General

Malware Config

Extracted

Path

C:\d962f70874f5d4bfc1c6\Arcus-ReadMe.txt

Ransom Note
Hey , Its Arcus . What happened ? - Your data is stolen and encrypted. - We have hacked all devices in your network. - For now we keeping all your sensitive data secure in our servers. Good news: Your servers and data will be restored with our Decryption Tool. What you should do ? - You will contact us. - You can send 3 files to make sure our tool can recover your files. - We negotiate and decide a amount that fit for both sides. - After payment , you will receive recovery tool and your data will removed from our servers. - You will receive full report on how this happened and how to prevent such things later. How much time you have to decide ? - In case you don't contact in 3 days You will posted in our LeakBlog, news about this hack will ruin your reputation. - After 5 days ALL your sensitive data(Customers Confidential Data,Company Finance,Contracts,HR etc..) will Published into LeakBlog. you will face with GDPR and your own Customers, The People affected will get mail from us about this hack and how their Confidential data is not safe anymore. In the midterm, you will lose your business. - You can download TOR browser and take look at our blog and see companies that failed this process: http://arcuufpr5xxbbkin4mlidt7itmr6znlppk63jbtkeguuhszmc5g7qdyd.onion Want to ask authorities for help? - Seeking their help will only make the situation worse, They will try to prevent you from negotiating with us and also they cant help you. - After the incident report is handed over to the government department, you will be fined a huge amount with GDPR(https://en.wikipedia.org/wiki/General_Data_Protection_Regulation) - So You will not recover your data , and also you must pay the GDPR . You think your IT Specialists can do file restoration ? - Not in this case , your data is encrypted with high grade of encryption. - Your specialists will waste weeks for nothing and they might damage files so you cant recover them anymore . - You lost your business for weeks, but you could back to work in 24h. How to Contact Us ? 1. Download tox chat : https://tox.chat/download.html 2. Add And Message Us On : F6B2E01CFA4D3F2DB75E4EDD07EC28BF793E541A9674C3E6A66E1CDA9D931A1344E321FD2582 Your ID IS : 10392726701f3939 - In case no answer in 24h mail to : [email protected] (check your spam inbox) - Do not contact third party for negotiations , there is no recovery service that can recover your data, except us. third parties contact us and ask us to decrypt your data , they ask you to pay higher prices and they take some of it for nothing. in some cases when third parties find out there is no earnings for them they just simply tell your data is lost. >>> WARNINGS : 1. do not modify encrypted data yourself or use third party -> it may damage data and lead to permanent data loss . 2. do not stop encryption process -> it may damage data and lead to permanent data loss.
URLs

http://arcuufpr5xxbbkin4mlidt7itmr6znlppk63jbtkeguuhszmc5g7qdyd.onion

https://tox.chat/download.html

Targets

MITRE ATT&CK Enterprise v16

Tasks