Top | About | Payment | Contact | Decryption | FAQ | Translator 116 files on your machine have been encrypted! Your PERSONAL ID: bbade731b4a2cc2d6482baba ::> How important are your files to you? Read this document for information on what happened and how to recover your files again. [+] 1 - ABOUT "Albabat Ransomware" [+] The "Albabat Ransomware" is a cross-platform ransomware that encrypts various files important to the USER on computer storage disks using symmetric encryption algorithm with military-grade identification. The "Albabat Ransomware" will automatically create a folder called "Albabat" in your machine's user directory, but precisely in: "C:\Users\Admin\Albabat\". IT IS RECOMMENDED to make a BACKUP of the ENTIRE "C:\Users\Admin\Albabat\" folder, as it contains important files for recovering your files, which will be explained later in this document about each of them. This folder also contains these same note documents, in: "C:\Users\Admin\Albabat\readme\README.html". - 1.1 - THE KEY TO CRYPTOGRAPHY Your files were encrypted with a KEY that was stored in the file "Albabat.ekey". Present in the "C:\Users\Admin\Albabat\" directory. However, this KEY was also ENCRYPTED with a PUBLIC KEY (asymmetric encryption), which means that it requires a PRIVATE KEY to be decrypted, and only I (tH3_CyberXY) have the PRIVATE KEY to perform this decryption, so that you can use the KEY "Albabat.key" in recovering your files. There is no way to decrypt your files without my data decryption service. There is no way to decrypt the files without decrypting the "Albabat.ekey" key. Don't delete, don't rename, don't lose the "Albabat.ekey" key. - 1.2 - YOUR PERSONAL ID Just like "Albabat.ekey", the PERSONAL ID is important in the process of decrypting your files, which will be used in the decryptor, which will be discussed later in the "DECRYPTION PROCESS" section. This number maintains a unique identity in your machine's encryption process. In addition to being informed in this document, your PERSONAL ID will also be printed in the "personal_id.txt" file in "C:\Users\Admin\Albabat\". Do not lose your PERSONAL ID, just as you should NOT lose the "Albabat.ekey" key. - 1.3 - THE ENCRYPTION PROCESS Encrypted files have the extension ".abbt". Don't try to rename it, it won't work. On the contrary, you may corrupt your files. The size of the files that the "Albabat Ransomware" encrypts is a maximum of 5 Megabytes (MB). The "Albabat Ransomware" randomly recursively traverses all directories it does not belong to the operation of the Operating System. Encrypts files in the user directory, even database locations and drives mounted on the machine if any. The "Albabat Ransomware" only encrypts files that are relevant. The Operating System and binary files will be intact. We didn't choose that. The "Albabat Ransomware" saves a log file named "Albabat_Logs.log" in the "C:\Users\Admin\Albabat\" directory. This file you can see all files that were encrypted by "Albabat Ransomware" in path form. [+] 2 - HOW TO CONTACT [+] These are the only ways to get in touch to recover your files. Any other form found on the internet will be fake. Contact methods: Email: [email protected] [+] 3 - PAYMENT [+] The decryption process is PAID in Bitcoin, so you need to have a Bitcoin balance on a cryptocurrency exchange or in a cryptocurrency wallet to make the deposit. You may want to read the FAQ page to know what Bitcoin is. Payment data: Bitcoin address: bc1qxsjjna67tccvf0e35e9z79d4utu3v9pg2rp7rj Amount to pay: 0,0015 BTC - To make payment and restore your files, follow these steps - (1) Write down the data to make the transfer via the Bitcoin address and the AMOUNT to pay specified above. Note: Remembering that the price of Bitcoin may vary monetarily depending on when you make the payment. (2) - Once you make the payment to the Bitcoin address above, send an email with a structure similar to this: Subject: Albabat Ransomware - I did the payment! Message: Hello, I made the payment. My BTC address where I made the payment is "xxx". The version of the "Albabat Ransomware" running on my machine was "0.3.0". Follow the attached KEY "Albabat.ekey". IMPORANT: Payment will be verifying using YOUR BTC ADDRESS ("xxx") in which the transaction was carried out, so it is IMPORTANT to inform when sending this email. It is also IMPORTANT that you send the KEY "Albabat.ekey" as an attachment, regardless of the contact method you chose. The key will be decrypted for you. You will receive in your email the KEY "Albabat.key", that is, the KEY "Albabat.ekey" decrypted, and the decryptor "decryptor.exe" attached (zipped). Albabat.key" and "decryptor.exe" within 24 hours, but it may vary by more or less depending on my availability times and the amount of demands I receive. Be patient. [+] 4 - DECRYPTION PROCESS [+] > To decrypt your files follow the steps below: (1) Place the "Albabat.key" that you received by email, inside the "C:\Users\Admin\Albabat\" directory, or, if you prefer, keep it in the same directory as "decryptor.exe". > IMPORTANT:At this point, it is very important that you close all open Explorer windows, and heavy programs, to prevent "decryptor.exe" from crashing and/or have poor performance. And also disable your ANTIVIRUS PERMANENTLY so that it does not interfere with the decryption process. (2) Run "decryptor.exe" and enter YOUR PERSONAL ID, then press ENTER. An alert message will appear informing you that the decryption started, just click Ok. Note: If you are on Linux, open a terminal and run from the command line to see the process. E.g: ./decryptor (3) Wait for the decryption completion message to be displayed in console, this may take a while depending on the quantity of files that have been encrypted and power of your machine. You can see the decryption process by I live from your files, if I have time for that. (4) After decryption is complete, all your files will be restored and the decryption log file "Albabat_Logs.log". will be created in the decryptor directory. If you have further questions, such as: "How can I be sure my files can be decrypted?", you can read the FAQ page. Copyright (c) 2021-2023 Albabat Ransomware - All Right Reserved. Maintained by: tH3_CyberXY.

Home | FAQ | Translator [+] FAQ [+] (1) - What is Bitcoin? How to get Bitcoin? A:- You can search on the internet what Bitcoin is, but in short it is a digital currency (cryptocurrency), created in a network protected by layers and layers of code, where to obtain balance from it you need to buy it at a cryptocurrency broker, or on the official Bitcoin website itself. The official Bitcoin website is bitcoin.org. By accessing the official website, you will have more information and also the possibility of purchasing your Bitcoins. (2) - How can I be sure my files can be decrypted? I like working with evidence. To do this, you can send me the key "Albabat.ekey", your PERSONAL ID, (both present in "C:\Users\Admin\Albabat\"), and an encrypted file. I will decrypt this file and take a screenshot for you as proof that I have access to decrypt your files. (3) Where do I find the software to decrypt my files? A:- The only way to decrypt files that the "Albabat Ransomware" has encrypted is with decryption software of the "Albabat Ransomware" itself. The same is called decryptor.exe. You can get the same after the payment action you take to rescue your data. (4) My encrypted files are not being found and decrypted, what do I do? A:- This can occur due to several factors, directory or file permission is one of those factors. To solve this, you can create a folder in your user's root directory, but precisely in "C:\Users\Admin", with the name "Albabat_Search", and place your encrypted files inside that folder. decryptor.exe will do a "recursive loop" through everything that is encrypted inside that folder, and will consequently decrypt everything. (5) What options for contacting you? A:- At the moment, there is only 1 (one) way to contact me, which is through my email ([email protected]), any other form of contact attributed to me offering ransom is false. (6) I have a balance in another cryptocurrency, can I use it instead of Bitcoin? A:- NO! We only accept Bitcoin as a payment method. Do not try to transfer with another cryptocurrency, you will lose your coins. (7) Can I move my encrypted files or rename them? A:- It's not recommended. If you place your encrypted files in a directory that "Albabat Ransomware" did not traverse, will not be found for decryption. You can even rename the encrypted file, but you MUST NOT change the ".abbt" extension of the files before decrypting, it is through this extension that the files will be found for decryption. (8) If I use other software to decrypt KEY Albabat.ekey and my files will it work? A:- Negative! DO NOT attempt to decrypt your files and/or the KEY Albabat.ekey with any software, as it may become corrupted and will not work, and there is a high chance that you will lose forever. There are several recovery software developers promising this, but it is not true, they do this to people buy their removal software. (9) I am unable to pay the amount, do you offer a discount? A:- We do not negotiate changes to the payment amount, DO NOT insist. The value is immutable! Also DO NOT send "PAID" to my email without paying, the price WILL go up due to disobedience and lies. For this reason, we do not include an estimated deadline for payment to be made, so you have as much time as you want. This is our greatest kindness in negotiation. (10) I lost my Albabat.ekey and/or my PERSONAL ID, is it possible to recover my files without them? A:- Unfortunately, you will not be able to recover your files if you have lost your PERSONAL ID or Albabat.ekey. Therefore, we recommend backing up the folder: C:\Users\Admin\Albabat\. Copyright (c) 2021-2023 Albabat Ransomware - All Right Reserved.

Top | About | Payment | Contact | Decryption | FAQ | Translator 156 files on your machine have been encrypted! Your PERSONAL ID: 475cb3b6a5b60f962c94c1da ::> How important are your files to you? Read this document for information on what happened and how to recover your files again. [+] 1 - ABOUT "Albabat Ransomware" [+] The "Albabat Ransomware" is a cross-platform ransomware that encrypts various files important to the USER on computer storage disks using symmetric encryption algorithm with military-grade identification. The "Albabat Ransomware" will automatically create a folder called "Albabat" in your machine's user directory, but precisely in: "C:\Users\Admin\Albabat\". IT IS RECOMMENDED to make a BACKUP of the ENTIRE "C:\Users\Admin\Albabat\" folder, as it contains important files for recovering your files, which will be explained later in this document about each of them. This folder also contains these same note documents, in: "C:\Users\Admin\Albabat\readme\README.html". - 1.1 - THE KEY TO CRYPTOGRAPHY Your files were encrypted with a KEY that was stored in the file "Albabat.ekey". Present in the "C:\Users\Admin\Albabat\" directory. However, this KEY was also ENCRYPTED with a PUBLIC KEY (asymmetric encryption), which means that it requires a PRIVATE KEY to be decrypted, and only I (tH3_CyberXY) have the PRIVATE KEY to perform this decryption, so that you can use the KEY "Albabat.key" in recovering your files. There is no way to decrypt your files without my data decryption service. There is no way to decrypt the files without decrypting the "Albabat.ekey" key. Don't delete, don't rename, don't lose the "Albabat.ekey" key. - 1.2 - YOUR PERSONAL ID Just like "Albabat.ekey", the PERSONAL ID is important in the process of decrypting your files, which will be used in the decryptor, which will be discussed later in the "DECRYPTION PROCESS" section. This number maintains a unique identity in your machine's encryption process. In addition to being informed in this document, your PERSONAL ID will also be printed in the "personal_id.txt" file in "C:\Users\Admin\Albabat\". Do not lose your PERSONAL ID, just as you should NOT lose the "Albabat.ekey" key. - 1.3 - THE ENCRYPTION PROCESS Encrypted files have the extension ".abbt". Don't try to rename it, it won't work. On the contrary, you may corrupt your files. The size of the files that the "Albabat Ransomware" encrypts is a maximum of 5 Megabytes (MB). The "Albabat Ransomware" randomly recursively traverses all directories it does not belong to the operation of the Operating System. Encrypts files in the user directory, even database locations and drives mounted on the machine if any. The "Albabat Ransomware" only encrypts files that are relevant. The Operating System and binary files will be intact. We didn't choose that. The "Albabat Ransomware" saves a log file named "Albabat_Logs.log" in the "C:\Users\Admin\Albabat\" directory. This file you can see all files that were encrypted by "Albabat Ransomware" in path form. [+] 2 - HOW TO CONTACT [+] These are the only ways to get in touch to recover your files. Any other form found on the internet will be fake. Contact methods: Email: [email protected] [+] 3 - PAYMENT [+] The decryption process is PAID in Bitcoin, so you need to have a Bitcoin balance on a cryptocurrency exchange or in a cryptocurrency wallet to make the deposit. You may want to read the FAQ page to know what Bitcoin is. Payment data: Bitcoin address: bc1qxsjjna67tccvf0e35e9z79d4utu3v9pg2rp7rj Amount to pay: 0,0015 BTC - To make payment and restore your files, follow these steps - (1) Write down the data to make the transfer via the Bitcoin address and the AMOUNT to pay specified above. Note: Remembering that the price of Bitcoin may vary monetarily depending on when you make the payment. (2) - Once you make the payment to the Bitcoin address above, send an email with a structure similar to this: Subject: Albabat Ransomware - I did the payment! Message: Hello, I made the payment. My BTC address where I made the payment is "xxx". The version of the "Albabat Ransomware" running on my machine was "0.3.0". Follow the attached KEY "Albabat.ekey". IMPORANT: Payment will be verifying using YOUR BTC ADDRESS ("xxx") in which the transaction was carried out, so it is IMPORTANT to inform when sending this email. It is also IMPORTANT that you send the KEY "Albabat.ekey" as an attachment, regardless of the contact method you chose. The key will be decrypted for you. You will receive in your email the KEY "Albabat.key", that is, the KEY "Albabat.ekey" decrypted, and the decryptor "decryptor.exe" attached (zipped). Albabat.key" and "decryptor.exe" within 24 hours, but it may vary by more or less depending on my availability times and the amount of demands I receive. Be patient. [+] 4 - DECRYPTION PROCESS [+] > To decrypt your files follow the steps below: (1) Place the "Albabat.key" that you received by email, inside the "C:\Users\Admin\Albabat\" directory, or, if you prefer, keep it in the same directory as "decryptor.exe". > IMPORTANT:At this point, it is very important that you close all open Explorer windows, and heavy programs, to prevent "decryptor.exe" from crashing and/or have poor performance. And also disable your ANTIVIRUS PERMANENTLY so that it does not interfere with the decryption process. (2) Run "decryptor.exe" and enter YOUR PERSONAL ID, then press ENTER. An alert message will appear informing you that the decryption started, just click Ok. Note: If you are on Linux, open a terminal and run from the command line to see the process. E.g: ./decryptor (3) Wait for the decryption completion message to be displayed in console, this may take a while depending on the quantity of files that have been encrypted and power of your machine. You can see the decryption process by I live from your files, if I have time for that. (4) After decryption is complete, all your files will be restored and the decryption log file "Albabat_Logs.log". will be created in the decryptor directory. If you have further questions, such as: "How can I be sure my files can be decrypted?", you can read the FAQ page. Copyright (c) 2021-2023 Albabat Ransomware - All Right Reserved. Maintained by: tH3_CyberXY.