqGrT31n4VIKjIAJu1D2
IG8JowEqSHHe9a2+/2idqJv2f3RB/EvhX8pdCVchl+S2vc3wPnDh6PREhvJ0FAdh
z0zGkt9LcTfhBELzGCurpyI+4iGTQw7S3RDO73aoSEbIi6n5HR7H9Nn00GzPOcRb
3r63NvjU8/qveA3DoMzEOezTWX7aNh3FnbPxwF5aOAFQei9vw9yL7PxMs8JqSJLz
HBPnOwgq2TD+beAjsxyvd+hAPrB22Ube0wYKEV9CZlFW3dtAd/sCBfYixwu89id0
bVCcul/EHZdrqJnntqC506xsUZTXJ0aSfNJ0+ooCGsUj9SGNvi5NhT++4YdXEu+m
WJ5RQ0boqfLVsE6ptiygfjDjiSN7K8L3uLwQWDmDuyEHPM9EPNmpgwhRd16quv3Z
RjHadlC+TPTNxsQKBkMULtmrCZ1YTfOkaU+asJTfSciSPURyWG0ut9X4wid/tasm
MRqa/sPr2IEIH62/uobnChlcIPPxMSm5knmFVZEBJmJomqt8Q/03kDlBI7oxB5de
bd8dL2qPfWsGIPo9OWBL9vtkSlqeokDC13Z8G99AcH9+o9INuffaygNYH6QXXneI
sccEnjvAYHfWyUmaT/dUbOSCSSBv7ikrCqZ1UOvBHWIRtdjFmFVMxCGg1RdUMWkI
T6HLN/r5cAsaJGxAy3SdkwjqPIIXxFtKBgOGsTbD5cm3hbnO9vRdPkFKooH9rwTf
7T9/wSavDC+L4i2EUkvjTIUwxiK98e+OBrw9tkW4xRkJSfib/QXhF/k3u21yfh//
nCvEW6pyW56ZddYC1c8C9di31xPeSuIvFUsb2Uv/KXdfiosejkk8xYkBVfv0WqwZ
Um9hii/zb8b1DQvScg1DDoBfDQEEmVRfFybdxU2BHlJiDhs087KisxtR5cTicy70
R+I4Z9+t1rQApiBl/dVeENp9AC5H/7/BbbaviarD8g6kaLR/qCJm36WLTb4IUzCk
YVKxw4sSohtwxsykQFNzYjDYcVpjISW2LsWIiL4xV2raOu2PA1stmfucA1bLZzsf
TyAncPvV39VZMWRM0DLpCk3ZBOkeV7eqpNUBaIaAuWcAfbCONCSsUUjGJ+2pRJZG
UKotyiQfntzeq0Z+3UHIP/eAN7dAfqPkE5ilut2NtG3XLnxHxdHYo14U8xqS+OUH
xguGYJrMUE7LxL5yir0=
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
