Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Ransom Notes: !!!_READ_ME_!!!.txt

██████╗ ███████╗██╗   ██╗███╗   ███╗ █████╗ ███╗   ██╗    ██████╗    ██╗
██╔══██╗██╔════╝██║   ██║████╗ ████║██╔══██╗████╗  ██║    ╚════██╗  ███║
██║  ██║█████╗  ██║   ██║██╔████╔██║███████║██╔██╗ ██║     █████╔╝  ╚██║
██║  ██║██╔══╝  ╚██╗ ██╔╝██║╚██╔╝██║██╔══██║██║╚██╗██║    ██╔═══╝    ██║
██████╔╝███████╗ ╚████╔╝ ██║ ╚═╝ ██║██║  ██║██║ ╚████║    ███████╗██╗██║
╚═════╝ ╚══════╝  ╚═══╝  ╚═╝     ╚═╝╚═╝  ╚═╝╚═╝  ╚═══╝    ╚══════╝╚═╝╚═╝
//////////////////////////////////////////////////////////////////////////////
///ENGLISH VERSION///////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
Dear, management and employees. We are the devman collective, and we are here to deliver some bad news.
All of your files have been encrypted with a unbreakable encryption algorithm.
However, this is not the only bad news for you. Around 100gb of your sensitive data,have been exfiltrated to our secure servers.
What does that mean for you? It means that if you do not cooperate with us, not only will you lose access to your files,
All of that sensitive data will be published online, causing irreparable damage to your reputation and potentially leading to legal consequences.
The only way to decrypt your files, and to prevent the data leak is to cooperate with us, and get the decryption tool and unique key.
What will happen if you do not cooperate with us?
1. Your files will remain encrypted forever.
2. Your sensitive data will be published online, and sent to your clients.
3. There is a high chance that you will face legal consequences for failing to protect your clients data, and violating data protection laws.
How to cooperate with us?
To obtain the decryption tool, you need to:
1. Contact us at: tygjm32hxyqienrgwxveiaw3azbjmfaln2znn2hldz2oe6v453ngwlyd.onion
2. Send your unique ID: [snip]
3. Receive a sample decryption of up to 4 files, and the file listing of exfiltrated data
4. We will provide payment instructions
5. After payment, you will receive decryption tool and unique key

WARNING:
- Do not modify encrypted files
- Do not use third party software to restore files
- Do not reinstall system

If you violate these rules, your files may be permanently damaged.

Unique ID: [snip]
Backup contact (Qtox) 9D97F166730F865F793E2EA07B173C742A6302879DE1B0BBB03817A5A04B572FBD82F984981D
Indicators of Compromise
Type IOC
onion url http://tygjm32hxyqienrgwxveiaw3azbjmfaln2znn2hldz2oe6v453ngwlyd.onion
tox id 9D97F166730F865F793E2EA07B173C742A6302879DE1B0BBB03817A5A04B572FBD82F984981D