Ransom Notes:

---

# RA World
----
## Notification
Hello! "[snip]"!
We are RA World Ransomware!
Your data are stolen and encrypted when you read this letter.
We had copied more than 85 GB data to our server.
Don't worry, your data will not be published if you do what we want.
But if you don't pay, we will release the data after 30 days, contact your customers and regulators and destroy your system again and again.

## What do you need to do?
Contact us and discuss how to protect your files.
We can decrypt some files for free to prove that the decryption tool works properly.

## How contact us?
You can visit online chat room or use qTox to contact us.
[+] online chat room info:
    RoomID:[snip]
    Password:[snip]
    Link:http://raworlddecssyq43oim3hxhc5oxvlbaxuj73xbz2pbbowso3l4kn27qd.onion
[+] qTox info:
    Our qTox ID is: 1C2163487A1356EA767FD0F77A29553DF0541F977FA9958EC8CD7530E3BDBB3D8468BD7B0386

We don't have any other contacts.
If there is no contact within 3 days, we will make sample files public.
If there is no contact within 7 days, we will stop communicating and release data in batches.
You can get 50% discount and some time for negotiation if you contact us within 3 days.

## Sample files release link:
We select some files as samples that you can download and check it:
[+] https://gofile.io/d/[snip] 

## RA World Office Site:
[Temporary address] http://66.78.40.205/raworld 
[Permanent address] http://raworldw32b2qxevn3gp63pvibgixr4v75z62etlptg3u3pmajwra4ad.onion 

## Other Tips
You can download qTox from their official website:
[+] https://qtox.github.io
You can use Tor Browser to open .onion url.
Ger more information from Tor office website:
[+] https://www.torproject.org

---

Indicators of Compromise

Type	IOC
onion url	http://raworlddecssyq43oim3hxhc5oxvlbaxuj73xbz2pbbowso3l4kn27qd.onion
onion url	http://raworldw32b2qxevn3gp63pvibgixr4v75z62etlptg3u3pmajwra4ad.onion
tox id	1C2163487A1356EA767FD0F77A29553DF0541F977FA9958EC8CD7530E3BDBB3D8468BD7B0386