All of your files are encrypted!
Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension {EXT}
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/{UID}
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
{KEY}
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
sub
7944
svc
mepocs
vss
veeam
sophos
memtas
backup
svc$
sql
Extracted
Path
C:\4mpirq6my0-readme.txt
Ransom Note
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension 4mpirq6my0
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/535FF8856C256A2E
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/535FF8856C256A2E
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
ZxI0eNYFjzYjnhcYWOdjbgPemkoKZFI9qPtKMkqg/eBSWZ5mWJIizZ1oRvnMkDgI
zMX/I8TGV2ItZRyKQ3zB9nMhsK54UTlOvYyXBubVVUrVajqnQKt2vjRIzSI7uv17
lJV0xwOgCwyVdtevZA1fPHn8O1cSVbYDc8jIIa6oaS9bh9AlgScge5AMHtfmfJ69
wz6PBmAx0gaTwHZON5YcVk7vxlT7MZUr0hSBhRnAIbFahL/tXhAAp5r2YN26/IAd
i42DreEuY5zkZLjawI5TPXLmhBuWl5oRnRCX10O5QmhqXWvJKzhiStCJMbo8xlRP
VpRpXTG64I68vAUbZ19APkzFuK2oMYfZRdnrNPhWuuKTdlzvJCxd9wONy5VEQtKP
sGnjpWyzO0CSdd9SaYU9YIvEBZcKqCU7gnn6SdO86f/5DiBEzBdMTh2vrMMjkv0S
4JGMyQOmYGE3gzB1DylhM/d5WT15YTOmxp8WEOc3PEYEZFcVwksslYlU2Byf77Gt
SBAt9wAZ2tYeIRAgAVMBjZY2hZs/UeijJTb9w4+oYs//uAosNvIfhUlElc+Z05qP
X7pLuDNZXqNxhpBrS85Q+SmRBEI4d1FEEnPGy9ebmMcysvEKG461epxXQ7XNQPSu
du78Lq1y3LjvpQoZ7gSLvYIdhcTqiI95XMD1QYfdE4XwPDYbP/wZr+K8ZVIxa9MU
+tC3/MhrUExyIgLeXpcWxgcsn6eIfjuI1ZXpuDp2zGQW5AQQNb0UpbCcVIvOYxBs
oU06Vl8OgoCnxmSHkTwv9NJ6iXxfKHlDofbJWEdmCSfmWQXz23w19Wt9bTLqhaDU
X8VBt0FWjAF8fQdvfbZsG/sr9XzxjXUjR5SSAW9XQgyRwd4RKLCP/6EI/9auy+DQ
vvxJZ9Er4CZz+89zcKjrX5Fy7ZXn6j7eC/bbzoqfCEKFOd2grUrvtLbvVVkRpQnv
I7oCRf/w2+II0I556460je89fZRFcj9O4yBeKnJaZKf9Cpg4M4PioYwR4DFY3+pe
FZsWXiAlpq53RzgXE3tWXEg1/pdUK11cxAo35OQ7vHCAZuBOcj4yQTW5wFGTZZVT
Ob9Vd4ynieQnqjbSi1JFX1M3Yxqsxgfr5X+YB4tkze+RxE0qfNePwTmhtTjtrLxR
+9FtcZnUgnsMirc52O7l1bbxKQVpEPk0PakntUH/8GY6FYJFIob08/G6hhI4FMRR
g85QJuatoSHjGPSI1INpFa7Opgqug8jCFQ9t86b8BY1sG86gmt8/msvlN/ZzNTdX
B2YIZ2v9iwwDehdN+K4l3M/f158Fx4xESZhA9X15
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension 7a496aem3
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/8339FDACF839B4C9
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/8339FDACF839B4C9
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
ONyr+P1jgy6TGI1I7O8nxbTIC7Zgbmjrj1WpIj7XR5DkN82mFKsJ3G+Ree1wIYeP
NqeKWI4rdJzuDdUe3O7yymM4vGiNFk+UjUki2RBXKQq3SMeagE4XkvtTuSctCcoN
xW9VS4F/UXrH1I0vqaXaMqoxr39rDKyFfDbsKngkeqF1Cu/cxxtLj/SJeTnVYtzK
UZB14F0XruRvaIcGHLUEoi+NuE3508Xvpd17EOId2Xkc2iH6HPYKesOvICDJW619
hwwQLPzSZDjm48a+jsm2YoyaxtTQ3VzFfhgdvzgNO75BDJJ3fnJDVB4Nh1vUfhJR
e2tkoovUz3DHQ2Mf8sn7hlUZOGjiAgnIw25QK6V9cHooDeBTpnEOWEkRaIYYVM2P
95c5v8o4wLw90MPF1vIEKlsim0iC7uIHdaZr5qbIPjxRNuSH4cR5xCRbN9+cK9Ts
zwUag1hnb9gCgmeQd0YvCUYnoHsG0vI2TdjqnwP4age3hb/c8kNCyzBZ8D1pwqrr
SvyIyiagpewPrzPfo4jd8Nz/qTIdhKtqh9mCSqzYKxJ4UczyI1VHawzwh07umEEy
4mhXkdmM0Q0nSw84JNMv9fGZMXFWLJGp/S8XBNKWu7a6FY75R1U3CPMgtK1/hN3V
TbB2ZIQ5j4XzM3PvqFS1MdDJIRklNMeX+t7X6ZvU57wv6CmNNQ0juWPY92v9rnh+
AYA+kJgsR0YB2pG6U4RQfiBweHKklL8/y9uof5jnkk27IimaeWjU/HRpQ3lFkI0m
lhbx24ZhrTCbeAzJkpSKosig111uESSstzQYNSA4Ih+4hB29e5OFSWbjp80RTEax
/Wq3cP2fsKZ4qfi1k4hFIpXqxHrxgjk3fvZdsquI50IRRIlY2CKArorqCCqiHpcy
VR3KEqNe8rpSMctGmmeboWUcOAz/ErPxcfM8eoh48MLjtje1vLeBTGPa2ipZje0E
I3h0H4XcnMQqDxdFxSu8nSMKnol17hFfhAzLP1WKP/O5SCqce3yKMHdp7ZgI45uO
GQRL+rtNLpTIF+5OHx2GjJRg/Cd5n88lSAWOTQC6j2Ylrm3VgNPp7xV+bQ+swENk
JPSf2XJQ9PhBF+IgkYIzKMTIgYWYTP/FhtMxB4NUnVc5pKS9vjqkK31ORk76Moii
RHAtvRqTyO+Ox4E/K0jjQBoZzHV8qGauDl5VKjfoRfAcmBOO6gHsejcSKRjDfJl0
68F4dMExJ8Bb22ji0Lpc5MXZgVZqCctly/rNzgACij278JZ+bGecN0b6wMmeLv0V
Rl73+QrJ5Pu49NpC
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
