Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Ransom Note: [rand].README.txt

Group: Bluewindgroup 

>>>> Your data are stolen and encrypted

	We encrypted and stole your documents, emails, and databases.
	We have viewed your email data in MailStore and can find all your customer information and customer needs.
	You can view your data on this website (you must use the Onion browser): 
		http://okikwmntpud4bapt3llkgocxeng3w5sruyoseb3lhz4rcmmcitcv3lyd.onion
	
>>>> What are the benefits of working with us?

	Network security is important, and you can consider this experience as a paid security test, we will help you point out your network security risks. 
	Our ransom is much lower than other ransomware, it is even lower than the price you pay for a security company to do security testing.
	This amount of money is nothing compared to the fines of privacy protection laws and customer trust.
	

>>>> What guarantees that we will not deceive you? 

	We are not a politically motivated group and we do not need anything other than your money. 
    
	If you pay, we will provide you the programs for decryption and we will delete your data. 
	Life is too short to be sad. Be not sad, money, it is only paper.
    
	If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. 
	Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment.
	
>>>> You need to contact us with your personal DECRYPTION ID: 5F33D45F79FDC967440E309765A2D04B

>>>> To contact us:
	
	Way1: Use session (suggestion)
		1. Download Getsesion https://getsession.org/download
		2. Add friend my id:  056885d45a7137be429cbdb59b55c313c4a6776f9c0c23fdb19131bc2baef01436
	
	Way2: Use email
		Email address BlueWindGroup@onionmail.org
	
	To ensure contact, it is best send message use three ways at the same time
	
	
>>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems!

>>>> Warning! If you do not pay the ransom we will attack your company repeatedly again!
Indicators of Compromise
Type IOC
email BlueWindGroup@onionmail.org
onion url http://okikwmntpud4bapt3llkgocxeng3w5sruyoseb3lhz4rcmmcitcv3lyd.onion
session id 056885d45a7137be429cbdb59b55c313c4a6776f9c0c23fdb19131bc2baef01436