Home | FAQ | Translator 157 files on your machine have been encrypted! [+] I - ABOUT "Albabat Ransomware" The "Albabat Ransomware" (White Bat - Translated from Latin) is a cross-platform ransomware that encrypts various files important to the USER on computer storage disks using military-grade symmetric and asymmetric encryption algorithm. [+] II - THE KEY TO CRYPTOGRAPHY [+] The "Albabat Ransomware" will automatically create a folder named "Albabat" in your user directory on your machine, but precisely in: "C:\Users\Admin\Albabat\" This folder contains the encryption KEY named "Albabat.ekey", and this same "README" file. This KEY Albabat.ekey performed the CRYPTOGRAPHY of your files, however, this KEY was also ENCRYPTED with a PUBLIC KEY (asymmetric encryption), and only I (tH3_CyberXY) have the PRIVATE KEY to decrypt the "Albabat.ekey" KEY, and thus, you use it to decrypt your files. There is no way to decrypt your files without our data decryption service. There is no way to decrypt the files without decrypting the "Albabat.ekey" key. Don't delete, don't rename, don't lose the "Albabat.ekey" key. For security reasons, we even recommend making a BACKUP of the Albabat.ekey key. [+] III - THE ENCRYPTION PROCESS [+] Encrypted files have the extension ".abbt". Don't try to rename it, it won't work. On the contrary, you may corrupt your files. The size of the files that the "Albabat Ransomware" encrypts is a maximum of 5 Megabytes (MB). The "Albabat Ransomware" randomly recursively traverses all directories it does not belong to the operation of the Operating System. Encrypts files in the user directory, even database locations and drives mounted on the machine if any. The "Albabat Ransomware" only encrypts files that are relevant. The Operating System and binary files will be intact. We didn't choose that. The "Albabat Ransomware" saves a log file named "Albabat.log" in the "C:\Users\Admin\Albabat\" directory. This file you can see all files that were encrypted by "Albabat Ransomware" in path form. [+] IV - HOW TO CONTACT US [+] These are the only ways to contact us. Any other form found on the internet will be false. Contact by: Our Email: [email protected] [+] V - PAYMENT [+] The decryption process is PAID in Bitcoin, so you need to have Bitcoin balance at a cryptocurrency broker or in a cryptocurrency wallet to make the deposit in our Bitcoin address. You may want to read the FAQ page to know what Bitcoin is. Payment data: Our Bitcoin address: bc1qxsjjna67tccvf0e35e9z79d4utu3v9pg2rp7rj Amount to pay: 0,0015 - To make payment and restore your files, follow these steps - (1) Write down the data to make the transfer through our Bitcoin address and the AMOUNT payable specified. Note: Remembering that the price of Bitcoin may vary monetarily depending on when you make the payment. (2) - As soon as you make the payment to our Bitcoin address, send us an email. An example of an email to send us: Subject: Albabat Ransomware - I did the payment! Message: Hello, I made the payment. My BTC address where I made the payment is "BTC ADDRESS". The version of the "Albabat Ransomware" running on my machine was "0.1.0". Follow the attached KEY "Albabat.ekey". IMPORANT: We will check if the payment was made using YOUR Bitcoin ADDRESS "BTC ADDRESS" in which the transaction was made, so it is IMPORTANT to inform us when sending us this email. It is also IMPORTANT to send us the KEY "Albabat.ekey" as an attachment, regardless of the form of communication you choose to use with us. We will decrypt it for you. You will receive in your email the KEY "Albabat.key", that is, the KEY "Albabat.ekey" decrypted, and the decryptor "Albabat Ransomware Decryptor" attached (zipped). Albabat.key" and the "Albabat Ransomware Decryptor" within 24 hours, but it may vary for longer or less depending on our availability hours, and the number of demands we we received. Be patient. After payment, we will send the decrypted KEY to you and o "Albabat Ransomware Decryptor", we are fair! [+] VI - DECRYPTION [+] > To decrypt your files follow the steps below: (1) Place the "Albabat.key" that you received by email, inside the "C:\Users\Admin\Albabat\" directory, or, if you prefer, keep it in the same directory as "Albabat Ransomware Decryptor". > IMPORTANT:At this point, it is very important that you close all open Explorer windows, and heavy programs, to prevent "Albabat Ransomware Decryptor" from crashing. And also disable your ANTIVIRUS PERMANENTLY so that it does not interfere with the decryption process, as disabling it for just a few minutes remains active. (2) Run "Albabat Ransomware Decryptor". An alert message will appear informing you that the decryption started, just click Ok. (3) Wait for the decryption completion message to be displayed in console, this may take a while depending on the quantity of files that have been encrypted and power of your machine. You can see the decryption process by I live from your files, if I have time for that. (4) After decryption is complete, all your files will be restored. If you have further questions, such as: "How can I be sure you will decrypt my files?", you can read the FAQ page. Copyright (c) 2021-2023 Albabat Ransomware - All Right Reserved. Maintained by: tH3_CyberXY.