General
-
Target
ransomware_notes-main.zip
-
Size
741KB
-
MD5
2eb732ec669612f3ad61590427b719c0
-
SHA1
d986fc145a3308852921efdb86e6b59bab76ff2b
-
SHA256
fc9da0643ec0f4b03a8d10349e2c243c2daa65ae749b6a960edf34da59453cac
-
SHA512
9e970ac8e572f5b7467c7ad05d39fdffe7bad750d6984dec53393665d4271cca6eae227c540dba5e39ca09cb9c90121e5d765ada4ac47fd449d803ba5f6afd38
-
SSDEEP
12288:InvDL4m7By20SeXpwvh6cSfRLF+77+chT43A8aGo2BK3rf+W7ueFi:6f4m7Bl0Se6Sf5s7WA8aoMrfhSeFi
Score
10/10
Malware Config
Extracted
Family
atomsilo
Ransom Note
Atom Slio
Instructions
WARNING! YOUR FILES ARE ENCRYPTED AND LEAKED!
We are AtomSilo.Sorry to inform you that your files has been obtained and encrypted by us.
But don’t worry, your files are safe, provided that you are willing to pay the ransom.
Any forced shutdown or attempts to restore your files with the thrid-party software will be damage your files permanently!
The only way to decrypt your files safely is to buy the special decryption software from us.
The price of decryption software is 1000000 dollars .
If you pay within 48 hours, you only need to pay 500000 dollars . No price reduction is accepted.
We only accept Bitcoin payment,you can buy it from bitpay,coinbase,binance or others.
You have five days to decide whether to pay or not. After a week, we will no longer provide decryption tools and publish your files
Time starts at 0:00 on September 11 Survival time:
You can contact us with the following email: Email:[email protected]
If this email can't be contacted, you can find the latest email address on the following website:
http://mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd.onion
If you don’t know how to open this dark web site, please follow the steps below to installation and use TorBrowser:
run your Internet browser
enter or copy the address https://www.torproject.org/download/download-easy.html.en into the address bar of your browser and press ENTER
wait for the site loading
on the site you will be offered to download TorBrowser; download and run it, follow the installation instructions, wait until the installation is completed
run TorBrowser
connect with the button "Connect" (if you use the English version)
a normal Internet browser window will be opened after the initialization
type or copy the address in this browser address bar and press ENTER
the site should be loaded; if for some reason the site is not loading wait for a moment and try again.
If you have any problems during installation or use of TorBrowser, please, visit https://www.youtube.com and type request in the search bar "Install TorBrowser Windows" and you will find a lot of training videos about TorBrowser installation and use.
Additional information:
You will find the instructions ("README-FILE-#COMPUTER#-#TIME#.hta") for restoring your files in any folder with your encrypted files.
The instructions "README-FILE-#COMPUTER#-#TIME#.hta" in the folders with your encrypted files are not viruses! The instructions "README-FILE-#COMPUTER#-#TIME#.hta" will help you to decrypt your files.
Remember! The worst situation already happened and now the future of your files depends on your determination and speed of your actions.
Emails
Email:[email protected]
URLs
http://mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd.onion
Extracted
Ransom Note
YOUR WHOLE NETWORK HAS BEEN PENETRATED BY Black Hunt !
We also have uploaded your sensitive data, which we Will leak or sell in case of no cooperation!
Restore your data possible only buying private key from us
ATTENTION
remember, there are many middle man services out there pretending that they can recover or decrypt your files , whom neither will contact us or scam you, Remember we are first and last solution for your files otherwise you will only waste money and time
trying to decrypt your files without our decryptor and through third party softwares will make your files completely useless, there is no third party decryptor since we are the only key holders
we have uploaded many critical data and information from your machines , we won't leak or sell any of them in Case of successful Corporation, however if we don't hear from you in 14 days we will either sell or leak your data in many forums
Remain all of your files untouched, do not change their name, extension and...
CONTACT US
Your system is offline. in order to contact us you can email this address [email protected] this ID ( [snip] ) for the title of your email.
If you weren't able to contact us whitin 24 hours please email: [email protected] , TELEGRAM : @tokyosupp
Check your data situation in http://sdjf982lkjsdvcjlksaf2kjhlksvvnktyoiasuc92lf.onion
URLs
http://sdjf982lkjsdvcjlksaf2kjhlksvvnktyoiasuc92lf.onion
Extracted
Ransom Note
\r\n
YOUR FILES ARE ENCRYPTED
Your PC security is at risk
All your files were encrypted and importantdatea was copied to our storage
If you do not need your files, then the rivate {key will be deleted within 5 ays,
If you wantdto restore files and eturn; importantdatea,
ID of your personal operator
If the Operator did not respond within 24hours) or encuntdered any rioblem then send an mainl to our support
In the eader {of the letder, ndircte {your ID and attach 2-3 ndfected files for the decrypton dool
Files sourld not have importantdnfo rmaion and sourld not exceed the ize:{of more than 5 MB
As our guarantees, we will eturn; your files restored
Atdenion ! Do not rename encrypted files.
Do not ty too decrypt your atea using third prt.y software, nt may cause permanentdatea loss.
Decrypton dof your files with the ealp{of third prt.ies may cause increased rivce (they add their fee to our) or you can becom pl victim{of a scam.
:::
<
Extracted
Ransom Note
All Your Important Files Have Been Encrypted
NOTE
We have also taken your critical documents and files from different parts
of your network, which we will leak or sell if there is no cooperation from your side.
Our operators have been monitoring your business for a while, when we say these documents are critical, we mean it.
We await for your response before the deadline ends, After that we will continue the process of leaking or selling your documents.
We assure you that this won't happen if you cooperate with us.
CONTACT US
For more instructions, to save your files and your business, contact us by :
Email address : [email protected] , TELEGRAM:@tokyosupp
didn't get any response in 24 hours ? use : [email protected]
Leave subject as your machine id " [snip] "
If you didn't get any respond within 72 hours use our blog to contact us, therefore we can create another way for you to contact your cryptor as soon as possible.
http://s2wk77h653qn54csf4gp52orhem4y72dgxsquxulf255pcymazeepbyd.onion/
ATTENTION Do not rename or change info of any file, in case of any changes in files after encryption there is a huge risk for making it unusable
Do not pay any amount of money before receiving decrypted test files
there might be many middle man services out there whom will contact us for your case and they will make a profit
by adding a sort of money to the fixed price
any attempts for decrypting your files through third party softwares will cause permanent damage to following files and permanent data loss
there will be a deadline until your data get sold or leaked by our team,you better corporate with us
before the following deadline otherwise we will proceed to sell or leak your data without any past warnings
URLs
http://s2wk77h653qn54csf4gp52orhem4y72dgxsquxulf255pcymazeepbyd.onion/
Extracted
Ransom Note
All Your Important Files Have Been Encrypted
NOTE
We have also taken your critical documents and files from different parts
of your network, which we will leak or sell if there is no cooperation from your side.
Our operators have been monitoring your business for a while, when we say these documents are critical, we mean it.
We await for your response before the deadline ends, After that we will continue the process of leaking or selling your documents.
We assure you that this won't happen if you cooperate with us.
CONTACT US
For more instructions, to save your files and your business, contact us by :
Email address : [email protected]
didn't get any response in 24 hours ? use : [email protected]
Leave subject as your machine id " [snip] "
If you didn't get any respond within 72 hours use our Tor blog to contact us, therefore we can create another way for you to contact your cryptor as soon as possible.
http://o6pi3u67zyag73ligtsupin5rjkxpfrbofwoxnhimpgpfttxqu7lsuyd.onion
ATTENTION Do not rename or change info of any file, in case of any changes in files after encryption there is a huge risk for making it unusable
Do not pay any amount of money before receiving decrypted test files
there might be many middle man services out there whom will contact us for your case and they will make a profit
by adding a sort of money to the fixed price
any attempts for decrypting your files through third party softwares will cause permanent damage to following files and permanent data loss
there will be a deadline until your data get sold or leaked by our team,you better corporate with us
before the following deadline otherwise we will proceed to sell or leak your data without any past warnings
URLs
http://o6pi3u67zyag73ligtsupin5rjkxpfrbofwoxnhimpgpfttxqu7lsuyd.onion
Signatures
-
Atomsilo family
Files
-
ransomware_notes-main.zip
-
ransomware_notes-main/3am/RECOVER-FILES.txt
-
ransomware_notes-main/8base/8base_note.txt
-
ransomware_notes-main/LICENSE
-
ransomware_notes-main/README.md
-
ransomware_notes-main/abysslocker/WhatHappened.txt
-
ransomware_notes-main/abysslocker/[victim]-[encrypted_file].README_TO_RESTORE
-
ransomware_notes-main/akira/akira_readme.txt
-
ransomware_notes-main/alphv/JX34qQm7.txt
-
ransomware_notes-main/alphv/alphv1.txt
-
ransomware_notes-main/alphv/alphv2.txt
-
ransomware_notes-main/alphv/alphv3.txt
-
ransomware_notes-main/atomsilo/atomsilo.hta
-
ransomware_notes-main/avaddon/avaddon.txt
-
ransomware_notes-main/avoslocker/avoslocker.txt
-
ransomware_notes-main/azov/RESTORE_FILES.txt
-
ransomware_notes-main/beast/readme.txt
-
ransomware_notes-main/bianlian/Look at this instruction.txt
-
ransomware_notes-main/biglock/biglock.txt
-
ransomware_notes-main/bitpaymer/bitpaymer_v1.txt
-
ransomware_notes-main/bitpaymer/bitpaymer_v2.txt
-
ransomware_notes-main/bitransomware/bitransomware.txt
-
ransomware_notes-main/blackbasta/blackbasta1.txt
-
ransomware_notes-main/blackbasta/blackbasta2.txt
-
ransomware_notes-main/blackbasta/blackbasta3.txt
-
ransomware_notes-main/blackbasta/blackbasta4.txt
-
ransomware_notes-main/blackbasta/instructions_read_me.txt
-
ransomware_notes-main/blackbyte/BB_Readme.txt
-
ransomware_notes-main/blackbyte/BB_Readme2.txt
-
ransomware_notes-main/blackbyte/BB_Readme_[rand].txt
-
ransomware_notes-main/blackbyte/blackbyte_v2.txt
-
ransomware_notes-main/blackhunt/#BlackHunt_ReadMe.html
-
ransomware_notes-main/blackmatter/blackmatter.txt
-
ransomware_notes-main/blacksnake/UNLOCK_MY_FILES.txt
-
ransomware_notes-main/blacksuit/README.BlackSuit.txt
-
ransomware_notes-main/bluesky/bluesky.txt
-
ransomware_notes-main/braincipher/How To Restore Your Files.txt
-
ransomware_notes-main/braincipher/[id].README.txt
-
ransomware_notes-main/cactus/cAcTuS.readme.txt
-
ransomware_notes-main/cactus/cAcTuS.readme_2.txt
-
ransomware_notes-main/cactus/cAcTuS.readme_3.txt
-
ransomware_notes-main/cactus/cAcTuS.readme_4.txt
-
ransomware_notes-main/cactus/cAcTuS.readme_5.txt
-
ransomware_notes-main/cartel/cartel.txt
-
ransomware_notes-main/cerber/_READ_THIS_FILE_HBE8_.txt
-
ransomware_notes-main/cerber/cerber.txt
-
ransomware_notes-main/cerber/crbr.txt
-
ransomware_notes-main/cerber/read-me3.txt
-
ransomware_notes-main/chilelocker/readme_for_unlock.txt
-
ransomware_notes-main/chilelocker/readme_for_unlock_2.txt
-
ransomware_notes-main/chilelocker/readme_for_unlock_3.txt
-
ransomware_notes-main/cloak/readme_for_unlock.txt
-
ransomware_notes-main/clop/AAA_READ_AAA.TXT
-
ransomware_notes-main/clop/clop1.txt
-
ransomware_notes-main/clop/clop2.txt
-
ransomware_notes-main/conti/conti1.txt
-
ransomware_notes-main/conti/conti2.txt
-
ransomware_notes-main/conti/conti3.txt
-
ransomware_notes-main/conti/conti4.txt
-
ransomware_notes-main/cryptnet/RESTORE-FILES-Q7ILknn7k.txt
-
ransomware_notes-main/cryptomix/cryptomix.txt
-
ransomware_notes-main/cryptxxx/!Recovery_[rand].txt
-
ransomware_notes-main/crytox/crytox.hta
-
ransomware_notes-main/ransomexx/notext.txt
-
ransomware_notes-main/ransomexx/ransomexx1.txt
-
ransomware_notes-main/ransomexx/ransomexx2.txt
-
ransomware_notes-main/ransomhouse/Restore Your Files.txt
-
ransomware_notes-main/ransomhouse/White_Rabbit.txt
-
ransomware_notes-main/ransomhub/readme_[id].txt
-
ransomware_notes-main/ransomhub/readme_[id]_2.txt
-
ransomware_notes-main/ransomhub/readme_[id]_3.txt
-
ransomware_notes-main/ranzy/ranzy.txt
-
ransomware_notes-main/raworld/Data breach warning.txt
-
ransomware_notes-main/redalert/redalert.txt
-
ransomware_notes-main/relic/UNLOCK_FILES.[hex_chars].HTML
-
ransomware_notes-main/revil/revil1.txt
-
ransomware_notes-main/revil/revil2.txt
-
ransomware_notes-main/revil/revil3.txt
-
ransomware_notes-main/rhysida/CriticalBreachDetected.txt
-
ransomware_notes-main/risen/Risen_Guide.hta
-
ransomware_notes-main/risen/Risen_Guide2.hta
-
ransomware_notes-main/risen/Risen_Note.txt
-
ransomware_notes-main/rook/rook.txt
-
ransomware_notes-main/royal/royal.txt
-
ransomware_notes-main/rtmlocker/How To Restore Your Files.txt
-
ransomware_notes-main/ryuk/ryuk.txt
-
ransomware_notes-main/scarecrow/readme.txt
-
ransomware_notes-main/schoolboys/schoolboys.txt
-
ransomware_notes-main/sensayq/[id].README.txt
-
ransomware_notes-main/shadow/[rand].README.txt
-
ransomware_notes-main/slug/excel error.txt
-
ransomware_notes-main/snatch/snatch.txt
-
ransomware_notes-main/stop/stop.txt
-
ransomware_notes-main/sugar/sugar.txt
-
ransomware_notes-main/suncrypt/suncrypt.html
-
ransomware_notes-main/synapse/[id].README.txt
-
ransomware_notes-main/teslacrypt/teslacrypt.txt
-
ransomware_notes-main/trigona/how_to_decrypt.hta
-
ransomware_notes-main/u-bomb/RECOVERY_INSTRUCTIONS.txt
-
ransomware_notes-main/underground/!!readme!!!.txt
-
ransomware_notes-main/vicesociety/vicesociety.txt
-
ransomware_notes-main/vohuk/R3ADM3.txt
-
ransomware_notes-main/wastedlocker/wastedlocker.txt
-
ransomware_notes-main/xorist/xorist.txt
-
ransomware_notes-main/yanluowang/yanluowang.txt
-
ransomware_notes-main/zeon/zeon.txt