Ransomware.live Ranson Note:

Buy Me a Coffee

Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Ransom Notes:

IOC

---> NEMTY 2.5 REVENGE <---
 
Some (or maybe all) of your files got encryped.
We provide decryption tool if you pay a ransom.
 
Don't worry, if we can't help you with decrypting - other people won't trust us.
We provide test decryption, as proof that we can decrypt your data.
 
You have 3 month to pay (after visiting the ransom page) until decryption key will be deleted from server.
After 3 month no one, even our service can't make decryptor.
 
1) Web-Browser
  a) Open your browser.
   B) Open this link: http://nemty.top/public/pay.php
  c) Upload this file.
  d) Follow the instructions.
 
2) Tor-Browser
  a) Download&Install Tor-Browser.
   B) Open Tor-Browser.
  c) Open this link : http://zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion/public/pay.php
  d) Upload this file.
  e) Follow the instruction.
 
<BEGIN NEMTY KEY>
[snip]

Indicators of Compromise

Type	IOC
`onion url`	http://zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion/public/pay.php