Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Ransom Notes: READ_ME_NOW.txt

/
#  Hello, if you are seeing this then you have been attacked by Kyber Ransomware.
\

 <=> Your files are encrypted with the AES-256-CTR algorithm.
     >--  (Explanation) https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

 <=> Two asymmetric algorithms X25519 and Kyber1024 were used for key generation.
     >--  (Explanation) https://en.wikipedia.org/wiki/Curve25519
     >--  (Explanation) https://en.wikipedia.org/wiki/Kyber

 <=> Keys are created from several random sources, so do not hope that you will return the files without our help
     >--  (Explanation) https://en.wikipedia.org/wiki//dev/random
     >--  (Explanation) https://en.wikipedia.org/wiki/RDRAND
     >--  (Explanation) https://en.wikipedia.org/wiki/HKDF

(??WE HAVE A FLASH DRIVE WITH BACKUPS ON THE ADMIN'S NECK??)
>========================================================================================
> In addition to encrypting files, a lot of data has been downloaded from your network.
> If you don't write to us, within a week or two your name will end up on our 
> blog with example of important data.
>========================================================================================

(??CAN WE TRUST HACKERS??)
>========================================================================================
> If you come to our chat room, you can count on free decryption for three small files.
> and examples of the downloaded data.
>========================================================================================

(??WE DON'T HAVE VALUABLE DATA??)
>========================================================================================
> We take a responsible approach to doing our job.
> We have probably downloaded a lot of personal information from your servers, and could 
> cause you HUGE problems by publishing it.
# Documents such as payroll, statements, contracts and others may contain valuable data, 
# the publication of which could lead to lawsuits.
>========================================================================================

(??WILL THE POLICE HELP??)
>========================================================================================
> DO NOT try to call the police as they will not save you from 
> publishing your data, nor will they help you get your files back, 
> they will only ban you from paying.
>========================================================================================

(??WHAT IF I TRIED TO TRICK YOU???)
>========================================================================================
> DO NOT modify the files, you may damage them and make it so 
> we can't help you.
>========================================================================================

(??WHAT ABOUT THE ANONYMITY??)
>========================================================================================
> We create unique links to anonymous chat for each company. 
> you don't have to worry, all the details of our deal will be kept secret.
> We also have alternative ways to contact us if you are worried and do 
> not want to write in the panel.
>========================================================================================

HOW TO CONTACT US:
  <=> Download Tor Browser (https://www.torproject.org/download)
  <=> Open it
  <=> Follow this link: http://mlnmlnnrdhcaddwll4zqvfd2vyqsgtgj473gjoehwna2v4sizdukheyd.onion/chat/[snip] 
  (Also maybe you would like to visit our blog? Don't be shy!)
  <=> Blog: http://kyblogtz6k3jtxnjjvluee5ec4g3zcnvyvbgsnq5thumphmqidkt7xid.onion
Indicators of Compromise
Type IOC
onion url http://kyblogtz6k3jtxnjjvluee5ec4g3zcnvyvbgsnq5thumphmqidkt7xid.onion
onion url http://mlnmlnnrdhcaddwll4zqvfd2vyqsgtgj473gjoehwna2v4sizdukheyd.onion/chat/[snip]