All of your files are encrypted!
Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome. ===---
Merry Christmas and Happy Holidays everyone!
You have a great opportunity to enter the new year, leaving all the bad in the outgoing year.
I advise you to write to us as soon as possible and not waste your precious time that you can spend with your family.
With our decryptors recovery will take you the least time, without us you will have a very hard time and some of your files will not be recovered never.
The longer you think, the harder it will be for us to negotiate with you .
Waiting for your dialogues in our chat, below you can get acquainted with what happened.
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension {EXT}.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decryptor.top/{UID}
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
{KEY}
Extension name:
{EXT}
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
For google: Revil/Sodinokibi
sub
2361
svc
sophos
veeam
vss
AcronisAgent
BackupExecJobEngine
AcrSch2Svc
BackupExecManagementService
BackupExecVSSProvider
mepocs
stc_raw_agent
bedbg
MSExchange$
MSExchange
MVArmor
CAARCUpdateSvc
memtas
MSSQL$
BackupExecAgentBrowser
PDVFSService
WSBExchange
sql
ARSM
svc$
VeeamNFSSvc
BackupExecRPCService
CASAD2DWebSvc
VeeamTransportSvc
VeeamDeploymentService
backup
MVarmor64
BackupExecAgentAccelerator
BackupExecDiveciMediaService
VSNAPVSS
MSSQL
Extracted
Path
C:\8q1g3-readme.txt
Ransom Note
---=== Welcome. ===---
Merry Christmas and Happy Holidays everyone!
You have a great opportunity to enter the new year, leaving all the bad in the outgoing year.
I advise you to write to us as soon as possible and not waste your precious time that you can spend with your family.
With our decryptors recovery will take you the least time, without us you will have a very hard time and some of your files will not be recovered never.
The longer you think, the harder it will be for us to negotiate with you .
Waiting for your dialogues in our chat, below you can get acquainted with what happened.
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension 8q1g3.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/7C3D8C22D76EC643
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decryptor.top/7C3D8C22D76EC643
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
mW3oHlvbdCdKq9QdjhEmKnUJD6yapdGtRSTVCU82UaRkrg8XyV8t4s98dq0vBOeh
IvQ/sg6tbDqNO3sdSyXoYu6nStzqjxe8UpAQG6+SOTO8Mg3ORKsaID1XxaXfXvS+
pMaKq9peRKn0azSWjOjVWVj6jrqUOiTVxSGVYKV64EXxLgXwxHhWr8MrDwiOSJ5W
uyuayg9H2CSkvQtoww78nT8XKAlJeReIkrQeeRX9uxXeqDtdn3USZlMwZjZ1KDJ4
uJuTbHbhFgaXyfbCFiCs8U6jH+y+J4sIvN0QbPc4tybmLBJ8wT5kJwLTmifTO9g6
nTa2eFScKGbpMgfxpaaKk5Y4Y47iMr7Ss8xm0IZskou6FLR0Ubz6lAZqtRSgKYJ+
iTNN+mkuawF9dY/1Rsy104XihsyATPy06JhXlgYzV8JRbIw5i4MjUNgTN+Am8l56
4tp3POIRvOFt+Ncv5zbpI2Fni4u2fkDj3U60+Ad5RpgrFqsCHy45zR1IDQ1v/VRp
h1de5AyKCBwTO56ykUYgpiHgIEhvPwq25Wl+vupQx/rZy/TXyT66xoCVLkMJTPlg
QNJb+k/jSjCGe/yOSl9AHcjCG9NAU1GxlpVyzOA9+92OWDeNzkfnIDAEs6shPrfK
n1hPPZpHi+joWjteIEK2ihTCKNh5jkJUk3IS0g3yc34m8S9Ll+KQeRBNA5wX4Mbq
PryC4sh0WiRnmGEskazd/QeOVByy6esF6HyZsGRj0J3QXlszYqpg/6ixOePa3Njk
eRkfIQxVabxfkj6DEE+s+ZaSENtZFLg67JM59JWRdt5/B5WyDWDTfjtf5FOCeqM4
fZYqOSV+D1P1tC27x2aCqSlf9y7xRL77qjkHhIIkDMyd+W3ICDOuY9uj5HD7D40q
br5oTgz6UwnwU7oD7XST6FZf7nnTgtXl0kMnoCRRaW7Ci6PD+cd+E6KhH/1/YDQ6
+05jM7hTlR7AgPwwBpJZCbDvW+9XsiBOYSWJAHCQA1U2gwUCb+nATxffXKg6PdvK
QwczeEWGjcr3hMaasTQE4Hhqam6lV1o33y/smbzBBDPK4rpmKSNtF0rPZsULKYNl
0friZ8wflNRILhlZQ7mUTbE9pkgw+nkBk3sEEFMcTXBmyW0BDcx0L9ILC3DuNIO1
feGpz6tkAzM=
Extension name:
8q1g3
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
For google: Revil/Sodinokibi
