Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business
[snip]
DO NOT ATTEMPT TO RESTORE OR MOVE THE FILES YOURSELF. THIS MAY DESTROY THEM
***Also a lot of sensitive data has been downloaded from your network***
For example:
______________________________
\\10.30.12.98\D$\[snip]
\\10.30.13.2\Y$\SQLbackup
\\10.40.10.162\D$
THIS IS A SMALL PART. WE DOWNLOADED ALL CLIENT'S SQL DATABASES
If you refuse to cooperate, all data will be published
for free download on our portal:
http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/ - use TOR browser
CONTACT US BY EMAIL:
unlock@support-box.com
unlock@rsv-box.com
OR WRITE TO THE CHAT AT :->:
http://npkoxkuygikbkpuf5yxte66um727wmdo2jtpg2djhb2e224i4r25v7ad.onion/remote0/[snip]
secret=[snip]
(use TOR browser)
| Type | IOC |
|---|---|
email
|
unlock@support-box.com
|
email
|
unlock@rsv-box.com
|
onion url
|
http://npkoxkuygikbkpuf5yxte66um727wmdo2jtpg2djhb2e224i4r25v7ad.onion/remote0/[snip] |
onion url
|
http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/ |