Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Ransom Notes:

IOC 

		██████╗ ██╗      █████╗  ██████╗██╗  ██╗██████╗ ██╗   ██╗████████╗███████╗
		██╔══██╗██║     ██╔══██╗██╔════╝██║ ██╔╝██╔══██╗╚██╗ ██╔╝╚══██╔══╝██╔════╝
		██████╔╝██║     ███████║██║     █████╔╝ ██████╔╝ ╚████╔╝    ██║   █████╗  
		██╔══██╗██║     ██╔══██║██║     ██╔═██╗ ██╔══██╗  ╚██╔╝     ██║   ██╔══╝  
		██████╔╝███████╗██║  ██║╚██████╗██║  ██╗██████╔╝   ██║      ██║   ███████╗
		╚═════╝ ╚══════╝╚═╝  ╚═╝ ╚═════╝╚═╝  ╚═╝╚═════╝    ╚═╝      ╚═╝   ╚══════╝

 +-----------------------------------------------------------------------------+
 | All your files have been encrypted, your confidential data has been stolen, |
 | in order to decrypt files and avoid leakage, you must follow our steps.     |
 +-----------------------------------------------------------------------------+

 +------------------------------------------------------------------------------------------------------------------------------------+
 | 1) Download and install TOR Browser from this site: https://torproject.org/                                                        |
 |                                                                                                                                    |
 | 2) Paste the URL in TOR Browser and you will be redirected to our chat with all information that you need.                         |
 |                                                                                                                                    |
 | 3) If you do not contact us within 4 days, your chat access key won't be valid.                                                    |
 |    Also, your company will be posted on our blog, darknet and hacker forums,                                                       |
 |    which will attract unnecessary attention from journalists and not only them.                                                    |
 |    You are given 4 days to think over the situation, and take reasonable actions on your part.                                     |
 +------------------------------------------------------------------------------------------------------------------------------------+

 +------------------------------------------------------------------------------------------------+
 | Warning! Communication with us occurs only through this link, or through our mail on our blog. |
 | We also strongly DO NOT recommend using third-party tools to decrypt files,                    |
 | as this will simply kill them completely without the possibility of recovery.                  |
 | I repeat, in this case, no one can help you!                                                   |
 +------------------------------------------------------------------------------------------------+


 Your URL: http://p5quu5ujzzswxv4nxyuhgg3fjj2vy2a3zmtcowalkip2temdfadanlyd.onion/[snip]

 Your Key to access the chat: [snip]

 Find our blog here (TOR Browser): http://dlyo7r3n4qy5fzv4645nddjwarj7wjdd6wzckomcyc7akskkxp4glcad.onion/
Indicators of Compromise
Type IOC
onion url http://dlyo7r3n4qy5fzv4645nddjwarj7wjdd6wzckomcyc7akskkxp4glcad.onion/
onion url http://p5quu5ujzzswxv4nxyuhgg3fjj2vy2a3zmtcowalkip2temdfadanlyd.onion/[snip]