Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks
README.[rand].txtYour network has been breached. Data has been encrypted and stolen.
All systems reachable within your environment - servers, workstations, virtual machines, and network attached storage are affected.
Encryption was performed using secure cryptographic methods. Restoration without our assistance is not possible.
Attempts to recover data independently or with third-party tools may result in permanent data loss.
--- RESOLUTION ---
We can provide:
- A decryption tool
- Clear recovery instructions
- Report of how the attack was performed
- Deletion of stolen data
- No further attacks on your company
This offer is time limited.
--- VERIFICATION ---
Upon request, we will decrypt a few non-critical files to
demonstrate our capability.
--- NON-COMPLIANCE ---
Failure to establish contact may result in:
- Permanent loss of encrypted data
- Additional measures, including data disclosure
--- COMMUNICATION ---
All communication must occur through the secure channel provided. Do not contact law enforcement or external response teams, as this will not restore your systems.
1. Download Tor-Browser (www.torproject.org)
2. Visit URL: http://ui2uleaiisccbtcooyi34cy5u3plpd5wraiza6wtibolshuf7tnzziid.onion/chat/[snip]
3. Enter Credentials: [snip]
| Type | IOC |
|---|---|
onion url
|
http://ui2uleaiisccbtcooyi34cy5u3plpd5wraiza6wtibolshuf7tnzziid.onion/chat/[snip] |