All of your files are encrypted!
Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension {EXT}
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/{UID}
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
{KEY}
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
sub
7960
svc
mepocs
memtas
veeam
sophos
sql
backup
vss
svc$
Extracted
Path
C:\1i836648-readme.txt
Ransom Note
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension 1i836648
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/0415B26C352DC368
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/0415B26C352DC368
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
ZnUHw67WV300yWpSEiQzLPGy7b6ij+3O6kWxCs+bP0FHOzuoTHUGjS9mTISswQF2
3Jx2YtsGlTi/UWtW9xo+a/b/LLFLzw+jl28FBWzNBg9aOvRUpH+h58PtB7eGE4KL
pqSBJ8daLIEU9voH2pjtyK+ZQq4m3oCkXqZcxf0lcr7tST/mTMs5UuykE/5pBg6X
gIlqjAbPoG/vL75M+aWqVlncVetu0H2+4WOhFb8EJSW1cgUTzX2KYx879rJ1tyqk
5dzzvhZXxsO8RdDFeOb1JGYWJ193F4+caj0C9a1o/VLyDwcKlghLxZjhILqoZ9pk
aZmdUazDVj5ebQQio/GFos1zRZ3ttnx56SuSRUNUQlDhTnVnZSiuYi+VlWmYZKqT
+ibfkhKVIlV5kgbqxrUroWrcTzprkbx6EEWIBluk3joj0qOO0SsVkqOIDIKRG5hh
S0kIkaZuw53YlDDtQ7WHNErUw/RMkgdxZJKIMLlH2bYdhwLMImqsvPwMuUfhVyCS
mwnhc/xn48zWDr+FbC7UEwlpaJ0es7pk52r0EjTC2eq7c6p44Sw69N4weypSqYUD
qiUQRuownOKwXkwLaOm6QrVtM00yRM2VqgrONaw1TFWgcoDGrYGzRn6AW8iwpYzR
hcQb9mv4HtAU4V5H52vnHvckFzQaQ+qrE098KvTJ1j7HffPoMHoX0aJnzijHgtIH
InCPOd4S1fPGr0ccjJ/KTpY4nIYxHUeuUMw98cjXG/AnbH/w8qRmwTvAOfRnWdQM
Kx4n3IqefbdxtLurcfhspeu+QwhBfvIv9oKJ2fV2H8dxQkdVbktV9cJs57HBUEHK
2rHz2ps5AtfgPKhyzx1wTR6uMYQAbzuorrY3haslRXH8eNlYqxnSV9uccRbSjiwC
z4Z0GRqOimgoRpd9WkdJXZGJi6GC2aGzCO6Etw/JEdl2eVSlzkcz/qKoEoFkVhqk
T4nUj6Xn3yXhu0Ev/aL48QkHkJsgHYmSNiDBkUlfEsZoP1HtGL6u66MNaaVwnxmi
CJLL63K3/UctdaflgBqJQxILZfEL5mgieMP9/iDJAMlSd5qBMF6S7//R7pC3fiyZ
4847JSrOsyrvpj0dRjyt7ssa0wZ4CAE0Czqdk1TXR0YtDa8fLd2xoqhVwekC2lN0
2goX5yOfzNAy4ZvNXzdADRdL3U8Tl7+QNRKIe4KIr7WpG3blqGF+3OdESml0RgXo
VsPoTIGx0KLXhrmEsWum0tgXWu/WAfEWbU3G/SnyxwEeznLBWEhkH6vOvhQWRFSg
dGkThHUKux5d/w9WZ8ly8VdtaG0Ogxkwmwk=
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension 6208z
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/0B1BBF39F23B6EA2
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/0B1BBF39F23B6EA2
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
f2Xvt0eN5ErwRLeRMEemzL9J/mkFA4fjYAXYy0PGGVuMjf2htmb1OgZOtxhbAXlH
6glUemkPHp5yrXakMABZNKff+EJnz553BhlcadzQZeeFOonbveDukx3mxcq5bUg8
Ln4czgtnEs+hfHfxomuwi/MwqZVwM+dPoIkBsLT4JuWw+4w7WVXOAm+K5rqyrD6h
OMjQFsH9pvy+bFcM2+Oq/+II/2CHEgWelHxoY6lfWI5sZ0O5VAT+kezIEEmP+Nxi
AlyQnNXd9iFKeYMCUqdobk26veoB7wxEvjfvkZnYP63yinRWSdbbTb13GzjY9dx7
Q39FZW3oW69f8fwFp+jsPjzEQpg9HwshnEuyDzJUhu3k63T0ZzzWrAj5QHHeoNhZ
DDFKgezLphfvD3j6YhmIRN2nYmmvm214Lx4CHJc2DZ86TUTgRCc5FFBo7geuMu8A
Enp8otBW/6GBZBzzrRikXnj3Ut06D9jLggPYWkCyPFsKN7HWpBm7WBCjoDeRhOAf
u4UVkaml7gliSZYbIX68WYFcw54KK0vW+nVrvBu8DNFEvWb7O7k1gkeSpgurrK7x
rs4vrPF1dY8+1HWp6DhvFjKC4yorX6mulDO4clJgNmGak4z3lpvqyPcWpIV2z+Yd
03bWhFRMDU5witgAikm2h1FTByoHR4FVDRSv7QjINfW59BG/ZoLZz6gxWI2uLyJJ
auxehRkKOZc9XyvxW+2QiOSJ/bAnP4sAYTWOiEXnu3Bn5chadAObuDnDaZj2TICj
uVgd2xwwKvLVxQwCyRhtIyZs5qsQFbxd7YYkCBhhbs5Yv74iYiBvKi8Iyj+9klU4
T/I0EP4FFzDHeAsR2e7h9FKRoWn0tOB4c1JWmYjiF2Gw2JzP2SVPXHBNX74BpuVb
MCDtBv9dF2utAqSo1uHANJHfX1gSqrh1GBj8f00yb8xyxrA3o0Gwa4JL3In7FAAm
aQ/k8NdMvS1HSPR2JHPKg/UMO2eXAq3GDG/xx/9ORULrlJVzAXzy0h8wI8qXfRQX
7np51Kb6lfwGfo0fMAFxP+luvTXZQOUSVB0+uhNCpgZK+dDVhBgTdU9XkKWmD/yd
STWn2LAbycSJVIedfW9LbTuZlvBoVBn9kT1ZE3Fl5ctbfIazO/3l3AhnltK2KgMA
p95TKksXtkOVLXyhudZd2trT3W6nt5y8UabIbwuIXbnB8DaZ44nTzhfbUoRLoy/U
GqQqtiiUYxI3QCO2dONLZfUoUGrDyRQ+RykPv1TcrV//znx9Aod6mBqkbYisfiZk
dEfY2w==
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
