All of your files are encrypted!
Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome Agromart Group ===---
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension {EXT}.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). The faster you contact us, the easier it will be for us to agree. Your backups were also encrypted and removed.
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practice - time is much more valuable than money.
[+] Your files! [+]
In case of refusal to negotiate, the data of your company will be published in the public domain, including the personal data of your customers, as well as your supply contracts and invoices. The longer you contact us and try to hide the fact of the attack, the more serious the consequences will be.
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/posts/65?s=e03fd465c862e96dcc1a7e248021ae5d
This link is only available to you, it will become public once the timer expires. You can read the publication examples here.
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decryptor.cc/{UID}
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
{KEY}
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damage of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
-----------------------------------------------------------------------------------------
You can read about us on Google: Revil/Sodinokibi - Travelex, CyrusOne, Synoptek, etc.
sub
4454
svc
SAPHostControl
SAPHostExec
MSSQL
MVarmor64
backup
sql
WSBExchange
BackupExecJobEngine
sophos
vss
GxFWD
stc_raw_agent
PDVFSService
BackupExecManagementService
MSExchange$
MVArmor
memtas
avbackup
CAARCUpdateSvc
svc$
ARSM
GxClMgrS
VeeamDeploymentService
BackupExecVSSProvider
GxCVD
MSSQL$
SAP$
VeeamTransportSvc
bedbg
SAP
SAPD$
AcrSch2Svc
QBIDPService
MSExchange
CASAD2DWebSvc
SAPService
GxBlr
GXMMM
VSNAPVSS
BackupExecDiveciMediaService
AcronisAgent
mepocs
GxVssHWProv
QBCFMonitorService
VeeamNFSSvc
teamviewer
QBDBMgrN
BackupExecRPCService
BackupExecAgentAccelerator
veeam
BackupExecAgentBrowser
Extracted
Path
C:\579c286a5-readme.txt
Family
sodinokibi
Ransom Note
---=== Welcome Agromart Group ===---
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension 579c286a5.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). The faster you contact us, the easier it will be for us to agree. Your backups were also encrypted and removed.
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practice - time is much more valuable than money.
[+] Your files! [+]
In case of refusal to negotiate, the data of your company will be published in the public domain, including the personal data of your customers, as well as your supply contracts and invoices. The longer you contact us and try to hide the fact of the attack, the more serious the consequences will be.
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/posts/65?s=e03fd465c862e96dcc1a7e248021ae5d
This link is only available to you, it will become public once the timer expires. You can read the publication examples here.
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/F3ECF9EDD69BAE7F
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decryptor.cc/F3ECF9EDD69BAE7F
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
GqHmSQI4OqBDLEYn3REmp8tgF6gcuqQwsxC7ak+FegPhiJmozigj3/ooR2ZFJXss
K96Zm9GMxjgq7p0dAN4i/SjadZbKR1+SHxnE4v3ERzcnTqsh1YzsCqHCppAx84JF
gCHqJVBJ3xPVNEgv185O34fg+TbWCeQQN3GyogUd2Es0Khh/3dKB6mfi2KHDZRYc
wQHPNu9Z6pkVV5WqX5B77VsFDVXQAdbd7h/+dKlK8ytTP1TQ9ZT6KR63cSB29xJq
p9OFAMGYR4SN2njhywKzZHEgts7jRb3uANRmVy8nXO93U+cy/ERmw8ql5crEiBs3
DVmszpVvmTy5vaeEXt4mlkasgzvfw16msqmo5tc98oYoUIRU0XMP3kw8rm3aWSwg
7s5gqeAqPls0Is9IKx9bofzZeHxRpS8kQSufszj1ncjgsO53vpV9eymFzpXuAz0b
R2+4JTod9gMDppL7INKX3DFWR2qH6E3k17Ea3fM2fX7gu0fheBt/jaVcD258jJV7
pKgYSJvDl7deXL8FXHKE8VGMb1W3JhMgU8ypDp07NkXI9OqPg/f6WMEzFwa8xEcv
o3/P1/BEJ7PFUE4w3gp3lf8wwHYg4D+PdoT1DCE54TUlxJsBQtgXQeSzNPRlZLa/
BjbMjhuPvMRtaQvd54uSRTcGvqt1O8vsKkt9opWhVQspt1ImMWfkO2uCVf8Gq+Is
mjCSDqLopaSp6M9wSwu887vyoIZXiVcYbo7VPY5PLDfZfA6tF0WuJGXxlKnRsM7W
eHNKefj8Nx6QGLM1pcBFJso9o4vASvrBH8+D0wxVZYAPfoYlj8pr0wF7uaZQsZ7E
eEQbQNNFYH3ZPasZT9xUpAbQnkIsl8YAvH72J6kkBn6e3z9LTtyRAwmqmJuAG61c
O5PK49Y8Qp2h/igZJmyM0z0sRE5GKiek9G8KqGjLCv9/FMNs04TeKVAMIxbunOA3
jENgDvVS2MaufANqXy+LyzbRjQNMrteiuZaq6z3V2tENuPHx74QonzjVEnSY7ESj
figboSRTDsFrfy8NKMR/+xkWn+NEV0cmw0oxHMUadhlLfSAHemSJeCOvJTfXxqFo
N/B41Er1ApYCuaUZAYrrAZwmXtESfEXeRykbwvcXQFohP8/Bjj9+nvBAK3vRPCCd
eE54bBBCGy7E5DgQizZJhdKdqK7eg1+HT4P2o1BGq6p0wtttP9TaiqW+CaHeBL6X
zEJxCi57fVbbs9XylsMe8vNdlUSqpPVoOdABICNR5QkUcg01sSzatHimeaADLMa8
fePIsH4kxeFPfPNDgL6WfQflejpbOEQ8WMFGMs8x
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damage of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
-----------------------------------------------------------------------------------------
You can read about us on Google: Revil/Sodinokibi - Travelex, CyrusOne, Synoptek, etc.
---=== Welcome Agromart Group ===---
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension 5q4l83349.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). The faster you contact us, the easier it will be for us to agree. Your backups were also encrypted and removed.
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practice - time is much more valuable than money.
[+] Your files! [+]
In case of refusal to negotiate, the data of your company will be published in the public domain, including the personal data of your customers, as well as your supply contracts and invoices. The longer you contact us and try to hide the fact of the attack, the more serious the consequences will be.
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/posts/65?s=e03fd465c862e96dcc1a7e248021ae5d
This link is only available to you, it will become public once the timer expires. You can read the publication examples here.
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/9C258382A98B7E2A
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decryptor.cc/9C258382A98B7E2A
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
sbG0JloX1JyRnbMpeJRvHfyPyYDqRE45zQOabCRjfSSEAbfBrHWwW47xtdopCItS
lg6slz5mPo7Iz8takGibhHN3J6vmqqKBS7S4YgNc+t3GJ/uah7GpiLmr6CuXQATJ
UQUHeplkpLmbQCYkrtDF5gPUWdDIWWHbM9JqnoCE5AgGQ6y3AdVbRz04mJlzkQ1/
zIWFWIHmX2jQXIdN25h/9vL+Uhm2/JVDpk4UpVp5n9NNmrbtkMV3PR3Dt0gYLlzJ
riAORli6T3BXndpzxW6HDFIeolp+PfHLHsdfClulEQ0zGGyBOz+lsGluL5SD8xKR
WtUg/Fs5KQovsdg/AaEKLHuZVLZgr3YrO3vAb1aUGG7pZHwK1/bK3PbZOtqAuYRW
c6xB05yeTvf9lu4CAH2dWItkaBZAqqzvIbJiq1YgrLYtZZdncv9PLf1YpociW4/p
XdxAtaO34+tHcRnL+kPQmc8Y238MFMpUg7p0ZPfllcJMK/CencPCL/+UkPNvdvCx
6VYLrk4Kl6YaDNyDVq7HVKxM/pE1JWC7B29kEvJiOXRuzaF+6O8ip0EnvkyvdKSD
8P7G8OqLLpxtqGbwVCd/P93N/NOnDpjFH7ZMspz782B7bUIrQQNmv1Gh+664p3of
dLSuNvx7gWseiSmkK0MKjVUc3sb0hJzVuqTH0VgbUwcjxdrq/r6CZ0gj+lQMC7NG
5QDMC0jkyA3+Ill+SgHaM5u52BH6vg7pOFAcvCebjt2yyYE75FrC6fiTsNs9OO6a
fv/PKzs80mA5+vf2FuOX+Gvn/vnE1webRo2AYbF98JZBSO76sb9c+a0CXo4cTSH8
u6Ehlwa/aCsLVLAAo+kXcEIgQO8ahaBN8K4ESkrOkgbJoul29/hJmAQOX90JG3Qw
xVbUZfJXKiQrHZuVqNB4vlaHObV+ipCsUelIs2U8WkDD4F2kq2xb/TVGiAGLUz71
NibyO1idSBvKolKKxsYViW0efJeNv/UmBu6YNHiq+t4RNKyAlt0+iXJVD90Xgzqv
8nsIiTEJQ+LaedrcsElngDL6M8W9TEbZt4lDnZ7PUTI3SIAlkhbrZfaFeIxMFBIw
I1jWrxg6UxgltU6TqzwCNtlH+7Fr8tW1aUOTeqVMHmEC3H08dhYuYQBNSpLeS7A7
DH+pjBAJzM7Xqy4bi5URABvJCHPX3o+EfXKWEvjDzBPaDz0Ec5bw2GFENJSdInHP
MmL64C9aUDFEqWTTL3LLX0Ruqj3zEuRp5fRiPn6upzPNyV16dUIJXmJKBuN4Mdbi
CgtpG/xSlZqs45DuWJ3YZ5QXPHjrEQ==
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damage of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
-----------------------------------------------------------------------------------------
You can read about us on Google: Revil/Sodinokibi - Travelex, CyrusOne, Synoptek, etc.
