All of your files are encrypted!
Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome. Again. ===---
[+] Whats Happen? [+]
Hi there! Personal greetings ESD-DLGR IT Administrators! We have downloaded all sensitive data, including personal data about your clients and employers, they Passports, DL, etc, corporate databases (clients and employees, email db backup), reports, projects and many many other. Ask us - we will provide you with proofs. We will public all the data in case you refuse to pay.
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension {EXT}.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practice - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/{UID}
Warning: secondary website can be blocked, that's why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
{KEY}
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DON'T try to change files by yourself, DON'T use any third party software for restoring your data or antivirus solutions - its may entail damage of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
sub
7748
svc
Amsp
Altaro.HyperV.WAN.RemoteService.exe
MSSQL$SQLEXPRESSADV
MsDtsServer110
"Sophos MCS Agent"
"ds_monitor"
"Sophos Endpoint Defense Service"
"SAVService"
"SophosFIM"
VeeamEndpointBackupSvc
ProtectedStorage
Altaro.DedupService.exe
"ProtectedStorage"
Altaro.SubAgent.exe
AltiBack
klnagent
"Sage 100cloud Advanced 2020 (9920)"
SQLSERVERAGENT
"swi_service"
VeeamHvIntegrationSvc
"swi_filter"
AltiPhoneServ
ds_monitor
"Sophos MCS Client"
mfevtp
mfewc
mysqld
psqlWGE
Altaro.OffsiteServer.Service.exe
"TeamViewer"
SQLEXPRESSADV
"ThreadLocker"
MBAMService
SSISTELEMETRY130
MSSQLServerOLAPService
AltiFTPUploader
ViprePPLSvc
MsDtsServer130
MSSQLTESTBACKUP02DEV
SBAMSvc
KAENDCHIPS906995744173948
VeeamNFSSvc
MSSQLFDLauncher
MSSQLSERVER
HuntressAgent
SQLWriter
"ds_agent"
sppsvc
ADSync
AzureADConnectAuthenticationAgent
sqlservr
Altaro.SubAgent.N2.exe
ALTIVRM
LTService
VeeamTransportSvc
"Sage 100c Advanced 2017 (9917)"
"SQLServer Integration Services 12.0"
MSSQL$MSGPMR
msseces
SQLAgent$MSGPMR
ReportServer
Microsoft.exchange.store.worker.exe
"ds_notifier"
"StorageCraft ImageReady"
Altaro.UI.Service.exe
TeamViewer
ThreadLocker
"Sophos Health Service"
KAVFS
sophossps
KaseyaAgentEndpoint
"SQLServer Analysis Services (MSSQLSERVER)"
"ofcservice"
VSS
kavfsscs
SQLAgent$SQLEXPRESS
MySQL
"SAVAdminService"
MSSQLServerADHelper100
"SQLServer Reporting Services (MSSQLSERVER)"
TmCCSF
"SntpService"
AzureADConnectHealthSyncInsights
VeeamDeploySvc
VipreAAPSvc
bedbg
"Sophos Web Control Service"
masvc
SSASTELEMETRY
tmlisten
DsSvc
"Sophos System Protection Service"
AzureADConnectAgentUpdater
Altaro.OffsiteServer.UI.Service.exe
Telemetryserver
"Sophos Safestore Service"
MSSQLFDLauncher$TESTBACKUP02DEV
MSSQLFDLauncher$SQLEXPRESS
ds_notifier
SQLTELEMETRY$MSGPMR
SQLTELEMETRY
MSSQL$SQLEXPRESS
Altaro.Agent.exe
ofcservice
KACHIPS906995744173948
AltiCTProxy
"Sage.NA.AT_AU.Service"
VeeamDeploymentService
LTSvcMon
AUService
"Sophos Device Control Service"
ds_agent
svcGenericHost
AzureADConnectHealthSyncMonitor
mfemms
"Amsp"
Code42Service
macmnsvc
BackupExecAgentAccelerator
MSSQLLaunchpad$SQLEXPRESS
"StorageCraft Shadow Copy Provider"
SQLBrowser
"Sophos AutoUpdate Service"
ntrtscan
McAfeeFramework
SQLTELEMETRY$SQLEXPRESS
"Sophos Clean Service"
VeeamMountSvc
"Sophos File Scanner Service"
MSSQL$QM
TMBMServer
KaseyaAgent
MSSQL$HPWJA
"StorageCraft Raw Agent"
MsDtsServer120
HuntressUpdater
Extracted
Path
C:\gs95p-readme.txt
Family
sodinokibi
Ransom Note
---=== Welcome. Again. ===---
[+] Whats Happen? [+]
Hi there! Personal greetings ESD-DLGR IT Administrators! We have downloaded all sensitive data, including personal data about your clients and employers, they Passports, DL, etc, corporate databases (clients and employees, email db backup), reports, projects and many many other. Ask us - we will provide you with proofs. We will public all the data in case you refuse to pay.
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension gs95p.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practice - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/CC69B1686007C86F
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/CC69B1686007C86F
Warning: secondary website can be blocked, that's why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
cyqEv6KDVc3p6RukcsrCPhdUlun3VCnkO7ivdbi6lKEjtG/PnFZETm4b7nz0Sp4v
fGBhnBM2ksYAJMIBu2E/JQPK83NI+Y3BwFKkq038d+PRaw4XN1/k1r1ilPviZhg8
Rao7paNYBlDf38yS+iiX1g6siYvT4rsH9ax8UBCh0FtgZFtCqH42H5dju5PIVMTy
aqiYwRm/5N28rzeIYvELCKiF8nF1ISnjM0/NS918BhLSBk8lA9aL/b/+W6kAxSSt
gIsrleqNyAN7W0G+wVwznpoi/CuZCMsKzpuPUwsxWDEcN6KSbw0tK1QOjoYboR4m
0sHv/2b07yAcPsD1DBs16A3GeFemkUz53/IPmZtABY+KIq3A5sPg4NACwXtvWX3B
1hPCJ9yJ92YXt1QidbyXievjkE50hqSyw6AW9ZFfAONakxsfl1VDv0bfQ/LyBBvR
pVDh+yh8SwCEfMw70OR7CrSTSvGE+ZBy0wJchgOC+nd1V4ptmhggHx1bBJgzRRAZ
2pIa87+SHXxA9fPxSjDI8pEblyLfFSbl6GcFxYFWjfsgDZC1L6J5rApbOL6ooo3p
7ARiNjj+JxRMOI+lz5/1zum+6p5QZYMp0betvBGGLGhVUEdRQ72poDawfX7StHyc
8Wt6wtD8SqkeaSLNLlYlh6h0tId5Jko9sdZYEwfMKIeSq8rCdqd+3Vp7JxhMfTfs
xTgnzYN9sRdhrpf++D7l6rJOe+Yz++mbvJd7rbysnCRfcHiq7Ey+fzIG/odDPGsB
mcfHptyYexuCCj9W9GVkePY3CvM3a1TXme736fyDSVdbnzYzHqQk5jsS/LWRJn3X
Y6Sk3Mb+eeucSJl7F4BD+1wSkqDb2TRqN4T3iGcmMt1/5SEFyJAKPZ8IkI8ee8MB
Axpe4yCRFrK6Yxde+ZWc3TOPEIsGhm9rbe1P5yUBfoyI0+dA1Itl5BX+opv0wYkB
v5BTq1kFWo3Zh7P+vFjxUB1HOLCbyBjgNC0JPJ4/WRGUeUa6B8PrIUhdeIqcPfkZ
wfPpxrwOSiHIG4zJ3F7JrbJkXu/OptdBEmSUacQpY5JX+2yPBBhAyG9wgBt9alNu
2rcr3uVTqUq4ZQHRn4gDqSkCwUcfVNKQ9CYqOX+cWALdmpZ2tJqPHzOHEDD9ARf2
IWAXSM1EwdHYR7RZs+UCgwS/EvDsn3Q6pOrOEBQnqFGw92XJhoWvEW/lRCQJN88e
AUPQUEPQak3/l4Cbqb3am776omlTrE53hVKcm426rWZ5IYHGz9hUq9AOwMU+FVQ2
2KX0Eg==
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DON'T try to change files by yourself, DON'T use any third party software for restoring your data or antivirus solutions - its may entail damage of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
