Ransomware.live Ranson Note:

Buy Me a Coffee

Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Ransom Notes:

IOC

Your network has been hacked.
Your ID: 191
 
Your files, backups and shadow copies are unavailable until you pay for a decryption tool.
 
If no contact made in 3 business days after the infection
first portion of data will be shared to public at
http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion
and all the rest will remain unreachable to you.
 
 
TO SAVE YOUR DATA FROM DESTRUCTION:
 
DO NOT RESET OR SHUTDOWN your PC or server.
DO NOT RENAME/ MOVE/ DELETE the encrypted and readme files.
DO NOT USE ANY RECOVERY TOOLS that is aimed to restore encrypted files.
 
 
TO GET YOUR DATA BACK contact us on your personal page:
 
    1. Download and install Tor Browser: https://www.torproject.org/download/
    2. Run the browser and wait for initialization.
    3. Copy to the address bar:
 
        http://thw73ky2jphtcfrwoze5ddk3wbkc2t24r55guu3agwjchn3g6p755kyd.onion/order/[snip]
 
    4. Follow the instructions on the site.
    5. Contact us via email reltypade1977@protonmail.com OR live chat on your personal page.
    7. The link above is valid for 21 days.
    8. If you ask about proof of data exfiltrated before payment -
       we will share proofs at our data leaks portal.

Indicators of Compromise

Type	IOC
`email`	`reltypade1977@protonmail.com`
`onion url`	http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion
`onion url`	http://thw73ky2jphtcfrwoze5ddk3wbkc2t24r55guu3agwjchn3g6p755kyd.onion/order/[snip]