---=== Welcome ===---
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension 6oe2u3mw6.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). The faster you contact us, the easier it will be for us to agree. Your backups were also encrypted and removed.
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practice - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/80111FF3C49D734C
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decryptor.cc/80111FF3C49D734C
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
CZuLX5yLpAipf9uu0eazaTRj7BWawVpJldKJ81HnkJbVfnnH5dKg5+em/LNfYo1R
ead9ugR2Dk26ACRBuX+yVPXp6uca8JZEB2vmkg11F6YvSs+2CaWPtYaz8xFMVlrU
z92BlJW7PrPOSo62hOo7VKalbHhI3qSVW2ZnBliT8do1QFNjUBZvNInzqYxQEipM
Vvr1iT1YYE+oNgDuN9xmSBZs8TfJ065ciOlHAXQrBIU6aFVJuCjboO4uxnCUgjIV
zSnmzHcodleTU+EKBb6hVv5rHFXvtlJVE9H6mEFUly9aojY1ej7QQaEGV6XDTpCp
8U2/xAS/1ayOY+gSRB8MFya2c637yP8BfdJjgLKTlnad+wmsQevkvzrfBIRebNHy
iSfT6qFPQODV3dkCg9NehDwTTLHVB0SqAMYruK30Yo5jEk1ecKErYCbQ6CLeOUsx
80HGITD7Q0w2yNgtZMpDZR3jXjTcA3yLONK4kmc8Sd3GbYrqTQu/l5jVLJYf1reI
gDmlaNzhYdLgxwSzfJvR8jMsOf+EkSKkHgKBrFWWuwt7+pPwdNnvVLHimJ8E+5Or
xID5cMIefXbkjPQ6ZfxBv8Qu8+o2c/J1pHmT9JV9S+8TwQkjNKGgqJ1QkuAM3FNx
6iDIIz/36jUS2JQg5cv1EYX0ALi8LayFnYuE38SynZ5GqGBGm3Sf7lwyzZom+byB
oTczBr1nEsEOYsn2bFeIyonNDGMJ2wt3tw5JgQUs97EkAuvsNzLhxqUyHeRkvo2K
LnZ34YKNBUNCyW5uk2WaI9XMbifdcAa5OGJcDdPWGgXPP+SKi8XCsqJBCR2Z4qfK
uKypTPTH05RDs0DRKRnQcq1QM3P7shlNdjibstdrC0AQXqyMhwZmpuBm0c9TscG5
2vxnLU6Y6//u2NtkoCqphrHOkQOyU0XSPewiFaQGKHwcz3GRji/QEUaD/zK/6O+N
w6iR2AQ4qI+pgJm01+JUT/Utp7B3SGPSMri9Zt8dwgr0CEcXOjHPTp84MwTRFLG+
NMFk7vPlL65vVoXTozyx0cJbQS/+nao5p57A65V/poKFLtB9vKfFaPVmxgKcLwyo
9KODOOCTFljdJ4f/2JcNd+rIkDeSmt8eBPrMd8JV1fIFxcSeNj3ZRYk3z0pNMInM
j/16E2cUZb1d12lMqNBg8GRMNaQLwf8kKxtIWFNreuC3d0TMr3swNG1WTIuFaQqX
AcxQ5UzIwPCXIupYGcDniIvgu9BxlThPYqj8OOKxoUuB+OxCOC3QolMgWLENpdhj
AXlMVP62mnNq8A1kcn5v7rqLeAgeow==
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damage of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
-----------------------------------------------------------------------------------------
You can read about us on Google: Revil/Sodinokibi - Travelex, CyrusOne, Synoptek, etc.
All of your files are encrypted!
Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome ===---
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension {EXT}.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). The faster you contact us, the easier it will be for us to agree. Your backups were also encrypted and removed.
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practice - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decryptor.cc/{UID}
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
{KEY}
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damage of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
-----------------------------------------------------------------------------------------
You can read about us on Google: Revil/Sodinokibi - Travelex, CyrusOne, Synoptek, etc.
sub
4953
svc
VSNAPVSS
WSBExchange
BackupExecManagementService
SAPD$
GxVssHWProv
memtas
GxClMgrS
SAPService
CAARCUpdateSvc
MSExchange$
MSExchange
MSSQL$
MSSQL
MVArmor
bedbg
CASAD2DWebSvc
BackupExecAgentBrowser
VeeamNFSSvc
SAPHostExec
AcrSch2Svc
QBIDPService
GXMMM
QBDBMgrN
GxFWD
AcronisAgent
QBCFMonitorService
BackupExecRPCService
avbackup
mepocs
backup
GxCVD
BackupExecDiveciMediaService
teamviewer
PDVFSService
svc$
ARSM
BackupExecVSSProvider
BackupExecJobEngine
sql
veeam
VeeamTransportSvc
MVarmor64
SAP$
GxBlr
sophos
stc_raw_agent
BackupExecAgentAccelerator
SAPHostControl
VeeamDeploymentService
vss
SAP
Signatures
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
