blackcat

General

Target

https://bazaar.abuse.ch/sample/c50bca08a8e80850ec18d258ff937b7b72a500d9027c730c86b05aa73c938b5d/
Sample

230505-kgwf7sah9w

Score

10^/10

Family

blackcat

Credentials

Attributes

enable_network_discovery
true
enable_self_propagation
true
enable_set_wallpaper
true
extension
hat2gck
note_file_name
RECOVER-${EXTENSION}-FILES.txt
note_full_text
----Welcome to the Black Cat Ransomware----- Failure to contact us, will result in higher costs at every level for you. And all you / your customers files. >> What happened? Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your network was DOWNLOADED. If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly. Data includes: -Customers financial info -Your financial info with LLoyds and any other banks. -Invoices. -All the emails database - Employees personal data, CVs, DL, SSN. - Complete network map including credentials for local and remote services. - Private financial information including: clients data, bills, budgets, annual reports, bank statements. >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://cmzh4nkisvkvyxc6o25ympbq52xphnexikkto5fyx52saaaxfv7piuyd.onion/?access-key=${ACCESS_KEY}

rsa_pubkey.plain