All of your files are encrypted!
Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome. Again. ===---
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension {EXT}.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
=========Attention!!!=========
Also your private data was downloaded. We will publish it in case you will not get in touch with us asap.
==============================
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/{UID}
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
{KEY}
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
sub
7114
svc
Telemetryserver
"Sophos AutoUpdate Service"
sophos
Altaro.Agent.exe
mysqld
MSSQL$MSGPMR
"SophosFIM"
"Sophos Web Control Service"
SQLWriter
svcGenericHost
AltiBack
"SQLServer Analysis Services (MSSQLSERVER)"
BackupExecAgentAccelerator
"StorageCraft ImageReady"
SQLTELEMETRY
AzureADConnectAuthenticationAgent
ntrtscan
ds_notifier
TeamViewer
"StorageCraft Raw Agent"
"StorageCraft Shadow Copy Provider"
SQLTELEMETRY$SQLEXPRESS
VeeamHvIntegrationSvc
AltiCTProxy
MsDtsServer130
ViprePPLSvc
McAfeeFramework
MSSQL$QM
"swi_service"
"ThreadLocker"
ofcservice
AUService
sophossps
AzureADConnectHealthSyncMonitor
Altaro.OffsiteServer.UI.Service.exe
"SAVAdminService"
ds_monitor
ALTIVRM
SSASTELEMETRY
TmCCSF
MsDtsServer110
"Sophos MCS Client"
TMBMServer
SBAMSvc
mfewc
"Sophos System Protection Service"
MSSQLFDLauncher$TESTBACKUP02DEV
VeeamDeploymentService
masvc
backup
MSSQL$SQLEXPRESS
AltiPhoneServ
MSSQLServerOLAPService
SSISTELEMETRY130
VeeamEndpointBackupSvc
mepocs
Altaro.UI.Service.exe
"ds_agent"
HuntressUpdater
MSSQLFDLauncher
"Sophos File Scanner Service"
SQLAgent$MSGPMR
ADSync
KaseyaAgent
ReportServer
MSSQLFDLauncher$SQLEXPRESS
MSSQL$HPWJA
KaseyaAgentEndpoint
VeeamTransportSvc
"ds_monitor"
mfevtp
MSSQLTESTBACKUP02DEV
SQLTELEMETRY$MSGPMR
ThreadLocker
MSSQLServerADHelper100
veeam
tmlisten
AzureADConnectHealthSyncInsights
"swi_filter"
MsDtsServer120
ProtectedStorage
VeeamDeploySvc
memtas
ds_agent
VeeamMountSvc
HuntressAgent
SQLAgent$SQLEXPRESS
bedbg
MSSQLSERVER
"ofcservice"
VipreAAPSvc
"Sophos Endpoint Defense Service"
KACHIPS906995744173948
DsSvc
MSSQLLaunchpad$SQLEXPRESS
msseces
macmnsvc
LTService
Code42Service
Altaro.HyperV.WAN.RemoteService.exe
LTSvcMon
MSSQL$SQLEXPRESSADV
"SAVService"
Altaro.OffsiteServer.Service.exe
"Sage 100cloud Advanced 2020 (9920)"
Altaro.SubAgent.exe
mfemms
"TeamViewer"
"SQLServer Reporting Services (MSSQLSERVER)"
VSS
sql
Altaro.SubAgent.N2.exe
"SQLServer Integration Services 12.0"
SQLSERVERAGENT
vss
"Sophos Safestore Service"
klnagent
"Sage.NA.AT_AU.Service"
MBAMService
"Sophos Health Service"
SQLBrowser
MySQL
"ProtectedStorage"
"Sophos Clean Service"
"Sage 100c Advanced 2017 (9917)"
"SntpService"
VeeamNFSSvc
KAVFS
SQLEXPRESSADV
KAENDCHIPS906995744173948
sppsvc
Amsp
psqlWGE
Microsoft.exchange.store.worker.exe
kavfsscs
"Amsp"
sqlservr
Altaro.DedupService.exe
svc$
"ds_notifier"
"Sophos Device Control Service"
AzureADConnectAgentUpdater
AltiFTPUploader
"Sophos MCS Agent"
Extracted
Path
C:\Users\a9f2d8a54u-readme.txt
Family
sodinokibi
Ransom Note
---=== Welcome. Again. ===---
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension a9f2d8a54u.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
=========Attention!!!=========
Also your private data was downloaded. We will publish it in case you will not get in touch with us asap.
==============================
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/D9D50C834EE04FEA
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decoder.re/D9D50C834EE04FEA
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
fJgT/31RMrfE5nHySBiqH9mynllzE0mB+rHzXFu7OH4OdpYqEj8D8D5P0TK4LXJD
VGxnbaybfgHjmvjUBQ/OBtCbI+bcdDzmiOm6AQyxgTZ/AhDjPBZrCRDVVO+SxJNo
j4WZkY+JFui4P5H/JhBMhI60CtFkGAFwiMLMkizdZQwe52Z6wk3oV3WtkKkhUZ8t
uiBx3GS/9t0x0JYiwY0i1M37Si0ScZdkCPhFIXZKEPGQBR2XlHh9uoARFx+lDQw7
6ARlxVtAn1HYGxkWHAij/mx14jqlWI7DY1Txpra0pBt8A5QZ06s+suF5z2FljKuC
k+cSLRsllB9dxqrXYpgZq+GIzJEqtqhts8HIYhAcUBNmy4TO5rXuXpFozBM7ruru
HvmaLr804ssKST/jCAWRdWwd9uwOGUV5JMSGj3lwnadqpf6ejqLVr6+VytfdzdzO
qbU19NW0KEoa2PxQqKraCWkQ8KBqETFZdDQ6TwmxWvvWZHCb8kKcZY7vdZ3cqvQ4
WGEBkuQ74l3jSC+fKsFyCpmvWHtD0H/rbSdV46I/9beiMx3391F6mUOU/1tMUaZu
HMI61CiNQkVAVG/lKz55GftFgKbK24LFdM997ZEHUMrXJJceob1dLPVB8jWYXRdr
jVOY07mugis2CNVT/GCikYstmfE1JNIBgvmJH1XlMmKUJwADXpRfU0h9wKqTQK4O
mTMk+27ENLqW3LrPkffHr9EyGNKtzezHwcnEmqkfnE9RYn6KHe4B7BOV6cVj3vZ1
iWpFeYjiokkEeyrIqfrk5DPqlAB4J1sHRJdWdlrj/MrMDbg5WT021hrpXFxvmRPv
e+zx/k/tQUg2ZF4wYMSu0TXr5xQdRCFNHflHhmkVLmzSG69f2ZxttrKkesud1iCG
olodOyYtVMRWIIwKEAZqBgmLcip4HDZgMl16N1doW+VMzLBU2t4D9dQNTUyQDqbY
ME5/LOIwJdrjKrK8jQMEiilOkM9pK91YeD9XUBCszmIO1VWuTInJW3j/tiOCUO5P
lPWdy4V1aKNV0K5Rf7QQulpz0UK7WOHkOI0ZfhdW5Bst4R7EcZFDZSSvOPGxE0AB
fdUQR0lil2JziT1NV80KChLj6wC1TI1VP6DEaNj14oBr5tvLm0YMGk9hphOdqwQE
ghuJbXcgKz4JBhCslCQzN92yXTx/uxKwWTiLfLAuqcCr/w4hKFKU6JSJmuL56XNO
S/MLB5kUhS/52rsOBrDfdnmL/4fjuBiE7h7Pj//D2SK/sUV6KcsBGaZ5YopfzBPu
lEZuhry66qrIxV6jrdddSbXb+/FSilbyiJKEGxyCmy7tW0yPQB43QaGGOFtJX1Y/
VQ/hIkRj2kUkYVzf43eNidwNag46NROXI1eVxnOC
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
