Description
Ransomware generally changes the extension on encrypted files.
6059871321227264.zip
190KB
210701-whrbsf8996
d670333be42dfb91a9a031e1693d6efe
53c0eabf5541f8be14107f3e18b53ba1ad8d8828
a20a1cd9fa52d3f6bc62b6b629df2273d1c579f0fffce69d2bc64895c692fb19
3d6c025431632dc5eba4fe6a7feb5ba4fa24892717f02b123c96ba1989dc866d4d931f097da270b774404dea5b4b7d6df3db1b12879431f084b6676a679221af
Path | C:\$Recycle.Bin\S-1-5-21-2455352368-1077083310-2879168483-1000\HOW TO DECRYPT FILES.txt |
Ransom Note |
Hi, as you can see, all your files are encrypted.
Don't panic, you can decrypt them, you just have to pay me for the ransom.
Payment is made only by bitcoin, and the amount you have to pay is 0.03 BITCOIN
You can buy very easily from these sites:
www.localbitcoins.com
www.paxful.com
A list of several sites where you can buy bitcoin can be found here:
https://bitcoin.org/en/exchanges
Make sure the address where you will send the bitcoin is: 1DENGvxJZofU9BVfiScrgZHhhntJ3sAPSd
After sending, contact us at this email address: zucano@tuta.io
With this subject: ZUCANO03TUTA394821
After confirming the payment, you will receive a tutorial and the keys for decrypting the files.
|
Emails |
zucano@tuta.io |
Wallets |
1DENGvxJZofU9BVfiScrgZHhhntJ3sAPSd |
Path | C:\F43E65-Readme.txt |
Family | netwalker |
Ransom Note |
Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .f43e65
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_f43e65:
tFP0GSPudA3wtSInAhscvfzXvpX+8l2ijkOL436d3tzEe10FjP
SVcGJfsY0ZiP4PzLUEDVdW1wZrykXNUE35iuIGga5wkVoW41Zj
ArOjnCI4pLwFkRozDKvyJlBLfroH/ys0CblD0uaY5H3xze4CUd
vRlHUDGSOodkUK0pbNjgHm0u2isc40hOk80O4cN0JorA+qzsgb
Jgo+i8ncEYB4pVRVYf6vODuPONo2DANhMT9I3Vhuohs2d/TXA/
quUK7xZ8FT7TuCvYxC6E3toGAYAPfnBJuugw4rlA==}
|
URLs |
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion |
Path | C:\Users\Admin\Favorites\Microsoft Websites\F43E65-Readme.txt |
Family | netwalker |
Ransom Note |
Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .f43e65
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_f43e65:
tFP0GSPudA3wtSInAhscvfzXvpX+8l2ijkOL436d3tzEe10FjP
SVcGJfsY0ZiP4PzLUEDVdW1wZrykXNUE35iuIGga5wkVoW41Zj
ArOjnCI4pLwFkRozDKvyJlBLfroH/ys0CblD0uaY5H3xze4CUd
vRlHUDGSOodkUK0pbNjgHm0u2isc40hOk80O4cN0JorA+qzsgb
Jgo+i8ncEYB4pVRVYf6vODuPONo2DANhMT9I3Vhuohs2d/TXA/
quUK7xZ8FT7TuCvYxC6E3toGAYAPfnBJuugw4rlA==}Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .f43e65
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_f43e65:
tFP0GSPudA3wtSInAhscvfzXvpX+8l2ijkOL436d3tzEe10FjP
SVcGJfsY0ZiP4PzLUEDVdW1wZrykXNUE35iuIGga5wkVoW41Zj
ArOjnCI4pLwFkRozDKvyJlBLfroH/ys0CblD0uaY5H3xze4CUd
vRlHUDGSOodkUK0pbNjgHm0u2isc40hOk80O4cN0JorA+qzsgb
Jgo+i8ncEYB4pVRVYf6vODuPONo2DANhMT9I3Vhuohs2d/TXA/
quUK7xZ8FT7TuCvYxC6E3toGAYAPfnBJuugw4rlA==}
|
URLs |
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion |
Path | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\F43E65-Readme.txt |
Family | netwalker |
Ransom Note |
Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .f43e65
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_f43e65:
tFP0GSPudA3wtSInAhscvfzXvpX+8l2ijkOL436d3tzEe10FjP
SVcGJfsY0ZiP4PzLUEDVdW1wZrykXNUE35iuIGga5wkVoW41Zj
ArOjnCI4pLwFkRozDKvyJlBLfroH/ys0CblD0uaY5H3xze4CUd
vRlHUDGSOodkUK0pbNjgHm0u2isc40hOk80O4cN0JorA+qzsgb
Jgo+i8ncEYB4pVRVYf6vODuPONo2DANhMT9I3Vhuohs2d/TXA/
quUK7xZ8FT7TuCvYxC6E3toGAYAPfnBJuugw4rlA==}Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .f43e65
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_f43e65:
tFP0GSPudA3wtSInAhscvfzXvpX+8l2ijkOL436d3tzEe10FjP
SVcGJfsY0ZiP4PzLUEDVdW1wZrykXNUE35iuIGga5wkVoW41Zj
ArOjnCI4pLwFkRozDKvyJlBLfroH/ys0CblD0uaY5H3xze4CUd
vRlHUDGSOodkUK0pbNjgHm0u2isc40hOk80O4cN0JorA+qzsgb
Jgo+i8ncEYB4pVRVYf6vODuPONo2DANhMT9I3Vhuohs2d/TXA/
quUK7xZ8FT7TuCvYxC6E3toGAYAPfnBJuugw4rlA==}Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .f43e65
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_f43e65:
tFP0GSPudA3wtSInAhscvfzXvpX+8l2ijkOL436d3tzEe10FjP
SVcGJfsY0ZiP4PzLUEDVdW1wZrykXNUE35iuIGga5wkVoW41Zj
ArOjnCI4pLwFkRozDKvyJlBLfroH/ys0CblD0uaY5H3xze4CUd
vRlHUDGSOodkUK0pbNjgHm0u2isc40hOk80O4cN0JorA+qzsgb
Jgo+i8ncEYB4pVRVYf6vODuPONo2DANhMT9I3Vhuohs2d/TXA/
quUK7xZ8FT7TuCvYxC6E3toGAYAPfnBJuugw4rlA==}
|
URLs |
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion |
Path | C:\odt\65E5C4-Readme.txt |
Family | netwalker |
Ransom Note |
Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .65e5c4
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_65e5c4:
w6D5n2kfpY6auhEDHXKSb/H/BOWM6WgEc6FfMBSdkMHXBvE1+Y
IOGK/LM5d2q3t2qdnE9ta80pfo5O0Hojoo5eUNwFPkZgZT41Zj
AnZdnTbsw8Bo6Qmp3TehmsE7NwY86dFaHxMbGBzvJJ6raSx8Lf
4CCFqQILx8mtuOdkwTwabcCPCL4IVjnRZ+SCY7zDG7dSv5GNhp
4T4u9ba2AscYYwOLOVM01nme36p2GMdTRKkD/SUb48OlFegcDL
MIhXJyzXfyUOf2uNs7JH45m3tZG+Hy7wqzOmuRew==}
|
URLs |
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion |
Path | C:\65E5C4-Readme.txt |
Family | netwalker |
Ransom Note |
Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .65e5c4
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_65e5c4:
w6D5n2kfpY6auhEDHXKSb/H/BOWM6WgEc6FfMBSdkMHXBvE1+Y
IOGK/LM5d2q3t2qdnE9ta80pfo5O0Hojoo5eUNwFPkZgZT41Zj
AnZdnTbsw8Bo6Qmp3TehmsE7NwY86dFaHxMbGBzvJJ6raSx8Lf
4CCFqQILx8mtuOdkwTwabcCPCL4IVjnRZ+SCY7zDG7dSv5GNhp
4T4u9ba2AscYYwOLOVM01nme36p2GMdTRKkD/SUb48OlFegcDL
MIhXJyzXfyUOf2uNs7JH45m3tZG+Hy7wqzOmuRew==}Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .65e5c4
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_65e5c4:
w6D5n2kfpY6auhEDHXKSb/H/BOWM6WgEc6FfMBSdkMHXBvE1+Y
IOGK/LM5d2q3t2qdnE9ta80pfo5O0Hojoo5eUNwFPkZgZT41Zj
AnZdnTbsw8Bo6Qmp3TehmsE7NwY86dFaHxMbGBzvJJ6raSx8Lf
4CCFqQILx8mtuOdkwTwabcCPCL4IVjnRZ+SCY7zDG7dSv5GNhp
4T4u9ba2AscYYwOLOVM01nme36p2GMdTRKkD/SUb48OlFegcDL
MIhXJyzXfyUOf2uNs7JH45m3tZG+Hy7wqzOmuRew==}
|
URLs |
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion |
Path | C:\Users\Admin\Documents\65E5C4-Readme.txt |
Family | netwalker |
Ransom Note |
Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .65e5c4
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_65e5c4:
w6D5n2kfpY6auhEDHXKSb/H/BOWM6WgEc6FfMBSdkMHXBvE1+Y
IOGK/LM5d2q3t2qdnE9ta80pfo5O0Hojoo5eUNwFPkZgZT41Zj
AnZdnTbsw8Bo6Qmp3TehmsE7NwY86dFaHxMbGBzvJJ6raSx8Lf
4CCFqQILx8mtuOdkwTwabcCPCL4IVjnRZ+SCY7zDG7dSv5GNhp
4T4u9ba2AscYYwOLOVM01nme36p2GMdTRKkD/SUb48OlFegcDL
MIhXJyzXfyUOf2uNs7JH45m3tZG+Hy7wqzOmuRew==}Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .65e5c4
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_65e5c4:
w6D5n2kfpY6auhEDHXKSb/H/BOWM6WgEc6FfMBSdkMHXBvE1+Y
IOGK/LM5d2q3t2qdnE9ta80pfo5O0Hojoo5eUNwFPkZgZT41Zj
AnZdnTbsw8Bo6Qmp3TehmsE7NwY86dFaHxMbGBzvJJ6raSx8Lf
4CCFqQILx8mtuOdkwTwabcCPCL4IVjnRZ+SCY7zDG7dSv5GNhp
4T4u9ba2AscYYwOLOVM01nme36p2GMdTRKkD/SUb48OlFegcDL
MIhXJyzXfyUOf2uNs7JH45m3tZG+Hy7wqzOmuRew==}Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .65e5c4
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_65e5c4:
w6D5n2kfpY6auhEDHXKSb/H/BOWM6WgEc6FfMBSdkMHXBvE1+Y
IOGK/LM5d2q3t2qdnE9ta80pfo5O0Hojoo5eUNwFPkZgZT41Zj
AnZdnTbsw8Bo6Qmp3TehmsE7NwY86dFaHxMbGBzvJJ6raSx8Lf
4CCFqQILx8mtuOdkwTwabcCPCL4IVjnRZ+SCY7zDG7dSv5GNhp
4T4u9ba2AscYYwOLOVM01nme36p2GMdTRKkD/SUb48OlFegcDL
MIhXJyzXfyUOf2uNs7JH45m3tZG+Hy7wqzOmuRew==}
|
URLs |
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion |
Path | C:\Users\Admin\AppData\Roaming\65E5C4-Readme.txt |
Family | netwalker |
Ransom Note |
Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .65e5c4
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_65e5c4:
w6D5n2kfpY6auhEDHXKSb/H/BOWM6WgEc6FfMBSdkMHXBvE1+Y
IOGK/LM5d2q3t2qdnE9ta80pfo5O0Hojoo5eUNwFPkZgZT41Zj
AnZdnTbsw8Bo6Qmp3TehmsE7NwY86dFaHxMbGBzvJJ6raSx8Lf
4CCFqQILx8mtuOdkwTwabcCPCL4IVjnRZ+SCY7zDG7dSv5GNhp
4T4u9ba2AscYYwOLOVM01nme36p2GMdTRKkD/SUb48OlFegcDL
MIhXJyzXfyUOf2uNs7JH45m3tZG+Hy7wqzOmuRew==}Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .65e5c4
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_65e5c4:
w6D5n2kfpY6auhEDHXKSb/H/BOWM6WgEc6FfMBSdkMHXBvE1+Y
IOGK/LM5d2q3t2qdnE9ta80pfo5O0Hojoo5eUNwFPkZgZT41Zj
AnZdnTbsw8Bo6Qmp3TehmsE7NwY86dFaHxMbGBzvJJ6raSx8Lf
4CCFqQILx8mtuOdkwTwabcCPCL4IVjnRZ+SCY7zDG7dSv5GNhp
4T4u9ba2AscYYwOLOVM01nme36p2GMdTRKkD/SUb48OlFegcDL
MIhXJyzXfyUOf2uNs7JH45m3tZG+Hy7wqzOmuRew==}Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .65e5c4
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_65e5c4:
w6D5n2kfpY6auhEDHXKSb/H/BOWM6WgEc6FfMBSdkMHXBvE1+Y
IOGK/LM5d2q3t2qdnE9ta80pfo5O0Hojoo5eUNwFPkZgZT41Zj
AnZdnTbsw8Bo6Qmp3TehmsE7NwY86dFaHxMbGBzvJJ6raSx8Lf
4CCFqQILx8mtuOdkwTwabcCPCL4IVjnRZ+SCY7zDG7dSv5GNhp
4T4u9ba2AscYYwOLOVM01nme36p2GMdTRKkD/SUb48OlFegcDL
MIhXJyzXfyUOf2uNs7JH45m3tZG+Hy7wqzOmuRew==}Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .65e5c4
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_65e5c4:
w6D5n2kfpY6auhEDHXKSb/H/BOWM6WgEc6FfMBSdkMHXBvE1+Y
IOGK/LM5d2q3t2qdnE9ta80pfo5O0Hojoo5eUNwFPkZgZT41Zj
AnZdnTbsw8Bo6Qmp3TehmsE7NwY86dFaHxMbGBzvJJ6raSx8Lf
4CCFqQILx8mtuOdkwTwabcCPCL4IVjnRZ+SCY7zDG7dSv5GNhp
4T4u9ba2AscYYwOLOVM01nme36p2GMdTRKkD/SUb48OlFegcDL
MIhXJyzXfyUOf2uNs7JH45m3tZG+Hy7wqzOmuRew==}Hi!
Your files are encrypted by Netwalker.
All encrypted files for this computer has extension: .65e5c4
--
If for some reason you read this text before the encryption ended,
this can be understood by the fact that the computer slows down,
and your heart rate has increased due to the ability to turn it off,
then we recommend that you move away from the computer and accept that you have been compromised.
Rebooting/shutdown will cause you to lose files without the possibility of recovery.
--
Our encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
For us this is just business and to prove to you our seriousness, we will decrypt you one file for free.
Just open our website, upload the encrypted file and get the decrypted file for free.
--
Steps to get access on our website:
1.Download and install tor-browser: https://torproject.org/
2.Open our website: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
3.Put your personal code in the input form:
{code_65e5c4:
w6D5n2kfpY6auhEDHXKSb/H/BOWM6WgEc6FfMBSdkMHXBvE1+Y
IOGK/LM5d2q3t2qdnE9ta80pfo5O0Hojoo5eUNwFPkZgZT41Zj
AnZdnTbsw8Bo6Qmp3TehmsE7NwY86dFaHxMbGBzvJJ6raSx8Lf
4CCFqQILx8mtuOdkwTwabcCPCL4IVjnRZ+SCY7zDG7dSv5GNhp
4T4u9ba2AscYYwOLOVM01nme36p2GMdTRKkD/SUb48OlFegcDL
MIhXJyzXfyUOf2uNs7JH45m3tZG+Hy7wqzOmuRew==}
|
URLs |
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion |
155eaec829906d3b03ce5f8064200bcdb4023886816550dfd91bb5d20571df23
568db4e58977f0795730755b16c80b07
4MB
23231aea7dcc02eaab9c2f248bbd949d1770db8c
155eaec829906d3b03ce5f8064200bcdb4023886816550dfd91bb5d20571df23
a426b5e9a4786af6558c28a577b5197704cbe224818daf2519f36a9b0f65e2f0d55e7b49f5a5ea177784fb27a4d54f0cca7125b51180b2ccf7d431375ef32c88
Ransomware generally changes the extension on encrypted files.
Infostealers often target stored browser data, which can include saved credentials etc.
8a68388787a97c83448898eedb045f620f225538992467bae0ee5c1a1ca4dc97
7ee92bcaa1305c7964a993e7f1c3761c
208KB
6351e156b5fe1d3ae91fec6eb367782b1373111c
8a68388787a97c83448898eedb045f620f225538992467bae0ee5c1a1ca4dc97
3b5114e9b3e53ac7711df9fa5ad3dc66ce309ade04768cd334f1e1f1b311a9c36f43e6cf167d338e94116ee08dc686c0a000064a40bb2913e1e8b6b8b143c387
Ransomware generally changes the extension on encrypted files.
Infostealers often target stored browser data, which can include saved credentials etc.
9a9bf626d4a3e9afe613f7eaa347acac600de2aecc45a5706aa2ba386625eed6
5e7d419747ee589f724a80d9ac8b7186
66KB
b91e9178b054811312c83f3d81cc4153d2fa38ba
9a9bf626d4a3e9afe613f7eaa347acac600de2aecc45a5706aa2ba386625eed6
bdd91c5551df4a3adbe56ebcf2045cad1ed924627c16236ef7579ee73974c3d784a0fc2624ecb143912315231c9565854294d021d01549f61140efe1ec2b6c23
Ransomware family with multiple versions. Also known as MailTo.
Ransomware often targets backup files to inhibit system recovery.
Ransomware generally changes the extension on encrypted files.
Infostealers often target stored browser data, which can include saved credentials etc.
a9fb354944ee5879b6e13381952889c604d850fe18ef552185a1c228b3bb3d06
65eec80b04f4b8da236e7b9f8627e5e2
79KB
47aba918cf1ef166a9868c74003496cf419e6290
a9fb354944ee5879b6e13381952889c604d850fe18ef552185a1c228b3bb3d06
b5c45d833fc86e42c340b08d630218fde1f816bb36c3a5920553bddf8f2acd1b6951eb402dff5e82add7f623b76e6ee5414fbdaa293df0579776fc5cad62fbd9
RaaS first seen in 2021 initially called Vasa Locker.
Ransomware often targets backup files to inhibit system recovery.
Ransomware generally changes the extension on encrypted files.
Attempts to read the root path of hard drives other than the default C: drive.