All of your files are encrypted!
Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome. Again. ===---
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension {EXT}.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/{UID}
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
{KEY}
=========Attention!!!=========
Also your private data was downloaded. We will publish it in case you will not get in touch with us asap.
==============================
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
sub
6772
svc
msseces
DsSvc
sppsvc
macmnsvc
ViprePPLSvc
TMBMServer
Microsoft.exchange.store.worker.exe
VeeamMountSvc
"Sage 100c Advanced 2017 (9917)"
"Sophos Endpoint Defense Service"
Altaro.SubAgent.N2.exe
"Sophos System Protection Service"
"Sophos Clean Service"
ds_notifier
AzureADConnectAuthenticationAgent
VeeamTransportSvc
AzureADConnectHealthSyncMonitor
masvc
"StorageCraft Raw Agent"
MSSQLFDLauncher$TESTBACKUP02DEV
AltiBack
svcGenericHost
ADSync
"ofcservice"
HuntressAgent
AltiPhoneServ
"SQLServer Reporting Services (MSSQLSERVER)"
mfemms
psqlWGE
AzureADConnectHealthSyncInsights
ReportServer
MSSQLFDLauncher
"Sophos Web Control Service"
Code42Service
"Sophos Safestore Service"
"TeamViewer"
ThreadLocker
"Sophos File Scanner Service"
"SQLServer Integration Services 12.0"
SQLTELEMETRY$MSGPMR
SQLSERVERAGENT
"ds_notifier"
MsDtsServer120
Telemetryserver
sqlservr
KaseyaAgent
Amsp
MSSQLFDLauncher$SQLEXPRESS
SQLTELEMETRY
KaseyaAgentEndpoint
AltiCTProxy
ds_agent
LTSvcMon
SQLWriter
AUService
MSSQLSERVER
ofcservice
Altaro.UI.Service.exe
"Amsp"
SQLTELEMETRY$SQLEXPRESS
MSSQLServerADHelper100
klnagent
SSISTELEMETRY130
KAENDCHIPS906995744173948
VeeamNFSSvc
MSSQLLaunchpad$SQLEXPRESS
HuntressUpdater
LTService
"ds_agent"
Altaro.Agent.exe
"ProtectedStorage"
KACHIPS906995744173948
MySQL
VeeamHvIntegrationSvc
"StorageCraft Shadow Copy Provider"
MSSQLServerOLAPService
SBAMSvc
"SophosFIM"
MSSQL$QM
"Sophos AutoUpdate Service"
"SAVService"
McAfeeFramework
SQLBrowser
MSSQL$SQLEXPRESS
BackupExecAgentAccelerator
"swi_service"
SQLEXPRESSADV
"Sophos MCS Client"
MSSQL$HPWJA
MSSQL$MSGPMR
AltiFTPUploader
AzureADConnectAgentUpdater
"SAVAdminService"
mfevtp
VeeamDeploySvc
MBAMService
ProtectedStorage
"SntpService"
SSASTELEMETRY
Altaro.OffsiteServer.UI.Service.exe
VeeamDeploymentService
MsDtsServer130
sophossps
tmlisten
mfewc
KAVFS
Altaro.SubAgent.exe
mysqld
"Sophos MCS Agent"
"Sophos Health Service"
VipreAAPSvc
SQLAgent$MSGPMR
"Sage.NA.AT_AU.Service"
"Sage 100cloud Advanced 2020 (9920)"
VSS
Altaro.OffsiteServer.Service.exe
TeamViewer
TmCCSF
"ThreadLocker"
bedbg
ALTIVRM
ntrtscan
VeeamEndpointBackupSvc
Altaro.DedupService.exe
"SQLServer Analysis Services (MSSQLSERVER)"
"StorageCraft ImageReady"
ds_monitor
"ds_monitor"
kavfsscs
Altaro.HyperV.WAN.RemoteService.exe
MsDtsServer110
"swi_filter"
MSSQLTESTBACKUP02DEV
MSSQL$SQLEXPRESSADV
"Sophos Device Control Service"
SQLAgent$SQLEXPRESS
Extracted
Path
C:\t0a843-readme.txt
Family
sodinokibi
Ransom Note
---=== Welcome. Again. ===---
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension t0a843.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/B33761196F5DA74E
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/B33761196F5DA74E
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
kdTsCWuj/4je8Ufp2Pg+JH7m+ublHn6DVn4XEmH2WJCZf8Xgg+AupwveuhQJ/vif
RT2hJvW9+R+4ss5Gx0JCxf/oL+R8pfsM1CNjHximdUlwdpfuKwV7/D5wqdfmV9Ij
UqoMifHU8p4kNZtp9PqdvCUJkPTJ5YKe7qSXoryKOxc8s5Jygj9FMQxJxjmPAnp+
oc8KdRot+9UvQCv5pDAG4W4e0/4kc6ZfT66nhZ75LYJEhT6Sy1rO3VZ2+Nrnq4Aq
vToc/nX9qJnmUnibCp167vP7MvwiRCFzPRih7TI/vqTrqieQsi6Qgi5MRDf6DVwA
ANu2iiTZ9BFBOoTCDwUiPLTXMEHX0EKQ6xWuKo8/61CD39KZn8AlOjrOaHYeBeMl
KhJSkWYdugXXckBfpskOncPLgOnPo/Bc5WDB2VOcPuNn7HqjEFcc9kozqaZ4YQu/
j/1nIGwuBl5/eCi8MuKu75cN7I0UK7YIVLt0Tpd2W6VYkCLUlphaFd/r4AKuIo/f
2IOjdhUXh8xODo54v0AUb3En0O3QapcDShIdP/fW9L2SqQ6OthjjpfEgXplDYF4S
eq3+v2PbbDBCxRZW+TSLfpv89fdNY13TSWDAASxfkoH5acWpqs+17odKtSo5oMyc
iq9TKV27hhmRmKkJJmZDyxYOBJarRA52/51FI76XhD1NSS8vGxVxkNOJMd8Fm6br
PnQCQLOc/pjgSsQwHoMiirmIuwPjIhSAd52qH4Eq+RRz+mN8vF0FAO2Z6A5N865+
tCFg7Z+QQUQb6nt3Azxpqpp3DLIJlH5HzR6AmcVnmCiovJh/aZBuApnpbCLXFGKG
eE8b+L5LV6mIj8jX14miBfkK+M+HEmFcOUSf9CAprxnM613nUqLhZGBBsAspPcEy
1PuRL3OB4o1OCLgBE/3aOkNHU702poczp41184tQwA+cjpmBfSfIvgY8zYre4sXo
lJHpq2g0NbyN5RtsX43tMEBUcqMu5TMBcxFZWU9scN26I5IpmCsrglzjN7TbWCzN
myyb9XLVQ+FyNfznACiP6vG+cSbwm/21DH946DndTWfZ3zU44J8Lkj7bAh0q1wnE
FbHAKQcVCsmhHDS2w0omWfvFccRwsr+iqHcgAvr5xvoEzwSsxQF30nBtF8OLm5wn
Lmd5JGsVf//wil+3KsDTb12d0AkI2T7OrwAO7qxvLYgjBnhxc1juIt8f1+NZc5gJ
bKXeK7ig9mnTR48ZRFa1WkKvzu3M6ocsAsGjPWFn/TsbDqgXmekYj4DjX5TpVfPh
d0dsqqyjxG3YKlePMw/S6jqpblaGopdO1RtEUj8v
=========Attention!!!=========
Also your private data was downloaded. We will publish it in case you will not get in touch with us asap.
==============================
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
