Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Ransom Notes:

IOC 

		NEMESIS
		[+][+][+]
		Your systems are encrypted and sensitive data has been stolen.
		Do not shut down your systems or attempt to use any other recovery programs - files may be corrupted or lost.
		[+][+][+]
		ONLY OUR decryptor can get your files back.
		To make sure we REALLY CAN get your files back, we give you the opportunity to decrypt multiple files for free during the negotiation process.
		[+][+][+]
		We are not a politically motivated group - we are only interested in money.
		[+][+][+]
		We do not advise you to contact the police. They will not get your files back or prevent your data from being leaked - they will simply prevent you and us from negotiating.
		We do not advise you to contact recovery companies. They will not get your files back or prevent your data from being leaked - they will simply buy the decryptor from us and resell it to you at their markup.

		Contact us: 

		YOU MUST UNDERSTAND:
		If you do not make contact and comply by the specified deadline, all stolen data - 
		including customer KYC documents, personal and financial information of customers and employees (including a list of the largest holders of 
		deposits), as well as the bank's confidential financial documents, transaction details and other sensitive information - will be sold 
		to third parties or published in the public domain.
		[+] How to get access to our website? [+]
		Use TOR browser:

		  1. Download and install TOR browser from this site: https://torproject.org/

		  2. Visit our website: http://k7kzrgcoxsjm7fujj5votltw44vhidneye2dkzcnrw7k7gihhpxmctqd.onion/?token=[snip]

		[!!!]
		If you are having trouble opening the link, email our support team at Qtox
		  1. Download and install Qtox App from this site: https://qtox.github.io/

		  2. Add our support as a friend: D1F9B62B1505674B719AD0E4FA7DE03A87646BDC39968D4BAEDE07348BDF166418D3DA070045
Indicators of Compromise
Type IOC
onion url http://k7kzrgcoxsjm7fujj5votltw44vhidneye2dkzcnrw7k7gihhpxmctqd.onion/?token=[snip]
tox id D1F9B62B1505674B719AD0E4FA7DE03A87646BDC39968D4BAEDE07348BDF166418D3DA070045