Overview

overview

10

Static

static

10

ransomware...in.zip

windows11-21h2-x64

1

Resubmissions

20-07-2024 20:44

240720-zh94bawhjc 10

20-07-2024 20:42

240720-zg78bswgrf 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ransomware_notes-main.zip

  • Size

    741KB

  • MD5

    96aa10f49edd9a7ccb2a95fe1d70ec43

  • SHA1

    4d049d508c9797e2b8fd2dd21d54f865fa5da7eb

  • SHA256

    3404fd569d0704f96ae32f8deb46a557b84c17a549e7878d68b0958c09d5f7f0

  • SHA512

    db0faa39d6281ecd35549cf449e486303c4ac9828784c876391761cb8c149d1f3060756afac987c4bf7030d22fff15c07440323fd6e6b6116c1dda7d01a8ad04

  • SSDEEP

    12288:InvyL4m7By20SeXpwvh6cSfRLF+77+chT43A8aGo2BK3rfHW7ueFi:6G4m7Bl0Se6Sf5s7WA8aoMrf2SeFi

Score
10/10
ransomwareatomsilomedusalockerquantum

Malware Config

Extracted

Family

atomsilo

Ransom Note
Atom Slio Instructions WARNING! YOUR FILES ARE ENCRYPTED AND LEAKED! We are AtomSilo.Sorry to inform you that your files has been obtained and encrypted by us. But don’t worry, your files are safe, provided that you are willing to pay the ransom. Any forced shutdown or attempts to restore your files with the thrid-party software will be damage your files permanently! The only way to decrypt your files safely is to buy the special decryption software from us. The price of decryption software is 1000000 dollars . If you pay within 48 hours, you only need to pay 500000 dollars . No price reduction is accepted. We only accept Bitcoin payment,you can buy it from bitpay,coinbase,binance or others. You have five days to decide whether to pay or not. After a week, we will no longer provide decryption tools and publish your files Time starts at 0:00 on September 11 Survival time: You can contact us with the following email: Email:[email protected] If this email can't be contacted, you can find the latest email address on the following website: http://mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd.onion If you don’t know how to open this dark web site, please follow the steps below to installation and use TorBrowser: run your Internet browser enter or copy the address https://www.torproject.org/download/download-easy.html.en into the address bar of your browser and press ENTER wait for the site loading on the site you will be offered to download TorBrowser; download and run it, follow the installation instructions, wait until the installation is completed run TorBrowser connect with the button "Connect" (if you use the English version) a normal Internet browser window will be opened after the initialization type or copy the address in this browser address bar and press ENTER the site should be loaded; if for some reason the site is not loading wait for a moment and try again. If you have any problems during installation or use of TorBrowser, please, visit https://www.youtube.com and type request in the search bar "Install TorBrowser Windows" and you will find a lot of training videos about TorBrowser installation and use. Additional information: You will find the instructions ("README-FILE-#COMPUTER#-#TIME#.hta") for restoring your files in any folder with your encrypted files. The instructions "README-FILE-#COMPUTER#-#TIME#.hta" in the folders with your encrypted files are not viruses! The instructions "README-FILE-#COMPUTER#-#TIME#.hta" will help you to decrypt your files. Remember! The worst situation already happened and now the future of your files depends on your determination and speed of your actions.
Emails
URLs

http://mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd.onion

Extracted

Ransom Note
YOUR WHOLE NETWORK HAS BEEN PENETRATED BY Black Hunt ! We also have uploaded your sensitive data, which we Will leak or sell in case of no cooperation! Restore your data possible only buying private key from us ATTENTION remember, there are many middle man services out there pretending that they can recover or decrypt your files , whom neither will contact us or scam you, Remember we are first and last solution for your files otherwise you will only waste money and time trying to decrypt your files without our decryptor and through third party softwares will make your files completely useless, there is no third party decryptor since we are the only key holders we have uploaded many critical data and information from your machines , we won't leak or sell any of them in Case of successful Corporation, however if we don't hear from you in 14 days we will either sell or leak your data in many forums Remain all of your files untouched, do not change their name, extension and... CONTACT US Your system is offline. in order to contact us you can email this address [email protected] this ID ( [snip] ) for the title of your email. If you weren't able to contact us whitin 24 hours please email: [email protected] , TELEGRAM : @tokyosupp Check your data situation in http://sdjf982lkjsdvcjlksaf2kjhlksvvnktyoiasuc92lf.onion
URLs

http://sdjf982lkjsdvcjlksaf2kjhlksvvnktyoiasuc92lf.onion

Extracted

Ransom Note
\r\n YOUR FILES ARE ENCRYPTED Your PC security is at risk All your files were encrypted and important data was copied to our storage If you do not need your files, then the private key will be deleted within 5 days If you want to restore files and return important data, application, contact the operator and enter YOUR ID ID of your personal operator If the Operator did not respond within 24 hours or encountered any problem then send an email to our support In the header of the letter, indicate your ID and attach 2-3 infected files for the decryption tool Files should not have important information and should not exceed the size of more than 5 MB As our guarantees, we will return your files restored Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. :::

Extracted

Ransom Note
Pwned by DAGON LOCKER All your data is encrypted on all IT systems. Your data including financial, customer, partner contracts and employees has been exfiltrated to our internal servers. You either get in touch with us or get famouse as a company with a large data leak. There is no way to decrypt your files manually unless we provide a special decryption tool. Get your copy of Tor browser and CONTACT US

Extracted

Ransom Note
How to Restore Your Files We hacked your company successfully All files have been stolen and encrypted by us If you want to restore files or avoid file leaks, please send 2.0781 bitcoins to the wallet 1PAFdD9fwqRWG4VcCGuY27VTW8xPZmuF1D If money is received, encryption key will be available on TOX_ID: D6C324719AD0AA50A54E4F8DED8E8220D8698DD67B218B5429466C40E7F72657C015D86C7E4A Send money within 3 days, otherwise we will expose some data and raise the price Don't try to decrypt important files, it may damage your files Don't trust who can decrypt, they are liars, no one can decrypt without key file If you don't send bitcoins, we will notify your customers of the data breach by email and text message And sell your data to your opponents or criminals, data may be made release SSH is turned on Firewall is disabled
Wallets

1PAFdD9fwqRWG4VcCGuY27VTW8xPZmuF1D

Extracted

Ransom Note
.sz40 [+] What happened? [+] All your files are downloaded. We usually encrypt all company files. But your company saves lives and we just download all your data include private medical data. [+] What we gonna do? [+] We will publish all the contents of your company on our site includes all your confidential medical history, employers infromation, documentation, catalogs, reports, configs, mail, database's, invoice's, signature's etc. After deadline we'll send all information to your client's and mass media too. [+] How to prevent this? [+] Visit our web-site and follow the instructions on it. [+] What guarantees? [+] It's just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. It's not in our interests. If you will not cooperate with our service - for us, it's does not matter. After deadline we'll publish all the contents of your company to site and will send all information to your client's and mass media. You will lose your time, data and reputation. [+] How to get access on website and contact us? [+] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open a website specially designed for you: http://lorenzezzwvtk3y24wfph4jpho27grrctqvf6yvld7256rnoz7yg2eid.onion When you open our website, put the following data in the input form: Company Key: [snip] c) Check our website with leaks: http://lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd.onion
URLs

http://lorenzezzwvtk3y24wfph4jpho27grrctqvf6yvld7256rnoz7yg2eid.onion

http://lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd.onion

Extracted

Family

medusalocker

Ransom Note
Your personal ID: [snip] /!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\ All your important files have been encrypted! Your files are safe! Only modified. (RSA+AES) ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE WILL PERMANENTLY CORRUPT IT. DO NOT MODIFY ENCRYPTED FILES. DO NOT RENAME ENCRYPTED FILES. No software available on internet can help you. We are the only ones able to solve your problem. We gathered highly confidential/personal data. These data are currently stored on a private server. This server will be immediately destroyed after your payment. If you decide to not pay, we will release your data to public or re-seller. So you can expect your data to be publicly available in the near future.. We only seek money and our goal is not to damage your reputation or prevent your business from running. You will can send us 2-3 non-important files and we will decrypt it for free to prove we are able to give your files back. Contact us for price and get decryption software. qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion * Note that this server is available via Tor browser only Follow the instructions to open the link: 1. Type the addres "https://www.torproject.org" in your Internet browser. It opens the Tor site. 2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it. 3. Now you have Tor browser. In the Tor Browser open qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion 4. Start a chat and follow the further instructions. If you can not use the above link, use the email: [email protected] [email protected] * To contact us, create a new free email account on the site: protonmail.com IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.

Extracted

Family

quantum

Ransom Note
Your ID: This message contains an information how to fix the troubles you've got with your network. Files on the workstations in your network were encrypted and any your attempt to change, decrypt or rename them could destroy the content. The only way to get files back is a decryption with Key, provided by the Quantum Locker. During the period your network was under our control, we downloaded a huge volume of information. Now it is stored on our servers with high-secure access. This information contains a lot of sensitive, private and personal data. Publishing of such data will cause serious consequences and even business disruption. It's not a threat, on the contrary - it's a manual how to get a way out. Quantum team doesn't aim to damage your company, our goals are only financial. After a payment you'll get network decryption, full destruction of downloaded data, information about your network vulnerabilities and penetration points. If you decide not to negotiate, in 48 hours the fact of the attack and all your information will be posted on our site and will be promoted among dozens of cyber forums, news agencies, websites etc. To contact our support and start the negotiations, please visit our support chat. It is simple, secure and you can set a password to avoid intervention of unauthorised persons. http://wxxp3rny7w3j6gkel56iomdw2ztfzqxlsdw3fyezrnohgh767bau6dqd.onion/?cid=[snip] Password field should be blank for the first login. Note that this server is available via Tor browser only. P.S. How to get TOR browser - see at https://www.torproject.org
URLs

http://wxxp3rny7w3j6gkel56iomdw2ztfzqxlsdw3fyezrnohgh767bau6dqd.onion/?cid=[snip]

Extracted

Ransom Note
All Your Important Files Have Been Encrypted NOTE We have also taken your critical documents and files from different parts of your network, which we will leak or sell if there is no cooperation from your side. Our operators have been monitoring your business for a while, when we say these documents are critical, we mean it. We await for your response before the deadline ends, After that we will continue the process of leaking or selling your documents. We assure you that this won't happen if you cooperate with us. CONTACT US For more instructions, to save your files and your business, contact us by : Email address : [email protected] , TELEGRAM:@tokyosupp didn't get any response in 24 hours ? use : [email protected] Leave subject as your machine id " [snip] " If you didn't get any respond within 72 hours use our blog to contact us, therefore we can create another way for you to contact your cryptor as soon as possible. http://s2wk77h653qn54csf4gp52orhem4y72dgxsquxulf255pcymazeepbyd.onion/ ATTENTION Do not rename or change info of any file, in case of any changes in files after encryption there is a huge risk for making it unusable Do not pay any amount of money before receiving decrypted test files there might be many middle man services out there whom will contact us for your case and they will make a profit by adding a sort of money to the fixed price any attempts for decrypting your files through third party softwares will cause permanent damage to following files and permanent data loss there will be a deadline until your data get sold or leaked by our team,you better corporate with us before the following deadline otherwise we will proceed to sell or leak your data without any past warnings
URLs

http://s2wk77h653qn54csf4gp52orhem4y72dgxsquxulf255pcymazeepbyd.onion/

Extracted

Ransom Note
All Your Important Files Have Been Encrypted NOTE We have also taken your critical documents and files from different parts of your network, which we will leak or sell if there is no cooperation from your side. Our operators have been monitoring your business for a while, when we say these documents are critical, we mean it. We await for your response before the deadline ends, After that we will continue the process of leaking or selling your documents. We assure you that this won't happen if you cooperate with us. CONTACT US For more instructions, to save your files and your business, contact us by : Email address : [email protected] didn't get any response in 24 hours ? use : [email protected] Leave subject as your machine id " [snip] " If you didn't get any respond within 72 hours use our Tor blog to contact us, therefore we can create another way for you to contact your cryptor as soon as possible. http://o6pi3u67zyag73ligtsupin5rjkxpfrbofwoxnhimpgpfttxqu7lsuyd.onion ATTENTION Do not rename or change info of any file, in case of any changes in files after encryption there is a huge risk for making it unusable Do not pay any amount of money before receiving decrypted test files there might be many middle man services out there whom will contact us for your case and they will make a profit by adding a sort of money to the fixed price any attempts for decrypting your files through third party softwares will cause permanent damage to following files and permanent data loss there will be a deadline until your data get sold or leaked by our team,you better corporate with us before the following deadline otherwise we will proceed to sell or leak your data without any past warnings
URLs

http://o6pi3u67zyag73ligtsupin5rjkxpfrbofwoxnhimpgpfttxqu7lsuyd.onion

Signatures

Files

  • ransomware_notes-main.zip
    .zip
  • ransomware_notes-main/3am/RECOVER-FILES.txt
  • ransomware_notes-main/8base/8base_note.txt
  • ransomware_notes-main/LICENSE
  • ransomware_notes-main/README.md
  • ransomware_notes-main/abysslocker/WhatHappened.txt
  • ransomware_notes-main/abysslocker/[victim]-[encrypted_file].README_TO_RESTORE
  • ransomware_notes-main/akira/akira_readme.txt
  • ransomware_notes-main/alphv/JX34qQm7.txt
  • ransomware_notes-main/alphv/alphv1.txt
  • ransomware_notes-main/alphv/alphv2.txt
  • ransomware_notes-main/alphv/alphv3.txt
  • ransomware_notes-main/atomsilo/atomsilo.hta
    .hta .js polyglot
  • ransomware_notes-main/avaddon/avaddon.txt
  • ransomware_notes-main/avoslocker/avoslocker.txt
  • ransomware_notes-main/azov/RESTORE_FILES.txt
  • ransomware_notes-main/beast/readme.txt
  • ransomware_notes-main/bianlian/Look at this instruction.txt
  • ransomware_notes-main/biglock/biglock.txt
  • ransomware_notes-main/bitpaymer/bitpaymer_v1.txt
  • ransomware_notes-main/bitpaymer/bitpaymer_v2.txt
  • ransomware_notes-main/bitransomware/bitransomware.txt
  • ransomware_notes-main/blackbasta/blackbasta1.txt
  • ransomware_notes-main/blackbasta/blackbasta2.txt
  • ransomware_notes-main/blackbasta/blackbasta3.txt
  • ransomware_notes-main/blackbasta/blackbasta4.txt
  • ransomware_notes-main/blackbasta/instructions_read_me.txt
  • ransomware_notes-main/blackbyte/BB_Readme.txt
  • ransomware_notes-main/blackbyte/BB_Readme2.txt
  • ransomware_notes-main/blackbyte/BB_Readme_[rand].txt
  • ransomware_notes-main/blackbyte/blackbyte_v2.txt
  • ransomware_notes-main/blackhunt/#BlackHunt_ReadMe.html
    .hta
  • ransomware_notes-main/blackmatter/blackmatter.txt
  • ransomware_notes-main/blacksnake/UNLOCK_MY_FILES.txt
  • ransomware_notes-main/blacksuit/README.BlackSuit.txt
  • ransomware_notes-main/bluesky/bluesky.txt
  • ransomware_notes-main/braincipher/How To Restore Your Files.txt
  • ransomware_notes-main/braincipher/[id].README.txt
  • ransomware_notes-main/cactus/cAcTuS.readme.txt
  • ransomware_notes-main/cactus/cAcTuS.readme_2.txt
  • ransomware_notes-main/cactus/cAcTuS.readme_3.txt
  • ransomware_notes-main/cactus/cAcTuS.readme_4.txt
  • ransomware_notes-main/cactus/cAcTuS.readme_5.txt
  • ransomware_notes-main/cartel/cartel.txt
  • ransomware_notes-main/cerber/_READ_THIS_FILE_HBE8_.txt
  • ransomware_notes-main/cerber/cerber.txt
  • ransomware_notes-main/cerber/crbr.txt
  • ransomware_notes-main/cerber/read-me3.txt
  • ransomware_notes-main/chilelocker/readme_for_unlock.txt
  • ransomware_notes-main/chilelocker/readme_for_unlock_2.txt
  • ransomware_notes-main/chilelocker/readme_for_unlock_3.txt
  • ransomware_notes-main/cloak/readme_for_unlock.txt
  • ransomware_notes-main/clop/AAA_READ_AAA.TXT
  • ransomware_notes-main/clop/clop1.txt
  • ransomware_notes-main/clop/clop2.txt
  • ransomware_notes-main/conti/conti1.txt
  • ransomware_notes-main/conti/conti2.txt
  • ransomware_notes-main/conti/conti3.txt
  • ransomware_notes-main/conti/conti4.txt
  • ransomware_notes-main/cryptnet/RESTORE-FILES-Q7ILknn7k.txt
  • ransomware_notes-main/cryptomix/cryptomix.txt
  • ransomware_notes-main/cryptxxx/!Recovery_[rand].txt
  • ransomware_notes-main/crytox/crytox.hta
    .hta .js polyglot
  • ransomware_notes-main/ctblocker/ctblocker.txt
  • ransomware_notes-main/cuba/cuba.txt
  • ransomware_notes-main/dagonlocker/dagonlocker.html
    .html
  • ransomware_notes-main/darkangels/darkangels.txt
  • ransomware_notes-main/darkbit/RECOVERY_DARKBIT.txt
  • ransomware_notes-main/darkpower/readme.pdf
    .pdf
  • ransomware_notes-main/darkside/darkside.txt
  • ransomware_notes-main/dataf/How To Restore Your Files.txt
  • ransomware_notes-main/dataleak/!!!file was stolen!!!.txt
  • ransomware_notes-main/dataleak/!!!start leak file!!!.txt
  • ransomware_notes-main/deadbydawn/README0.txt
  • ransomware_notes-main/dharma/dharma.txt
  • ransomware_notes-main/diavol/diavol1.txt
  • ransomware_notes-main/diavol/diavol2.txt
  • ransomware_notes-main/donut/d0nut.html
    .html .js polyglot
  • ransomware_notes-main/doppelpaymer/doppelpaymer1.txt
  • ransomware_notes-main/doppelpaymer/doppelpaymer2.txt
  • ransomware_notes-main/doppelpaymer/doppelpaymer3.txt
  • ransomware_notes-main/doppelpaymer/doppelpaymer4.txt
  • ransomware_notes-main/dragonforce/[rand].README.txt
  • ransomware_notes-main/ech0raix/README_FOR_DECRYPT.txtt
  • ransomware_notes-main/eldorado/HOW_RETURN_YOUR_DATA.TXT
  • ransomware_notes-main/embargo/HOW_TO_RECOVER_FILES.txt
  • ransomware_notes-main/esxiargs/How to Restore Your Files.html
    .html
  • ransomware_notes-main/fog/readme.txt
  • ransomware_notes-main/ftcode/ftcode.htm
  • ransomware_notes-main/gandcrab/RFNCW-DECRYPT.txt
  • ransomware_notes-main/gandcrab/gandcrab.txt
  • ransomware_notes-main/grief/grief.txt
  • ransomware_notes-main/gwisinlocker/gwisinlocker.txt
  • ransomware_notes-main/h0lygh0st/h0lygh0st.html
    .html
  • ransomware_notes-main/hades/hades.txt
  • ransomware_notes-main/hellokitty/[File_Name].README_TO_RESTORE
  • ransomware_notes-main/hive/HOW_TO_DECRYPT.txt
  • ransomware_notes-main/hive/hive.txt
  • ransomware_notes-main/hunters/Contact Us.txt
  • ransomware_notes-main/hunters/Contact Us2.txt
  • ransomware_notes-main/icefire/iFire-readme.txt
  • ransomware_notes-main/inc/INC-README.html
    .html
  • ransomware_notes-main/inc/INC-README.txt
  • ransomware_notes-main/inc/INC-README2.txt
  • ransomware_notes-main/inc/INC-README3.txt
  • ransomware_notes-main/inc/INC-README4.txt
  • ransomware_notes-main/jaff/ReadMe.html
    .html
  • ransomware_notes-main/karakurt/!_karakurt_READ_ME_!.txt
  • ransomware_notes-main/karakurt/alert!.txt
  • ransomware_notes-main/karma/KARMA-ENCRYPTED.txt
  • ransomware_notes-main/knight/How To Restore Your Files.txt
  • ransomware_notes-main/knight/How_To_Restore_Your_Files.txt
  • ransomware_notes-main/kuiper/README_TO_DECRYPT.txt
  • ransomware_notes-main/lapiovra/RansomNote.txt
  • ransomware_notes-main/lilith/lilith.txt
  • ransomware_notes-main/lockbit/[id].README.txt
  • ransomware_notes-main/lockbit/lockbit2.txt
  • ransomware_notes-main/lockbit/lockbit3.txt
  • ransomware_notes-main/locky/_Locky_recover_instructions.txt
  • ransomware_notes-main/lorenz/HELP_SECURITY_EVENT.html
  • ransomware_notes-main/lorenz/lorenz.txt
  • ransomware_notes-main/luckbit/readme_k.log
  • ransomware_notes-main/lv/lv.txt
  • ransomware_notes-main/magniber/magniber.txt
  • ransomware_notes-main/makop/+README-WARNING+.txt
  • ransomware_notes-main/mallox/FILE RECOVERY.txt
  • ransomware_notes-main/mallox/HOW TO BACK FILES.txt
  • ransomware_notes-main/maze/DECRYPT-FILES.txt
  • ransomware_notes-main/medusa/!!!READ_ME_MEDUSA!!!.txt
  • ransomware_notes-main/medusalocker/HOW_TO_RECOVER_DATA.html
    .html
  • ransomware_notes-main/moneymessage/money_message.txt
  • ransomware_notes-main/monti/bidon_readme.txt
  • ransomware_notes-main/monti/readme.txt
  • ransomware_notes-main/nefilim/nefilim.txt
  • ransomware_notes-main/nemty/nemty_v1.txt
  • ransomware_notes-main/nemty/nemty_v16.txt
  • ransomware_notes-main/nemty/nemty_v25.txt
  • ransomware_notes-main/netwalker/netwalker.txt
  • ransomware_notes-main/nevada/readme.txt
  • ransomware_notes-main/noescape/HOW_TO_RECOVER_FILES.txt
  • ransomware_notes-main/noescape/HOW_TO_RECOVER_FILES_no_personal_id.txt
  • ransomware_notes-main/noescape/HOW_TO_RECOVER_FILES_no_personal_id2.txt
  • ransomware_notes-main/nokoyawa/AWAYOKON-readme.txt
  • ransomware_notes-main/nokoyawa/nokoyawa.txt
  • ransomware_notes-main/noname/HOW TO RECOVER YOUR FILES.TXT
  • ransomware_notes-main/noname/HOW TO RECOVERY FILES.TXT
  • ransomware_notes-main/novagroup/[id].README.txt
  • ransomware_notes-main/phobos/phobos.txt
  • ransomware_notes-main/play/ReadMe.txt
  • ransomware_notes-main/play/play.txt
  • ransomware_notes-main/prometheus/prometheus.txt
  • ransomware_notes-main/qilin/DtMXQFOCos-RECOVER-README.txt
  • ransomware_notes-main/qilin/README-RECOVER-[rand].txt
  • ransomware_notes-main/qlocker/!!!READ_ME.txt
  • ransomware_notes-main/quantumlocker/quantumlocker.html
    .html
  • ransomware_notes-main/ragnarlocker/!_^_README_NOTES_RAGNAR_^_!.txt
  • ransomware_notes-main/ragnarlocker/ragnarlocker1.txt
  • ransomware_notes-main/ragnarok/ragnarok.txt
  • ransomware_notes-main/rancoz/HOW_TO_RECOVERY_FILES.txt
  • ransomware_notes-main/ransomexx/!_WHATS_HAPPENED_!.txt
  • ransomware_notes-main/ransomexx/!_WHY_FILES_ARE_ENCRYPTED_!.txt
  • ransomware_notes-main/ransomexx/notext.txt
  • ransomware_notes-main/ransomexx/ransomexx1.txt
  • ransomware_notes-main/ransomexx/ransomexx2.txt
  • ransomware_notes-main/ransomhouse/Restore Your Files.txt
  • ransomware_notes-main/ransomhouse/White_Rabbit.txt
  • ransomware_notes-main/ransomhub/readme_[id].txt
  • ransomware_notes-main/ransomhub/readme_[id]_2.txt
  • ransomware_notes-main/ransomhub/readme_[id]_3.txt
  • ransomware_notes-main/ranzy/ranzy.txt
  • ransomware_notes-main/raworld/Data breach warning.txt
  • ransomware_notes-main/redalert/redalert.txt
  • ransomware_notes-main/relic/UNLOCK_FILES.[hex_chars].HTML
  • ransomware_notes-main/revil/revil1.txt
  • ransomware_notes-main/revil/revil2.txt
  • ransomware_notes-main/revil/revil3.txt
  • ransomware_notes-main/rhysida/CriticalBreachDetected.txt
  • ransomware_notes-main/risen/Risen_Guide.hta
  • ransomware_notes-main/risen/Risen_Guide2.hta
  • ransomware_notes-main/risen/Risen_Note.txt
  • ransomware_notes-main/rook/rook.txt
  • ransomware_notes-main/royal/royal.txt
  • ransomware_notes-main/rtmlocker/How To Restore Your Files.txt
  • ransomware_notes-main/ryuk/ryuk.txt
  • ransomware_notes-main/scarecrow/readme.txt
  • ransomware_notes-main/schoolboys/schoolboys.txt
  • ransomware_notes-main/sensayq/[id].README.txt
  • ransomware_notes-main/shadow/[rand].README.txt
  • ransomware_notes-main/slug/excel error.txt
  • ransomware_notes-main/snatch/snatch.txt
  • ransomware_notes-main/stop/stop.txt
  • ransomware_notes-main/sugar/sugar.txt
  • ransomware_notes-main/suncrypt/suncrypt.html
    .js
  • ransomware_notes-main/synapse/[id].README.txt
  • ransomware_notes-main/teslacrypt/teslacrypt.txt
  • ransomware_notes-main/trigona/how_to_decrypt.hta
    .js
  • ransomware_notes-main/u-bomb/RECOVERY_INSTRUCTIONS.txt
  • ransomware_notes-main/underground/!!readme!!!.txt
  • ransomware_notes-main/vicesociety/vicesociety.txt
  • ransomware_notes-main/vohuk/R3ADM3.txt
  • ransomware_notes-main/wastedlocker/wastedlocker.txt
  • ransomware_notes-main/xorist/xorist.txt
  • ransomware_notes-main/yanluowang/yanluowang.txt
  • ransomware_notes-main/zeon/zeon.txt