Ransomware.live Ranson Note:

Buy Me a Coffee

Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Ransom Notes:

IOC

--------------------------------------------------------------------------------
>>>>>>>>>>>>>>>>>>  H O W   T O   R E C O V E R   F I L E S  <<<<<<<<<<<<<<<<<<
--------------------------------------------------------------------------------


$$\   $$\           $$$$$$$$\                                                   
$$$\  $$ |          $$  _____|                                                  
$$$$\ $$ | $$$$$$\  $$ |       $$$$$$$\  $$$$$$$\  $$$$$$\   $$$$$$\   $$$$$$\  
$$ $$\$$ |$$  __$$\ $$$$$\    $$  _____|$$  _____| \____$$\ $$  __$$\ $$  __$$\ 
$$ \$$$$ |$$ /  $$ |$$  __|   \$$$$$$\  $$ /       $$$$$$$ |$$ /  $$ |$$$$$$$$ |
$$ |\$$$ |$$ |  $$ |$$ |       \____$$\ $$ |      $$  __$$ |$$ |  $$ |$$   ____|
$$ | \$$ |\$$$$$$  |$$$$$$$$\ $$$$$$$  |\$$$$$$$\ \$$$$$$$ |$$$$$$$  |\$$$$$$$\ 
\__|  \__| \______/ \________|\_______/  \_______| \_______|$$  ____/  \_______|
                                                            $$ |                
                                                            $$ |                
                                                            \__|    


WHAT HAPPEND?	
	Your network has been hacked and infected by NoEscape .DHFGGEDADE
	All your company documents, databases and other important files have been encrypted
	Your confidential documents, personal data and sensitive info has been downloaded


WHAT'S NEXT?
	You have to pay to get a our special recovery tool for all your files
	And avoid publishing all the downloaded info for sale in darknet
	
	
WHAT IF I DON'T PAY?
	All your files will remain encrypted forever
	There is no other way to recover yours files, except for our special recovery tool
	All the downloaded info will publishing for sale in darknet
	Your colleagues, competitors, lawyers, media and whole world will see it
	

I WILL TO PAY. WHAT SHOULD I DO?
	You need to contact us:
	1. Download and install TOR browser https://www.torproject.org/
	2. Open link in TOR browser noescaperjh3gg6oy7rck57fiefyuzmj7kmvojxgvlmwd5pdzizrb7ad.onion
	3. Enter your personal ID and follow the instructions

Your personal ID:
[snip]

-------------------------------------------------------------------------------------------------

WHAT GUARANTEES DO WE GIVE?
	We are not a politically company and we are not interested in your private affairs
	We are a commercial company, and we are only interested in money
	We value our reputation and keep our promise


WHAT SHOULD I NOT DO?
	! Don't try modify or recover encrypted files at yourself !
	! Only we can restore your files, the rest lie to you !

Indicators of Compromise

Type	IOC
`onion url`	http://noescaperjh3gg6oy7rck57fiefyuzmj7kmvojxgvlmwd5pdzizrb7ad.onion