Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Ransom Note: DECRYPT_INSTRUCTIONS.txt

Group: Gr33nbl00d 
##################### TH3 GR33N BL00D GR0UP  ####################

----------------- SYSTEM INTRUSION & DATA EXFILTRATION CONFIRMED -------------------

All primary servers, workstations, and backup links within your network have been encrypted and penetrated by THE-GREEN-BLOOD-GROUP.
A full copy of TERABYTES of sensitive data has been extracted from your systems.

IRREVERSIBLE without our unique decryption key.

################# YOUR DATA IS NOW HELD FOR RANSOM. DO NOT ATTEMPT: #######################

Restarting systems or disconnecting from network.

Using third-party decryption or "recovery" tools.

Involving external cyber-security firms.

Modifying encrypted files or system registry.

ANY ATTEMPT WILL CORRUPT DATA PERMANENTLY AND TRIGGER IMMEDIATE DATA LEAK.

####################### DEMAND & RECOVERY PROCESS ###########################

To receive the decryption tool and secure the deletion of the stolen dataset, you MUST contact us at the address below within 14 DAYS.
To prove the legitimacy of our decryption tool, we decrypt 5-10 non-critical files (each under 20MB).


######################### OUR CONTACTS #######################
SUPPORT EMAIL: thegreenblood@proton.me / thegreenblood@onionmail.org 
SUPPORT TOX ID: F97A512AA18917444315510B107AB8B46166CAC4E79DB76B849FFE48A67A4B621AB7CC9A1EFB 

If Mail Communication channels lost or slow , use TOX  

EMAIL SUBJECT LINE:
[snip] - PAYMENT INQUIRY

######################### CONSEQUENCES OF NON-COMPLIANCE #########################

Failure to contact us within 7 DAYS will result in:

14 DAYS :
1% DATASET will be published every next day publicly on multiple dark web leak sites and sent to major media outlets .This includes all client  data.
You can use the Tor Browser and visit the following link:
URL: http://scbrksw5fgjtujc2ah42roo6bij2unr2tggfcynpbql5a7yp3s22taid.onion:8000/ 

21 DAYS:
If you choose not to contact us, your sensitive data will be published or sold to interested third parties . 
The dataset will be AUCTIONED to the highest bidder among cybercriminal syndicates and hostile entities.
Your clients' financial futures will be sold.

######################## TIME DECREASES WITH EVERY HOUR. ACT NOW. ##############################

------------------------------ END OF COMMUNICATION -------------------------------------------------

-  TH3 GR33N BL00D GR0UP
Indicators of Compromise
Type IOC
email thegreenblood@proton.me
email thegreenblood@onionmail.org
onion url http://scbrksw5fgjtujc2ah42roo6bij2unr2tggfcynpbql5a7yp3s22taid.onion
tox id F97A512AA18917444315510B107AB8B46166CAC4E79DB76B849FFE48A67A4B621AB7CC9A1EFB