Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Ransom Notes:

IOC

RisenNote :


Read this text file carefully.

We have penetrated your whole network due some critical security issues.

We have encrypted all of your files on each host in the network within strong algorithm.

We have also Took your critical data such as docs, images, engineering data, accounting data, customers and ...
	And trust me, we exactly know what should we collect in case of NO corporation until the end of the deadline we WILL leak or sell your data,
	the only way to stop this process is successful corporation.

We have monitored your Backup plans for a whileand they are completely out of access(encrypted)

The only situation for recovering your files is our decryptor,
	there are many middle man services out there whom will contact us for your caseand add an amount of money on the FIXED price that we gave to them,
	so be aware of them.

Remember, you can send Upto 3 test files for decrypting, before making payment,
	we highly recommend to get test files to prevent possible scams.

In order to contact us you can either use following email :

Email address : dectokyo@onionmail.org , TELEGRAM:@tokyosupp

Or If you weren't able to contact us whitin 24 hours please Email : dectokyo@cock.li

Leave subject as your machine id : [snip]

If you didn't get any respond within 72 hours use our blog to contact us, 
therefore we can create another way for you to contact your cryptor as soon as possible.
 BLOG : http://s2wk77h653qn54csf4gp52orhem4y72dgxsquxulf255pcymazeepbyd.onion/

Indicators of Compromise
Type IOC
email dectokyo@onionmail.org
email dectokyo@cock.li
onion url http://s2wk77h653qn54csf4gp52orhem4y72dgxsquxulf255pcymazeepbyd.onion/
telegram handle @onionmail
telegram handle @tokyosupp
telegram handle @cock