All of your files are encrypted!
Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension {EXT}
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/{UID}
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
{KEY}
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
sub
7901
svc
vss
svc$
veeam
memtas
sql
backup
mepocs
sophos
Extracted
Path
C:\h3pt9h-readme.txt
Ransom Note
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension h3pt9h
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/08D7BAC0C65772B4
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/08D7BAC0C65772B4
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
a01eYScxLQOEdXZ0z6YXpnGbzzqHtgU4vyMZmCl3LhvYHoyTwOsU25V2rsFwWZvI
BsBQIBC68zQ2DtbUq2UKp2SsgU+PNqeJyFgpOPUtSCvdQwnEVRIOhK5lwbZA99wj
qCc0/kyz/EDCkU/Gs4d9mkQiel+IbDwKAtzYH4JjV5/fqefNZSNs5Qy3ioEQLPVV
6aBFhj+vRMLI/NlPhA7XRroPfucADAyC1t5+BpCBIowIIvmIbzMJNX4fOom12Sap
FzbE9yoqg0tmicoGyoTH04jqWM+QyOBJXGoXDPCZZpA1kQNQfvNwaIwxZRTwgBcU
Tjl1uOG+0grabZJlwYYF6JR1rYYQ4D18Y9z7suZ73d4vjg8BEyRnor+h1+4IzeoX
6FCOWo5QU+9VLOdzYF6+2oSrNR7g8xSRxQ/may5HPjD/R9OHG4G1lvwswfJpIBLd
PbRYQITyeOxcj0ROBkeW4k5QFCY0LK312Y6uF2x1ZcfCc87xnKHt17xDy5y4XCYo
YSqPtU1quwekmoytLCAaBRSyjcKuALpHBNE8M0lpwRn1uohfPaC5Hz7NtmCo6tkR
I85x0/aujzYZYe2vzdP/SStMuZATZ9CNZseR0zC6G5IxQxR9UhgK7kSh/wWADjCF
G7q9+LZbQI34XKwI8gcW7ze4s1JSc76aRR8guUZV2wsxXlPJxkWbvSJUiu8maKOo
AFvqOnlj642qA038pdHWoqjYpH5SGDCovFr/MwFREk7oI0TGP8Z8hdxuqKgOFZ1C
QbHg8R4fOGxrmP16bNcJLPyd9Ft2PWV5M+Yh2dM7OHCWABJwAlj1ix6xFUS0xpZW
XYb4pSXB4WmqwO3ogDKsqyb9Oi0a04LPyohEYrPBprGqCSYubPh+sPHRBlEyUGe8
cFORLu1u7hrVZo6l0eYpxL6koTfV3fjZ/dHdB6sjN9wa4fa3BDoCFOcKc7s+U7C1
jDuncM/hzQFd3UVUaRrKskfroN31tyABtaE8bZnbkmbYabEq9TJBUiyeQ1vk2t38
v7UUF9vfZJJOfErUCx24SC5B+u9FEDSRq7BQn27u/iPUJRTc3wA1LHWU5xrAI9ys
XLqfNE49YF2yPxsSQ5AmTUWKKR3PWuzPS4XIOg9SGV06s3zyu2KiMRHJ7qY+5KwJ
MUuAPrwfA4vw6TJ2fvHkzXcjeN+N/xPwCmuLGLEAZXtJ1ZPuui5XMzbXH6oV30Uz
OyHk3dPewavI7RY4FrHJ1s/Up4WIGdh+qbQBAbnulTUIwYEXEPgGVwArDn6lgYrk
uD2WO1z2LIYZndpHHav0WAkzaA5K3A==
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
---=== Welcome. Again. ===---
We strongly encourage You to pay your attention to this message and read it to the end.
All Your files are encrypted, and currently unavailable, now all files on your system has extension 60lzy13l
Before that, all of your most important personal and business
files were backed up to our secure offline storage.
We took them for temporary storage - but we don't need your
files and we are not personally interested in your business.
Our encryption algorithm is the most technically difficult and max resistant to burglary.
Only OUR specialists can decrypted your files without loss(!)
Any attempts to decrypt files on your own lead to damage them beyond repair(!)
Best way to you will be consent to negotiations and mutual agreement between us.
To connect us you need to download TOR browser and follow the link to begin
negotiations.(You can find full instructions below.)
We are waiting You and ready to listen all
your offers and discuss them.
If You will ignore this letter - we will have to sell
closed auction all yours private files, photoes, business correspondence,
documents and business files + with our analysis of your work
activity (weakness of your business, financial violations and the opportunity
to profit from this information). It will offset our financial losses.
Or we'll just put all your files in the public domain, where everyone can download
and use them as they wish.
* For TOR Browser
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
We are known as "Sodinokibi (REvil) Ransomware". For example, this article:
https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
You have a guarantee that your files will be returned 100 %.
And remember, this is only business, nothing personal..
We have a concept of business honor, and we can promise something if we come to a mutual agreement:
1. We guarantee to decrypt all your files in the shortest possible time
2. We will delete all your files and forget about your company.
3. We will show your weaknesses in your networks.
.-= INSTRUCTIONS TO CONNECT =-.
How to get access on website?
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/9E49B77C3E305A09
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/9E49B77C3E305A09
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
FfxZj5MLKyll3V4aXzBh+lEj7Zrp2n9Z4WS1CmW4v35Zu8+0rwLO+etCjYtdsU4p
JVJXnX5nV7PZKZVelSyWEhgzM8e2GG9w1n069B5d16ev63YOBbDnslsBMVsEZI3M
VHNLIz5grL3sqOyzQDRcLziqGF7uTU/44QNcwA7lI1iRsLmEbrn4RBgCWquXsxXz
odJr7iEZayY21SMjUJJqvjY/nCVZ6KUrMh6GQT3AboLa6eoTaoViOPIiPJlig2WX
frnUnr86l0CX5u51iWjHoUj8NF25+brBXy/r6Z7e7sgzUwfQiWoXJp4HF8UotSYC
EBbKML6rFDBBgi9z0wTt/enClHN5DAWXWSFuxOw4AbhNUQIyJXo+HW3HbFJl1akD
aYwgyu5KWcGijxUIhBGQCQNWDLQKmvuJkUyX0rEm1aLpef13foL0QS7PtW3mNyT/
ZVnu7QSphrpfPrkfDDuYVPBSzdJjbBnVjN+/5+ukW0f8XbPviWPa8jzsm4CX0tkK
r47Er4H05ORvwpuSkZwjhyFFeL6NpOYzzcYu9ARxB6YrnKLolzzKzURXn9cO0wG9
3xgGy2K1EtExSlYtC2W6RiTMfve3mXGwZihSSMdbJ7KHhSH2exf9GbJ2BR3aaFL0
3a+KmgfjbQqezIjoHLGFCkSJ8GE2bUjhdNMncZvEVGNvR2Vt8LwK0URnsBlOzfPR
gRquH+zh5arH6Gs7u2bTEq6XbAcQytDCydwA7n45BOFERnWgRjN4EEl84h3kpRjA
ik22Rm6bl2QXP8KebtBBU1ijdc7PHP+jLXDxP5prI1X0+0gUtZQrDntXjZ0fZdBl
dAqIIOCLh5HgM+cspHreLyD2BjpArdixx05ywtFEekjRNKW8mIcvS4akRaS4p1X9
WxpTzLlExbIh8/TKdwkhV1v6PkUYY511dEpxS9EIT0vtCaNYI+Vizl/OVFOZl2qE
aoKRF7JCh8KVFJ4OYlny/N+9Rs1uXbcWa4T5N6Lwl+xQPto2Z5x97zPD2Fpq0rpW
kjRQMuNv4UxPHcLCm/kjwiLkQxfcU7TCyw74c+tw5NYecFyDuzFupMmHHRrbf+Zd
H4jn6tn23mv+yBCsLlRUkWEEUSlSUh7RypMMHtvYE6KRfxV0Pwt2RGfdZ9HZyZrr
Zh1sakJAnrJ5KC4jr7Krod8tJYJb6gpNJHAGAlO3VCvE/d7KRVzOIKcQFh7WpE8L
hIoTtkgyXm2eB9jXvW+BPAfw7TaFUvK8VT4N75bFebtWAa8HKgVH4mU/n+A7y+oS
8sk8uXrH8KSh7A==
----------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself,
DONT use any third party software for restoring your data or antivirus solutions -
its may entail damge of the private key and, as result, The Loss all your data!
