Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business
!!Restore-My-file-Kavva_ascii.txt
-- KaWaLocker
> Your network/system was encrypted.
> Encrypted files have new extension.
> We have downloaded compromising and sensitive data from your system/network.
> Our group cooperates with the mass media.
> If you refuse to communicate with us and we do not come to an agreement,
> your data will be reviewed and published on our blog and othter darkweb markets.
> Install tor browser,visit KaWa Blog > http://kawasa2qo7345dt7ogxmx7qmn6z2hnwaoi3h5aeosupozkddqwp6lqqd.onion
Data includes:
> Employees personal data, corp partner, Income, customer information, Human resourse, CVs, DL , SSN,
> Complete network map including credentials for local and remote services.
> Financial information including clients data, bills, budgets, annual reports, bank statements.
> Complete datagrams/schemas/drawings for manufacturing in solidworks format
> And more...
Warning:
> 1) If you modify files - our decrypt software won't able to recover data
> 2) If you use third party software - you can damage/modify files (see item 1)
> 3) You need cipher key / our decrypt software to restore you files.
> 4) The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions.
Recovery:
> Download tox chat: https://tox.chat
> Go to add as friend ID> 6A340207246B47E37F6D094D2236E5C6242B6E4461EEF8021FED2C9855240C3E11AEE886FAAF
| Type | IOC |
|---|---|
onion url
|
http://kawasa2qo7345dt7ogxmx7qmn6z2hnwaoi3h5aeosupozkddqwp6lqqd.onion |
tox id
|
6A340207246B47E37F6D094D2236E5C6242B6E4461EEF8021FED2C9855240C3E11AEE886FAAF
|