Top | About | Payment | Contact | Decryption | FAQ | Translator 157 files on your machine have been encrypted! Your PERSONAL ID: 24cc36a2f01a38f1b0f88073 ::> How important are your files to you? Read this document for information on what happened and how to recover your files again. [+] 1 - ABOUT "Albabat Ransomware" [+] The "Albabat Ransomware" is a cross-platform ransomware that encrypts various files important to the USER on computer storage disks using symmetric encryption algorithm with military-grade identification. The "Albabat Ransomware" will automatically create a folder called "Albabat" in your machine's user directory, but precisely in: "C:\Users\Admin\Albabat\". IT IS RECOMMENDED to make a BACKUP of the ENTIRE "C:\Users\Admin\Albabat\" folder, as it contains important files for recovering your files, which will be explained later in this document about each of them. This folder also contains these same note documents, in: "C:\Users\Admin\Albabat\readme\README.html". - 1.1 - THE KEY TO CRYPTOGRAPHY Your files were encrypted with a KEY that was stored in the file "Albabat.ekey". Present in the "C:\Users\Admin\Albabat\" directory. However, this KEY was also ENCRYPTED with a PUBLIC KEY (asymmetric encryption), which means that it requires a PRIVATE KEY to be decrypted, and only I (tH3_CyberXY) have the PRIVATE KEY to perform this decryption, so that you can use the KEY "Albabat.key" in recovering your files. There is no way to decrypt your files without my data decryption service. There is no way to decrypt the files without decrypting the "Albabat.ekey" key. Don't delete, don't rename, don't lose the "Albabat.ekey" key. - 1.2 - YOUR PERSONAL ID Just like "Albabat.ekey", the PERSONAL ID is important in the process of decrypting your files, which will be used in the decryptor, which will be discussed later in the "DECRYPTION PROCESS" section. This number maintains a unique identity in your machine's encryption process. In addition to being informed in this document, your PERSONAL ID will also be printed in the "personal_id.txt" file in "C:\Users\Admin\Albabat\". Do not lose your PERSONAL ID, just as you should NOT lose the "Albabat.ekey" key. - 1.3 - THE ENCRYPTION PROCESS Encrypted files have the extension ".abbt". Don't try to rename it, it won't work. On the contrary, you may corrupt your files. The size of the files that the "Albabat Ransomware" encrypts is a maximum of 5 Megabytes (MB). The "Albabat Ransomware" randomly recursively traverses all directories it does not belong to the operation of the Operating System. Encrypts files in the user directory, even database locations and drives mounted on the machine if any. The "Albabat Ransomware" only encrypts files that are relevant. The Operating System and binary files will be intact. We didn't choose that. The "Albabat Ransomware" saves a log file named "Albabat_Logs.log" in the "C:\Users\Admin\Albabat\" directory. This file you can see all files that were encrypted by "Albabat Ransomware" in path form. [+] 2 - HOW TO CONTACT [+] These are the only ways to get in touch to recover your files. Any other form found on the internet will be fake. Contact methods: Email: [email protected] [+] 3 - PAYMENT [+] The decryption process is PAID in Bitcoin, so you need to have a Bitcoin balance on a cryptocurrency exchange or in a cryptocurrency wallet to make the deposit. You may want to read the FAQ page to know what Bitcoin is. Payment data: Bitcoin address: bc1qxsjjna67tccvf0e35e9z79d4utu3v9pg2rp7rj Amount to pay: 0,0015 BTC - To make payment and restore your files, follow these steps - (1) Write down the data to make the transfer via the Bitcoin address and the AMOUNT to pay specified above. Note: Remembering that the price of Bitcoin may vary monetarily depending on when you make the payment. (2) - Once you make the payment to the Bitcoin address above, send an email with a structure similar to this: Subject: Albabat Ransomware - I did the payment! Message: Hello, I made the payment. My BTC address where I made the payment is "xxx". The version of the "Albabat Ransomware" running on my machine was "0.3.0". Follow the attached KEY "Albabat.ekey". IMPORANT: Payment will be verifying using YOUR BTC ADDRESS ("xxx") in which the transaction was carried out, so it is IMPORTANT to inform when sending this email. It is also IMPORTANT that you send the KEY "Albabat.ekey" as an attachment, regardless of the contact method you chose. The key will be decrypted for you. You will receive in your email the KEY "Albabat.key", that is, the KEY "Albabat.ekey" decrypted, and the decryptor "decryptor.exe" attached (zipped). Albabat.key" and "decryptor.exe" within 24 hours, but it may vary by more or less depending on my availability times and the amount of demands I receive. Be patient. [+] 4 - DECRYPTION PROCESS [+] > To decrypt your files follow the steps below: (1) Place the "Albabat.key" that you received by email, inside the "C:\Users\Admin\Albabat\" directory, or, if you prefer, keep it in the same directory as "decryptor.exe". > IMPORTANT:At this point, it is very important that you close all open Explorer windows, and heavy programs, to prevent "decryptor.exe" from crashing and/or have poor performance. And also disable your ANTIVIRUS PERMANENTLY so that it does not interfere with the decryption process. (2) Run "decryptor.exe" and enter YOUR PERSONAL ID, then press ENTER. An alert message will appear informing you that the decryption started, just click Ok. Note: If you are on Linux, open a terminal and run from the command line to see the process. E.g: ./decryptor (3) Wait for the decryption completion message to be displayed in console, this may take a while depending on the quantity of files that have been encrypted and power of your machine. You can see the decryption process by I live from your files, if I have time for that. (4) After decryption is complete, all your files will be restored and the decryption log file "Albabat_Logs.log". will be created in the decryptor directory. If you have further questions, such as: "How can I be sure my files can be decrypted?", you can read the FAQ page. Copyright (c) 2021-2023 Albabat Ransomware - All Right Reserved. Maintained by: tH3_CyberXY.