Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Ransom Notes: Decryption.txt

*** We are Crypto24 Group ***
*** Your files have been encrypted and stolen ***

We have exfiltrated over 200 GB of your most sensitive business data from your internal network.
 - Prepress files for every product.
 - Personnel, HR, and customer records.
 - Databases, including PCFactory.
 - Finance, accounting, and QA logs

⏳ [ WHAT TO DO NEXT ]

You have 3 days to contact us. After that, the price will increase.  
If we receive no response in 7 days, your data will be published on our TOR leak site:

  http://j5o5y2feotmhvr7cbcp2j2ewayv5mn5zenl3joqwx67gtfchhezjznad.onion
  (Access via TOR browser: https://www.torproject.org/download/)


💬 [ CONTACT INSTRUCTIONS ]

Use the Session messenger:
- Download: https://getsession.org/download
- Contact Session ID: 05e034eb421832ae9209e9c17441c93ee4509f2e6dae2b23595763e0a19fdcee52
- Device ID: [snip]

Please include your **Company Name** and **Device ID** in your first message.


🔒 [ TEST DECRYPTION OFFER ]

To prove we can restore your files, we offer free decryption of:
	- 1 document file (under 1MB)
	- 1 image file (under 5MB)


🚫 [ DO NOT TRUST UNVERIFIED “RECOVERY EXPERTS” ]

You may try to recover your data on your own or with a security firm. However, we strongly advise against involving third parties who are not officially trusted by you.

Do not share your device ID with untrusted third parties. The device ID is an identifier that proves that you are a victim.

Some so-called “recovery experts” will ask for your Device ID. They will then contact us pretending to be you, get a test decryption from us, and act like they did it themselves. They’ll show you the decrypted file, make you believe they can recover everything, and take your money.

In the end, they disappear. You lose time, money, and trust.

Your Device ID means nothing to them technically — but it helps them fool you.

We are the only ones with the keys. Don’t waste your time or budget chasing illusions.


⚠️ [ DO NOT ATTEMPT DIY DECRYPTION ]

You are free to try recovery attempts with your own tools or with trusted providers.  
But we strongly recommend that you **create backups first**.

If you damage or overwrite any encrypted files, not even we can restore them.

No tool, no expert, and no government can break our encryption without the key.


✅ [ WHY CHOOSE US ]

We are professionals.  
If anyone else or any organization claims to be able to decrypt it, it is a scam.
The strength of the encryption makes it impossible for anyone other than us to decrypt it.

The sooner you contact us, the lower the cost — and the faster your business can get back on track.

**We are the only ones who can actually solve this.**

Act quickly. Every hour counts.
Contact us now to begin the recovery. Time is running out.
Indicators of Compromise
Type IOC
onion url http://j5o5y2feotmhvr7cbcp2j2ewayv5mn5zenl3joqwx67gtfchhezjznad.onion
session id 05e034eb421832ae9209e9c17441c93ee4509f2e6dae2b23595763e0a19fdcee52