Ransom notes from the most active groups

ATTENTION
Your network has been breached and all data was encrypted. Please contact us at:
https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/
Login ID: [redacted]
* To access .onion websites download and install Tor Browser at:
https://www.torproject.org/ (Tor Browser is not related to us)
* To restore all your PCs and get your network working again, follow these instructions:
- Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency.
Please follow these simple rules to avoid data corruption:
- Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption.
- Do not hire a recovery company. They can't decrypt without the key.
They also don't care about your business. They believe that they are
good negotiators, but it is not. They usually fail. So speak for yourself.
Waiting you in a chat.

All your files have been encrypted, your confidential data has been stolen,
in order to decrypt files and avoid leakage, you must follow our steps.

1) Download and install TOR Browser from this site: hxxps://torproject.org/|

2) Paste the URL in TOR Browser and you will be redirected to our chat with all information that you need.

3) If you read this message thats means your files already for sell in our Auction.
  Everyday of delaying will cause higer price. after 4 days if you wont connect us,  
  We will remove your chat access and you will lose your chance to get decrypted.

Warning! Communication with us occurs only through this link, or through our mail on our Auction.
We also strongly DO NOT recommend using third-party tools to decrypt files,  
as this will simply kill them completely without the possibility of recovery.
I repeat, in this case, no one can help you!
Your URL: http://a2dbso6dijaqsmut36r6y4nps4cwivmfog5bpzf6uojovce6f3gl36id.onion:81/[redacted]
Your Key to access the chat: [redacted]
Find our Auction here (TOR Browser): http://jbeg2dct2zhku6c2vwnpxtm2psnjo2xnqvvpoiiwr5hxnc6wrp3uhnad.onion/

Good whatever time of day it is!
Your safety service did a really poor job of protecting your files against our professionals.
Extortioner named  BlackSuit has attacked your system.
As a result all your essential files were encrypted and saved at a secure serverfor further useand publishing on the Web into the public realm.
Now we have all your files like: financial reports, intellectual property, accounting, law actionsand complaints, personal filesand so onand so forth.
We are able to solve this problem in one touch.
We (BlackSuit) are ready to give you an opportunity to get all the things back if you agree to makea deal with us.
You have a chance to get rid of all possible financial, legal, insurance and many others risks and problems for a quite small compensation.
You can have a safety review of your systems.
All your files will be decrypted, your data will be reset, your systems will stay in safe.
Contact us through TOR browser using the link:
weg7sdx54bevnvulapqu6bpzwztryeflq3s23tegbmnhkbpqz637f2yd[.]onion/?id=

Welcome to Brain Cipher Ransomware
Dear managers
If you're reading this, it means your systems have been hacked and encrypted and your data stolen.
The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours.
In order for it to be successful, you must follow a few points:
1.Don't go to the police, etc.
2[.]Do not attempt to recover data on your own.
3[.]Do not take the help of third-party data recovery companies.
In most cases, they are scammers who will pay us a ransom and take a for themselves.
If you violate any 1 of these points, we will refuse to cooperate with you
3 steps to data recovery:
1. Download and install Tor Browser (hxxps://www[.]torproject[.]org/download/)
2. Go to our support page: hxxp://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad[.]onion
3. Enter your encryption ID: [redacted]
Email to support: brain.support@cyberfear[.]com

Your corporate network was compromised and encrypted by Cactus.
Do not interrupt the encryption process, don't stop or reboot your machines until the encryption
is complete. Otherwise the data may be corrupted. In addition to the encrypted infrastructure, we have downloaded a lot of confidential information from your systems. The publication of these documents may cause the termination of your commercial activities, contracts with your clients and partners, and multiple lawsuits.
If you ignore this warning and do not contact us, your sensitive data will be posted on our blog: https[:]//cactusbloguuodvqjmnzlwetjlpj6aggc6iocwhuupb47laukux7ckid[.]onion/
In your best interest is to avoid contacting law enforcement and data recovery companies. They can't help you with the recovery, will cause more problems and expenses, and delay the return to
normal work significantly. Besides, if you contact the police we will immediately publish your data. We offer the best solution to the problem, to receive our decryption software and prevent
disclosure of your sensitive information contact us directly. A quick recovery is very important to keep your business running at full capacity and minimize losses. This is why you need to begin negotiations as soon as possible. By the way, if you don't contact us within 5 days, we will start publishing your data.
Download TOR Browser (https[:]//www[.]torproject[.]org/download) and follow the link:
http[:]//webmail[.]cactus47hhktlaclasue3rnkchcy6rgvitxmllv2l6m25gzkgbeyfyad[.]onion
Your username:
cts0100[@]cactus47hhktlaclasue3rnkchcy6rgvitxmllv2l6m25gzkgbeyfyad[.]onion
Your password: H;^2KSgfIJg{C&)L
Reply to the welcome email and we will get your message.
Backup contact is TOX (https[:]//tox[.]chat):
7367B422CD7498D5F2AAF33F58F67A332F8520CF0279A5FBB4611E0121AE421AE1D49ACEABB2

Network of your company has got CiphBit ransomware due to security weakness or system design flaw

So by this way all the files and documents have been locked in strongest encryption algorithm and also downloaded

But there is no need to worry, you can get all your files back if you do it right

What guarantee is there that you will get your files back?

You should attach a couple of unimportant encrypted files for a free decryption test
 
Contact us at the email below by subject your personal ID and attach the files

----------------
Your Personal ID: -

Your Decryption Code: -

Email Address: ciphbit@onionmail[.]org

----------------
The CiphBit TOR data leak blog links is for those who do not pay:

********

********
 
How to download and install TOR Browser in order to visit the CiphBit blog?

hxxp://www[.]torproject[.]org/download

----------------

-> WARNING <-

Do not try to rename or edit files

Do not tell anyone that your company has been attacked

Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorithm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN – files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
This may lead to the impossibility of recovery of the certain files.
Photorec, RannohDecryptor etc. repair tools are useless and can destroy your files irreversibly.
If you want to restore your files write to emails (contacts are at the bottom of the sheet) and attach 2-3 encrypted files
(Less than 5 Mb each, non-archived and your files should not contain valuable information
(Databases, backups, large excel sheets, etc.)).
You will receive decrypted samples and our conditions how to get the decoder.
 
Attention!!!
Your warranty - decrypted samples.
Do not rename encrypted files.
Do not try to decrypt your data using third party software.
We don`t need your files and your information.
 
But after 2 weeks all your files and keys will be deleted automatically.
Contact emails:
servicedigilogos@protonmail.com
or
managersmaers@tutanota.com
 
The final price depends on how fast you write to us.
 
Clop

So what happened?

 
All files are encrypted with Integrated Encryption Scheme.
The file structure was not damaged. You have been assigned a unique identifier.
After infection, you have 96 hours to declare decryption.

 
After the expiration of 96 hours, decryption cost will be automatically increased.
Now you should send us message with your personal ID, which is at the bottom of the message.
We hope that you understand the importance of the work we have done.

 
Before paying you can send us 2 files for free decryption.
The total size of files must be less than 2Mb.
Files should not contain valuable information (databases, backups, large excel sheets, etc..).

 
Attention! If you want to RECOVER YOUR DATA without problems - NEVER!!! :
reboot, disconnect hard drives or take any action unless you know WHAT YOU ARE DOING!!!
Otherwise, we cannot be 100% sure that the decryptor will work correctly.

 
!!!THIS IS ESPECIALLY RELATED TO ESXI!!!

 
If you will try to use any third party software for restoring your data or antivirus solutions:
this can lead to complete damage to all files and their irrecoverable loss.
Any changes in encrypted files may entail damage of the private key and the loss of all data.

 
Your personal id: [redacted]
Username and password are identical to above.

 
Since we are using SSL encryption as well as .onion, the certificate is not properly signed.
So in order to get into the chat, you need to confirm the insecure connection exception.
Or just use our embeded APP (Windows version only for now). Thank you for understanding.

 
You can download TOX here:
hxxps://tox[.]chat/download.html

 
You can also write to the chat located in TOR network at:
https://qkbbaxiuqqcqb5nox4np4qjcniy2q6m7yeluvj7n5i5dn7pgpcwxwfid[.]onion

 
You can download TOR browser here:
hxxps://www[.]torproject[.]org/download/

 
our TOX below:
D3404141459BC7206CC4AFEC16A3403F262C0937A732C12644E7CA97F0615201A519F7EAB2E2

 
We hope you carefully read this message and already know what to do.

Welcome to the ransomware world
We have exfiltrated critial documents and information from your network.
Your systems are encrypted.
Do not try to solve this by yourself (or contact the recovery company)-
you will only lose time and money.
To contact us:
1.) Install official Tor Browser (hxxps://www[.]torproject[.]org/download/)
2.) Open hxxp://3o3xvreovoged55lgvu4xpd3zywfrh6z32uh33gvx3mwlttae6rxdvid[.]onion in Tor Browser
3.) Input your personal PIN
Your personal PIN is: [redacted]
Do not share this PIN
If you do not contact us, the data will be published within 5 days.
$$$ Daxin Team $$$

--------------------------------------------------------------------------


                 HELLO dear REDACTED!


If you are reading this message, it means that: 
      - your network infrastructure has been compromised, 
      - critical data was leaked, 
      - files are encrypted,
  - backups are deleted
                                                                     
    ------------------------------------------------------
    |                                                    |
    |     by   D A R K    A N G E L S   T E A M  !       |
    |                                                    |
    ------------------------------------------------------


            The best and only thing you can do is to contact us 
              to settle the matter before any losses occurs.                   


--------------------------------------------------------------------------


                                  1. THE FOLLOWING IS STRICTLY FORBIDDEN



1.1 EDITING FILES ON HDD. 
                            Renaming, copying or moving any files 
                            could DAMAGE the cipher and 
                            decryption will be impossible. 


1.2 USING THIRD-PARTY SOFTWARE. 
                            Trying to recover with any software 
                            can also break the cipher and 
                            file recovery will become a problem.


1.3 SHUTDOWN OR RESTART THE PC. 
                            Boot and recovery errors can also damage the cipher. 
                            Sorry about that, but doing so is entirely at your own risk.


1.4 HIRING THE EUROPOL AND OTHERS
                            Cooperating with the EUROPOL, INTERPOL and so on 
                            and involving their officers in negotiations 
                            will end our communication with you 
                            and we will share all the leaked data for free. 

--------------------------------------------------------------------------------------------------
                            
                                  2. EXPLANATION OF THE SITUATION
2.1 HOW DID THIS HAPPEN


The security of your IT perimeter has been compromised (it's not perfect at all). 
We encrypted your workstations and servers to make the fact of the intrusion visible and to prevent you from hiding critical data leaks.
We spent a lot of time researching and finding out the most important directories of your business, your weak points. 
So, we has DOWNLOADED about 2.5TB ( ~ 2 500 GBs) of your most SENSITIVE Data just in case if you will NOT PAY, than everything will be PUBLISHED in Media, hacking forums(China, Ukraine, Russia etc) and/or SOLD to any third-party. 


2.2 "WE HAS COLLECTED SUCH DATA AS: 
- Project Files and Drawings(CAD files, Manuals, concept, Konstruktion_MBAU, *.vsd, *.stp, *.dwg, *.odg, *.dws, *.dwt, *.dfx, *.swg, *.ipt, *.iam, *.cdr, *.SLDDRW, *.SLDPRT, *.SLDASM, *.SKP, *.STEP, *.igs, *.iges, *.STL )
- Forschung, HW-Allgemein, Konstruktion_MBAU, Programme, Leittechnik etc
- Oracle Production DB from SRHW8226 & SRHW8239
- MSSQL Production DB from SRHW8042, SRHW8144 etc
- PII - Personal Identification Information !
- HR files, Accountant files
- Most importants files from SRHW8100(srv003) and other FileServers
- Emails and working files of top management and many employees(about 45 PST files)
- Geheimhaltungsvereinbarung(NDA), Patents, Secret and Confidential infromation
- Customer and partner files, including correspondence
and many many more.


2.3 TO DO LIST (best practies)
                            - Contact us as soon as possible.
                            - Contact us only in our live chat, otherwise you can run into scammers.
                            - Purchase our decryption tool and decrypt your files. There is no other way to do this.
                            - Realize that dealing with us is the shortest way to success and secrecy.
                            - Give up the idea of using decryption help programs, otherwise you will destroy the system permanently.
                            - Avoid any third-party negotiators and recovery groups. They can become the source of leaks.


--------------------------------------------------------------------------------------------------


                                  3. POSSIBLE DECISIONS
3.1 NOT MAKING THE DEAL
                            - After 4 days starting tomorrow your leaked data will be Disclosed or sold.
                            - We will also send the data to all interested supervisory organizations and the media.
                            - Decryption key will be deleted permanently and recovery will be impossible.
                            - Losses from the situation can be measured based on your annual budget.


3.2 MAKING THE WIN-WIN DEAL
                            - You will get the only working Decryption Tool and the how-to-use Manual. 
                            - You will get our guarantees (with log provided) of non-recovarable deletion of all your leaked data.
                            - You will get our guarantees of secrecy and removal of all traces related to the deal in the Internet. 
                            - You will get our security report on how to fix your security breaches.
- You will get our Advanced Penetration Test Report about your security.
- We guarantee the removal of all backdoors in your network
                    
--------------------------------------------------------------------------------------------------


                                  4. EVIDENCE OF THE LEAKAGE



REDACTED


--------------------------------------------------------------------------------------------------


                                  5. HOW TO CONTACT US


5.1 Download and install TOR Browser https://torproject.org
5.2 Go to our live-chat website at hxxps://wemo2ysyeq6km2nqhcrz63dkdhez3j25yw2nvn7xba2z4h7v7gyrfgid[.]onion/page/REDACTED
5.3 You can request additional Proof Pack with your data in our live chat to review. 
5.4 In case TOR Browser is restricted in your area use VPN services.
5.5 All leaked Data will be Disclosed in 4 Days if you remain silent.
5.6 Your Decryption keys will be permanently destroyed at the moment the leaked Data is Disclosed.
5.7 Your Data will immediately Disclosed if you will hire third-party negotiators to contact us.


--------------------------------------------------------------------------------------------------


                                  6. RESPONSIBILITY


6.1 Breaking critical points of this offer will cause:
                            - Deletion of your decryption keys.
                            - Immediate sale or complete Disclosure of your leaked data.
                            - Notification of government supervision agencies, your competitors and clients.
--------------------------------------------------------------------------------------------------

RADAR
Your network has been breached and all major data were encrypted.
Important files have been downloaded from your servers and are ready to be published on TOR blogs.
To decrypt all the data and prevent exfiltrated files to be disclosed on TOR blogs, dataleak forums, dataleak databases, telegram channels etc with lot of tags/videos on twitter/facebook you should purchase our decryption tool. We will provide you a proof video how our Decryption Tool works.
Please contact our sales department at Skype: hxxxs://join.skype.com/invite/MO0SAOWRh0zo
We appreciate and respect everyone, that's why in Skype you will get a proof, we will record a video of 5-10 files of your choice.
Follow the guidelines below to avoid losing your data:
- Do not modify, rename or delete encrypted files. In result your data will be undecryptable.
- Do not modify or rename encrypted files. You will lose them.
- Do not report to the Police, FBI, etc. They don't care about your business. They simply won't allow you to pay. As a result you will lose everything and your data, recorded data on videos etc will be published.
- Do not hire a recovery company. They can't decrypt files without our Decryption Tool. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. You should contact with us yourself and we'll guarantee you 10077BCB65CA365CF885446C7CB6B4ABA99uccessful decryption without any loss + exfiltrated data erasing from our servers.
- Do not reject to purchase RADAR Decryptor from us, otherwise exfiltrated files will be publicly disclosed with video of files.
P.S. Do not repeat the same mistakes as other companies did with us, for example our old case with a small Spain Company: ALVAC S.A. Their Website - hxxxs://alvac.es
Our media team published files and videos, because they didn't pay as in time. Small part of proofs:
hxxxs://vimeo.com/752214614
hxxxs://hacknotice.com/2022/10/01/alvac-sa/
hxxxs://twitter.com/elhackernet/status/1576678217603502080
hxxxs://twitter.com/search?q=alvacvimeo&src=typed_query&f=live
Lot of telegram channels like hxxxs://t.me/elconfidencial , hxxxs://t.me/baseleak , all darkweb resources list from here -  hxxxs://github.com/fastfire/deepdarkCTI/blob/main/telegram.md
We have a direct contact with a list of ransomware owners in jabber and tox, you can see all the companies that refused to cooperate with us, TOR/onion URLs: hxxx://xb6q2aggycmlcrjtbjendcnnwpmmwbosqaugxsqb4nx6cmod3emy7sad.onion
hxxx://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion
hxxx://bianlianlbc5an4kgnay3opdemgcryg2kpfcbgczopmm3dnbz3uaunad.onion/
hxxx://alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion
hxxx://knight3xppu263m7g4ag3xlit2qxpryjwueobh7vjdc3zrscqlfu3pqd.onion/
For ALVAC SA we hired 3rd party team of data analysts with OSINT-specialists. Because of adding such 3rd parties, the price for Decryption Tool and exfiltrated data erasing has been increased. In result they suffered significant problems due disastrous consequences, leading to loss of valuable intellectual property and other sensitive information, GDPR issues, costly incident response efforts, information misuse/abuse, loss of customer trust, brand and reputational damage, legal and regulatory issues. And it will never end for them, as their files are constantly downloaded and videos are viewed by people from all over the World.
That's why we don't recommend to ignore us.

Hello [victim]!
Your files (totobet database!) have been stolen from your network and encrypted with a strong algorithm. We work for money and are not associated with politics.
All you need to do is contact us and pay.
Our communication process:
You contact us via email or Tox.
We send you a list of files that were stolen
We decrypt 3 files to confirm that our decryptor works.
We agree on the amount, which must be paid using BTC.
We delete your files, we give you a decryptor.
We give you a detailed report on how we compromised your company, and recommendations on how to avoid such situations in the future.
Recommendations:
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
Contacts:
Email: [email]
Reserve: [email]
Tox: [tox id]
* If you want to contact us via Tox you need to download it from this link:
hxxps://github[.]com/qTox/qTox/releases/download/v1.17.6/setup-qtox-x86_64-release.exe
YOUR ID: %s
If you refuse to pay or do not get in touch with us, we start publishing your files.
After 7 days the email will no longer be available, and the opportunity to receive the decryptor will also no longer be available.
Sincerely, 01000100 01110010 01100001 01100111 01101111 01101110 01000110 01101111 01110010 01100011 01100101

To the board of directors.
Your network has been attacked through various vulnerabilities found in your system.
We have gained full access to the entire network infrastructure.
All your confidential information about all employees and all partners and developments 
has been downloaded to our servers and is located with us.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Our team has an extensive background in legal and so called white hat hacking.
However, clients usually considered the found vulnerabilities to be minor and poorlyr\n
paid for our services.
So we decided to change our business model. Now you understand how important it isr\n
to allocate a good budget for IT security.
This is serious business for us and we really don't want to ruin your privacy,r\n
reputation and a company.
We just want to get paid for our work whist finding vulnerabilities in various networks.
Your files are currently encrypted with our tailor made state of the art algorithm.
Don't try to terminate unknown processes, don't shutdown the servers, do not unplug drives,
all this can lead to partial or complete data loss.
We have also managed to download a large amount of various, crucial data from your network.
A complete list of files and samples will be provided upon request.
We can decrypt a couple of files for free. The size of each file must be no more than 5 megabytes.
All your data will be successfully decrypted immediately after your payment.
You will also receive a detailed list of vulnerabilities used to gain access to your network.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
If you refuse to cooperate with us, it will lead to the following consequences for your company:
1. All data downloaded from your network will be published for free or even sold
2. Your system will be re-attacked continuously, now that we know all your weak spotsr
3. We will also attack your partners and suppliers using info obtained from your network
4. It can lead to legal actions against you for data breaches
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
                  !!!!Instructions for contacting our team!!!!
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
 ---> Download and install TOR browser from this site : https://torproject.org
 ---> For contact us via LIVE CHAT open our website : http://panelqbinglxczi2gqkwderfvgq6bcv5cbjwxrksjtvr5xv7ozh5wqad.onion/Url=redacted
 ---> If Tor is restricted in your area, use VPN
 ---> All your Data will be published in 7 Days if NO contact made
 ---> Your Decryption keys will be permanently destroyed in 3 Days if no contact made
 ---> Your Data will be published if you will hire third-party negotiators to contact us

Your network has been chosen for Security Audit by EMBARGO Team.
We successfully infiltrated your network, downloaded all important and sensitive documents, files, databases, and encrypted your systems.
You must contact us before the deadline 2024-07-31 05:53:57 +0000 UTC, to decrypt your systems and prevent your sensitive information from disclosure on our blog:
http://embargobe3n5okxyzqphpmk3moinoap2snz5k6765mvtkk7hhi544jid[.]onion/
Do not modify any files or file extensions. Your data maybe lost forever.
Instructions:
1. Download torbrowser: hxxps://www[.]torproject[.]org/download/
2. Go to your registration link:
=================================
hxxp://a3kvb22nuhfgaluy6uzufrjn3azzsu7tylszdbyne3kiextdmxz4nnyd[.]onion/
[redacted]
3. Register an account then login
If you have problems with this instructions, you can contact us on TOX:
9500B1A73716BCF40745086F7184A33EA0141B7D3F852431C8FDD2E1E8FAF9277E9FDC117B47
After payment for our services, you will receive:
- decrypt app for all systems
- proof that we delete your data from our systems
- full detail pentest report
- 48 hours support from our professional team to help you recover systems and develop Disaster Recovery plan
IMPORTANT: After 2024-07-31 05:53:57 +0000 UTC deadline, your registration link will be disabled and no new registrations will be allowed.
If no account has been registered, your keys will be deleted, and your data will be automatically publish to our blog and/or sold to data brokers.
WARNING: Speak for yourself. Our team has many years experience, and we will not waste time with professional negotiators.
If we suspect you to speaking by professional negotiators, your keys will be immediate deleted and data will be published/sold.

>>>>>>>>>>>>>>>>>>>>>>>>>>>> EVEREST LOCKER <<<<<<<<<<<<<<<<<<<<<<<<<<<<
    HELLO, DEAR FRIEND!
    1.  [ ALL YOUR FILES HAVE BEEN ENCRYPTED! ]
    Your files are NOT damaged! Your files are modified only. This modification is reversible.
    The only 1 way to decrypt your files is to receive the decryption program.
    2.  [ HOW TO RECOVERY FILES? ]
    To receive the decryption program write to email: everest@airmail.cc
    And in subject write your ID:  ID-[redacted 10 lowercase hex]
    We send you full instruction how to decrypt all your files.
    If you don't get a reply, then contact us using xmpp: decryptors@xmpp.is
    3.  [ FREE DECRYPTION! ]
    Free decryption as guarantee.
    We guarantee the receipt of the decryption program after payment.
    To believe, you can give us up to 3 files that we decrypt for free.
    Files should not be important to you! (databases, backups, large excel sheets, etc.)
>>>>>>>>>>>>>>>>>>>>>>>>>>>> EVEREST LOCKER <<<<<<<<<<<<<<<<<<<<<<<<<<<<

1. WHAT HAPPENED? <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Your company's network has been compromised by the HUNTERS INTERNATIONAL group.
All files are encrypted using a military-grade AES encryption algorithm.
A large amount of sensitive data was exfiltrated.

We usually download:

- Employees personal data: CVs, DL, SSN, PII, NDA contracts, etc.
- Financial information: documents, payrolls, bank statements, bills, transfers,
  budgets, annual reports, etc.
- Customer data: contracts, PII, contacts, purchase agreements, etc.
- Confidential: source code, trade secrets, technology, blueprints, documents, 
  etc.
- Work files, databases, legal documents, corporate correspondence.
- Accounting data.
- Audit reports.



2. WHAT DO WE OFFER <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

To prevent exfiltrated data from being disclosed and to decrypt all the files 
you need to make a payment. Contact us following the instructions:

1) Install and run “Tor Browser” from https://www.torproject.org/download/

2) Go to a dedicated website:
https://hunters33mmcwww7ek7q5ndahul6nmzmrsumfs6aenicbqon6mxfiqyd.onion/
https://hunters33dootzzwybhxyh6xnmumopeoza6u4hkontdqu7awnhmix7ad.onion/ (mirror)

3) Log in using the credentials: [redacted]



3. WHAT IF NOT? <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

We have the most powerful data leak site on the Internet. There are a lot of 
journalists, researchers and other hackers.

https://hunters55rdxciehoqzwv7vgyv6nt37tbwax2reroyzxhou7my5ejyid.onion/
https://huntersinternational.net/ (mirror)

An incomplete list of risks you are facing in case of non-payment:

 - Loss of customer trust and loyalty.
 - Damage to the company's reputation.
 - Legal consequences and compliance fines.
 - Financial losses and costs associated with data recovery.
 - Impact on competitive advantage and market share.
 - Breach of data privacy regulations and laws.
 - Disruption of business operations.
 - Reduced employee morale and productivity.
 - Potential for intellectual property theft.
 - Loss of trade secrets and proprietary information.



4. KEEP IN MIND <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

- Do not try to decrypt using third-party software. You will damage the files.
- Do not report to the Police, FBI, etc. They don't care about your business.
  They simply won't allow you to pay. As a result, you will lose everything.
- Do not hire a recovery company. They can't decrypt without the key.
  They also don't care about your business. They believe that they are
  good negotiators, but it is not. They usually fail. So speak for yourself.
- Do not reject to pay. Exfiltrated files will be disclosed right away.

~~~~ INC Ransom ~~~~
-----> Your data is stolen and encrypted.
If you don't pay the ransom, the data will be published on our TOR darknet sites.
The sooner you pay the ransom, the sooner your company will be safe.
Tor Browser Link:
http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/
http://incblog7vmuq7rktic73r4ha4j757m3ptym37tyvifzp2roedyyzzxid.onion/
Link for normal browser:
http://incapt.su/

-----> What guarantees are that we won't fool you?
We are not a politically motivated group and we want nothing more than money.
If you pay, we will provide you with decryption software and destroy the stolen data.
After you pay the ransom, you will quickly restore your systems and make even more money.
Treat this situation simply as a paid training for your system administrators, because it is due to your corporate network not being properly configured that we were able to attack you.
Our pentest services should be paid just like you pay the salaries of your system administrators. Get over it and pay for it.
If we don't give you a decryptor or delete your data after you pay, no one will pay us in the future.
You can get more information about us on Twitter https://twitter.com/hashtag/incransom?f=live
-----> You need to contact us on TOR darknet sites with your personal ID
Download and install Tor Browser https://www.torproject.org/
Write to the chat room and wait for an answer, we'll guarantee a response from you.
Sometimes you will have to wait some time for our reply, this is because we have a lot of work and we attack tens of companies around the world.
Tor Browser Link for chat:
http://incpaykabjqc2mtdxq6c23nqh4x6m5dkps5fr6vgdkgzp5njssx6qkid.onion/
Your personal ID:
[redacted]
-----> Warning! Don't delete or modify encrypted files, it will lead to problems with decryption of files!
-----> Don't go to the police or the FBI for help. They won't help you.
The police will try to prohibit you from paying the ransom in any way.
The first thing they will tell you is that there's no guarantee to decrypt your files and remove stolen files.
This is not true, we can do a test decryption before paying and your data will be guaranteed to be removed because it's a matter of our reputation.
Paying the ransom to us is much cheaper and more profitable than paying fines and legal fees.
The police and the FBI don't care what losses you suffer as a result of our attack, and we'll help you get rid of all your problems for a modest sum of money.
If you're worried that someone will trace your bank transfers, you can easily buy cryptocurrency for cash, thus leaving no digital trail that someone from your company paid our ransom.
The police and FBI won't be able to stop lawsuits from your customers for leaking personal and private information.
The police and FBI won't protect you from repeated attacks.
-----> Don't go to recovery companies!
They are essentially just middlemen who will make money off you and cheat you.
We are well aware of cases where recovery companies tell you that the ransom price is $5M dollars, but in fact they secretly negotiate with us for $1M.
If you approached us directly without intermediaries you would pay several times less.
-----> For those who have cyber insurance against ransomware attacks.
Insurance companies require you to keep your insurance information secret.
In most cases, we find this information and download it.
-----> If you do not pay the ransom, we will attack your company again in the future.

LockBit 3.0 the world's fastest and most stable ransomware from 2019

 >>>>> Your data is stolen and encrypted.

 BLOG Tor Browser Links:
 
 http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
 
 http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/

 http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/

 http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/

 http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/

 http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/

 http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/

 >>>>> What guarantee is there that we won't cheat you
 
 We
 
are the oldest ransomware affiliate program on the planet, nothing is 

more important than our reputation. We are not a politically motivated
group and we want nothing more than money. If you pay, we will fulfill 

all the terms we agree on during the negotiation process. Treat this 

situation simply as a paid training session for your system 

administrators, because it was the misconfiguration of your corporate 

network that allowed us to attack you. Our pentesting services should be
 
 paid for the same way you pay your system administrators salaries. You 

can get more information about us on Ilon Musk's Twitter 

https://twitter.com/hashtag/lockbit

 f=live

 >>>>> You need to contact us on TOR darknet sites with your personal ID

 Download and install Tor Browser https://www.torproject.org/

 Write
 
 to the chat room and wait for an answer, we'll guarantee a response
from us. If you need a unique ID for correspondence with us that no one 

will know about, ask it in the chat, we will generate a secret chat for 

you and give you his ID via private one-time memos service, no one can 

find out this ID but you. Sometimes you will have to wait some time for 

our reply, this is because we have a lot of work and we attack hundreds 

of companies around the world.

 Tor Browser personal link for CHAT available only to you (available during a ddos attack):

 http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion

 Tor Browser Links for CHAT (sometimes unavailable due to ddos attacks):

 http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion

 http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion

 http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion

 http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion

 http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion

 http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion

 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 >> Your personal Black ID: EF689D235EF31C4A496987A98A922E72 <<

 >>>>> Warning

 Do not delete or modify encrypted files, it will lead to problems with decryption of files

 >>>>> Don't go to the police or the FBI for help and don't tell anyone that we attacked you.

Your files are encrypted and can not be used
To return your files in work condition you need decryption tool
Follow the instructions to decrypt all your data
Do not try to change or restore files yourself, this will break them
If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB
How to get decryption tool:
1) Download and install TOR browser by this link: https://www.torproject.org/download/
2) If TOR blocked in your country and you can't access to the link then use any VPN software
3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin
4) Copy your private ID in the input field. Your Private key: [redacted]
5) You will see payment information and we can make free test decryption here
Our blog of leaked companies:
wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion
If you are unable to contact us through the site, then you can email us: mallox@stealthypost.net
Waiting for a response via mail can be several days. Do not use it if you have not tried contacting through the site. 

$$\      $$\ $$$$$$$$\ $$$$$$$\  $$\   $$\  $$$$$$\   $$$$$$\  
$$$\    $$$ |$$  _____|$$  __$$\ $$ |  $$ |$$  __$$\ $$  __$$\ 
$$$$\  $$$$ |$$ |      $$ |  $$ |$$ |  $$ |$$ /  \__|$$ /  $$ |
$$\$$\$$ $$ |$$$$$\    $$ |  $$ |$$ |  $$ |\$$$$$$\  $$$$$$$$ |
$$ \$$$  $$ |$$  __|   $$ |  $$ |$$ |  $$ | \____$$\ $$  __$$ |
$$ |\$  /$$ |$$ |      $$ |  $$ |$$ |  $$ |$$\   $$ |$$ |  $$ |
$$ | \_/ $$ |$$$$$$$$\ $$$$$$$  |\$$$$$$  |\$$$$$$  |$$ |  $$ |
\__|     \__|\________|\_______/  \______/  \______/ \__|  \__|
-----------------------------[ Hello, [redacted] !!! ]--------------------------

Sorry to interrupt your busy business.

WHAT HAPPEND?
------------------------------------------------------------
1. We have PENETRATE your network and COPIED data.
We have penetrated your entire network and researched all about your data.
And we have copied all of your confidential data and uploaded to private storage.

2. We have ENCRYPTED your files.
While you are reading this message, it means your files and data has been ENCRYPTED by world's strongest ransomware.
Your files have encrypted with new military-grade encryption algorithm and you can not decrypt your files.
But don't worry, we can decrypt your files.

There is only one possible way to get back your computers and servers, keep your privacy safe - CONTACT us via LIVE CHAT and pay for the special 
MEDUSA DECRYPTOR and DECRYPTION KEYs.
This MEDUSA DECRYPTOR will restore your entire network within less than 1 business day.


WHAT GUARANTEES?
---------------------------------------------------------------
We can post all of your critial data to the public and send emails to your competitors.
We have professional OSINTs and media team for leak data to telegram, facebook, twitter channels and top news websites. You can easily search about us.
You can suffer significant problems due to disastrous consequences, leading to loss of valuable intellectual property and other sensitive information, 
 costly incident response efforts, information misuse/abuse, loss of customer trust, brand and reputational damage, and legal and regulatory issues.

After paying for the data breach and decryption, we guarantee that your data will never be leaked and make everything silent, this is also for our reputation.

YOU should be AWARE!
---------------------------------------------------------------
We will speak only with an authorized person. It can be the CEO, top management etc.
In case you ar not such a person - DON'T CONTACT US! Your decisions and action can result in serious harm to your company!
Inform your supervisors and stay calm!


If you do not contact us within 2 days, We will start publish your case to our official blog and everybody will start notice your incident!
--------------------[ Official blog tor address ]--------------------
Using TOR Browser(https://www.torproject.org/download/):

http://xfv4jzckytb4g3ckwemcny3ihv4i5p4lqzdpi624cxisu35my5fwi5qd.onion/
http://wt26mlupk5sl6fmc675pbnsxnehf6dgkehb4vdp4uokbph3bb3il35id.onion/


CONTACT US!
----------------------[ Your company live chat address ]---------------------------
Using TOR Browser(https://www.torproject.org/download/):

http://medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion/[redacted]

Or Use Tox Chat Program(https://utox.org/uTox_win64.exe)
Add user with our tox ID : 4AE245548F2A225882951FB14E9BF87EE01A0C10AE159B99D1EA62620D91A372205227254A9F

Our support email: ( MedusaSupport@cock.li )

Company identification hash:
b3bde0171684bc795bc2a91a7f48f1d80f4b07790406c17d54eca93a5c4e44e4

All of your files are currently encrypted by MONTI strain. If you don't know who we are - just "Google it."
  As you already know, all of your data has been encrypted by our software.
  It cannot be recovered by any means without contacting our team directly.
  DON'T
 TRY TO RECOVER your data by yourselves. Any attempt to recover your 
data (including the usage of the additional recovery software) can 
damage your files. However,
  if you want to try - we recommend choosing the data of the lowest value.
  DON'T
 TRY TO IGNORE us. We've downloaded a pack of your internal data and are
 ready to publish it on our news website if you do not respond.
  So it will be better for both sides if you contact us as soon as possible.
  DON'T TRY TO CONTACT feds or any recovery companies.
  We have our informants in these structures, so any of your complaints will be immediately directed to us.
  So
 if you will hire any recovery company for negotiations or send requests
 to the police/FBI/investigators, we will consider this as a hostile 
intent and initiate the publication of whole compromised data 
immediately.
  To prove that we REALLY CAN get your data back - we offer you to decrypt two random files completely free of charge.
  You can contact our team directly for further instructions through our website :
  TOR VERSION :
  (you should download and install TOR browser first https://torproject.org)
  http://myosbja7hixkkjqihsjh6yvmqplz62gr3r4isctjjtu2vm5jg6hsv2ad.onion/chat/[redacted]/ 
  Also visit our blog (via Tor):
  http://mblogci3rudehaagbryjznltdp33ojwzkq6hn2pckvjq33rycmzczpid.onion/
  YOU SHOULD BE AWARE
  We will speak only with an authorized person. It can be the CEO, top management, etc.
  In case you are not such a person - DON'T CONTACT US
  Your decisions and action can result in serious harm to your company
  Inform your supervisors and stay calm

-=-=-=- Alpha ransomware -=-=-=-
-=- Visit our blog: mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id[.]onion/blog -=-
-=- Your data have been stolen and encrypted -=-
-=- You won't be able to decrypt them without our help -=-
-=- Dont try to RECOVER, DELETE or MODIFY any files, this will make it impossible to restore -=-
-=- We will help you in restoring your system, also decrypt several files for free -=-
-=- Contact us for price and get decryption software -=-
Note that this server is available via Tor browser only Follow the instructions to open the link:
mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id[.]onion
1. Type the address "https://www.torproject.org" in your Internet browser. It opens the Tor site.
2. Press "Download Tor", then press "Download Tor Browser", install and run it.
3. Now you have Tor browser. In the Tor Browser open mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id[.]onion
4. Copy your personal decryption key and paste it in the window that appears, enter the captcha and click the button submit.
5. Start a chat and follow the further instructions.
-----------------
Your personal decryption key:
[redacted]

news portal, tor network links:
mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion
k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion
maecretsonocauja@gmx.de

-- Qilin
Your network/system was encrypted.
Encrypted files have new extension.
-- Compromising and sensitive data
We have downloaded compromising and sensitive data from your system/network.
Our group cooperates with the mass media.
If you refuse to communicate with us and we do not come to an agreement, your data will be reviewed and published on our blog (http://kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad.onion) and on the media page (https://31.41.244.100)
Data includes:
- Employees personal data, CVs, DL , SSN.
- Complete network map including credentials for local and remote services.
- Financial information including clients data, bills, budgets, annual reports, bank statements.
- Complete datagrams/schemas/drawings for manufacturing in solidworks format
- And more...
-- Warning
1) If you modify files - our decrypt software won't able to recover data
2) If you use third party software - you can damage/modify files (see item 1)
3) You need cipher key / our decrypt software to restore you files.
4) The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions.
-- Recovery
1) Download tor browser: https://www.torproject.org/download/
2) Go to domain
3) Enter credentials-- Credentials
Extension: 
Domain: q5bwdnb3t7zbhywir5j6k3kdjhwjsa5lidwzthef2pa2qbnfk2lznxad.onion
login: 
password: 

RA World
Notification
Your data are stolen and encrypted when you read this letter.
We have copied all data to our server.
Don't worry, your data will not be made public if you do what I want.
But if you don't pay, we will release the data, contact your customers and regulators and destroy your system again.
We can decrypt some files to prove that the decrypt tool works correctly.
What we want
Contact us, pay for ransom.
If you pay, we will provide you the programs for decryption and we will delete your data where on our servers.
If not, we will leak your datas and your company will appear in the shame list below.
If not, we will email to your customers and report to supervisory authority.
How contact us
We use qTox to contact, you can download qTox from office website:
https://qtox.github.io
Our qTox ID is:
1798A384C813D95638B14D9DA5E4D98C41F58D9951FE44DCE2306459B5BDA0358C6AA519CFC1
We have no other contacts.
If there is no contact within 3 days, we will make sample files public.
If there is no contact within 7 days, we will stop communicating and release data in batches.
The longer time, the higher ransom.
RA World Office Site:
[Permanent address] http://raworldw32b2qxevn3gp63pvibgixr4v75z62etlptg3u3pmajwra4ad.onion
[Temporary address] http://161.35.200.18
Sample files release link:
Sample files:
[redacted]
Unpay Victim Lists
*** You'll be here too if you don't pay
*** More and more people will get your files
[redacted]
Their files can be downloaded from our site:
[Permanent address] http://raworlddecssyq43oim3hxhc5oxvlbaxuj73xbz2pbbowso3l4kn27qd.onion/share/[redacted]
[Temporary address] http://45.63.116.244/share/[redacted]
You can use Tor Browser to open .onion url.
Ger more information from Tor office website:
https://www.torproject.org

Greetings, -!
 
Read this message CAREFULLY and contact someone from IT department.
Your files are securely ENCRYPTED.
No third party decryption software EXISTS.
MODIFICATION or RENAMING encrypted files may cause decryption failure.
 
You can send us an encrypted file (not greater than 400KB) and we will decrypt it FOR FREE,
so you have no doubts in possibility to restore all files from all affected systems ANY TIME.
Encrypted file SHOULD NOT contain sensitive information (technical, backups, databases, large documents).
The rest of data will be available after the PAYMENT.
Infrastructure rebuild will cost you MUCH more.
 
Contact us ONLY if you officially represent the whole affected network.
The ONLY attachments we accept are non archived encrypted files for test decryption.
Speak ENGLISH when contacting us.
 
Mail us: txdot911@protonmail.com
We kindly ask you not to use GMAIL, YAHOO or LIVE to contact us.
The PRICE depends on how quickly you do it.

We are the RansomHub.
Your company Servers are locked and Data has been taken to our servers. This is serious.
Good news:
- your server system and data will be restored by our Decryption Tool
- for now, your data is secured and safely stored on our server
- nobody in the world is aware about the data leak from your company except you and RansomHub team
Who we are
- Normal Browser Links: https://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion.ly/
- Tor Browser Links: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/
Want to go to authorities for protection
- Seeking their help will only make the situation worse,They will try to prevent you from negotiating with us, because the negotiations will make them look incompetent,After the incident report is handed over to the government department, you will be fined ,The government uses your fine to reward them.And you will not get anything, and except you and your company, the rest of the people will forget what happened
Think you can handle it without us by decrypting your servers and data using some IT Solution from third-party "specialists"
- they will only make significant damage to all of your data
every encrypted file will be corrupted forever. Only our Decryption Tool will make decryption guaranteed
Think your partner IT Recovery Company will do files restoration
- no they will not do restoration, only take 3-4 weeks for nothing
besides all of your data is on our servers and we can publish it at any time
as well as send the info about the data breach from your company servers to your key partners and clients, competitors, media and youtubers, etc.
Those actions from our side towards your company will have irreversible negative consequences for your business reputation.
You don't care in any case, because you just don't want to pay
- We will make you business stop forever by using all of our experience to make your partners, clients, employees and whoever cooperates with your company change their minds by having no choice but to stay away from your company.
As a result, in midterm you will have to close your business.
So lets get straight to the point.
What do we offer in exchange on your payment:
- decryption and restoration of all your systems and data within 24 hours with guarantee
- never inform anyone about the data breach out from your company
- after data decryption and system restoration, we will delete all of your data from your servers forever
- provide valuable advising on your company IT protection so no one can attack your again.
Now, in order to start negotiations, you need to do the following:
- install and run 'Tor Browser' from https://www.torproject.org/download/
- use 'Tor Browser' open http://sdhipwlqmxv7k4wgrrvhjfwpwapa3uxudtl5otkm757q5jyvl7gk5nqd.onion/
- enter your Client ID: [redacted]
There will be no bad news for your company after successful negotiations for both sides. But there will be plenty of those bad news if case of failed negotiations, so don't think about how to avoid it.
Just focus on negotiations, payment and decryption to make all of your problems solved by our specialists within 1 day after payment received: servers and data restored, everything will work good as new.
************************************************

Security notice from cyber pentesting team "Rhys1da"
Attention for Management,
The scheduled penetration testing of your network has been successfully completed. Please contact us immediately at the following email addresses to review the findings, discuss next steps, and initiate the process of returning your network to its operational state. This is an essential step to ensure the security and integrity of your network infrastructure. Your prompt response is required to expedite this process.
Your secret key [redacted]
Or write email: RodrickLuettgen@onionmail.org \ RashadEffertz@onionmail.org
For more information, please visit our website:
rhysidafohrhyy2aszi7bm32tnjat5xri65fopcxkdfxhi4tidsg7cad.onion rhysidafc6lm7qa2mkiukbezh7zuth3i4wof4mh2audkymscjm6yegad.onion (use Tor browser)
Attention Employees:
This logon notification is to inform you that the recent network disruptions were part of a planned security test by our IT department in collaboration with pentesting company "Rhysida". We appreciate your understanding and patience during this crucial testing phase. With approval from management pending, you may find that some business processes are not yet restored. In the meantime, feel free to enjoy a relaxed moment with a cup of coffee and some leisure time on Instagram or Facebook.
Thank you, your cybersecurity pentesting team "Rhys1da"

RisenNote :
Read this text file carefully.


We have penetrated your whole network due some critical security issues.


We have encrypted all of your files on each host in the network within strong algorithm.


We have also Took your critical data such as docs, images, engineering data, accounting data, customers and ...
And trust me, we exactly know what should we collect in case of NO corporation until the end of the deadline we WILL leak or sell your data,
the only way to stop this process is successful corporation.


We have monitored your Backup plans for a whileand they are completely out of access(encrypted)


The only situation for recovering your files is our decryptor,
there are many middle man services out there whom will contact us for your caseand add an amount of money on the FIXED price that we gave to them,
so be aware of them.


Remember, you can send Upto 3 test files for decrypting, before making payment,
we highly recommend to get test files to prevent possible scams.


In order to contact us you can either use following email :


Email address : Happycat@cyberfear[.]com


Or If you weren't able to contact us whitin 24 hours please Email : bluecrap@my[.]com


Leave subject as your machine id : [redacted]


If you didn't get any respond within 72 hours use our blog to contact us, 
therefore we can create another way for you to contact your cryptor as soon as possible.
TOR BLOG : hxxp://o6pi3u67zyag73ligtsupin5rjkxpfrbofwoxnhimpgpfttxqu7lsuyd[.]onion

Telegram - @ScareCrowRestore1
@ScareCrowRestore2
@ScareCrowRestore3

Dear managment!

---Welcome! Your are locked by SenSayQ!---

If you are reading this message, means that:

  * Your network infrastructures have been compromized!
  * Critical data has leaked!
  * Files are encrypted!
    

-----------------------------------------------------------------------
The best and only thing you can do is to contact us to settle the matter before any losses occurs. 
-----------------------------------------------------------------------

1. If you modify files - our decrypt software won't able to recover data.
2. If you use third party software - you can damage/modify files (see item 1). 
3. You need cipher key / our decrypt software to restore you files. 
4. The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions.


Contacting us will be the fastest and safest solution to the problem.

-----------------------------------------------------------------------

Attention! If you do not contact us within 72 hours, we will be forced to publish the stolen data on our website.


To contact us:

1. Download and install Tor Browser - torproject.org/download
2. Follow the link: ppzmaodrgtg7r6zcputdlaqfliubmmjpo4u56l3ayckut3nyvw6dyayd.onion
3. Enter your ID: [id]


E-mail support: qn.support@cyberfear.com

We downloaded to our servers and encrypted all your databases and personal information!


to contact us


download TOR


hxxps://www[.]torproject[.]org/download/


follow this link hxxp://txtggyng5euqkyzl2knbejwpm4rlq575jn2egqldu27osbqytrj6ruyd[.]onion


follow the instructions on the website


if you're having trouble with TOR



e-mail wehaveyourdata@onionmail[.]org



IMPORTANT INFORMATION!


If you do not write to us within 24 hours, we will start publishing and selling your data on the darknet on hacker sites and offer the information to your competitors


Guarantee:If we don't provide you with a decryptor or delete your data after you pay,no one will pay us in the future. We value our reputation.


Guarantee key:To prove that the decryption key exists, we can test the file (not the database and backup) for free.


Do not try to decrypt your data using third party software, it may cause permanent data loss.


Don't go to recovery companies - they are essentially just middlemen.Decryption of your files with the help of third parties may cause increased price (they add their fee to our) we're the only ones who have the decryption keys.

The Underground team welcomes you!
We would like to inform that your network has been tested by us for vulnerabilities.
Poor network security could cause your data to be lost forever.
Your files are currently encrypted, they can be restored to their original state with a decryptor key that only we have.
The key is in a single copy on our server.
Attempting to recover data by your own efforts may result in data loss.
It is important not to change their current state. Each file additionally has a unique cipher, which you can restore only with our help.
We also examined your infrastructure and downloaded the most sensitive data.
The list of hosts from which the information was downloaded:
[redacted]
----------------------------------
-email communications with clients that contain confidential agreements
-accounting and tax reports for each client
-audit documents
-companys and clients financial documents
-clients passports/ID's and private information
-documents contain privileged and confidential information
-password-protected documents from a bank
-payroll data
-company financial and performance data
-employees personal information (Tc Identification Numbers)

The total amount of downloaded information more than [redacted] Gb
If you do not contact us within 3 days, or we cannot reach an agreement, all data will be published 
on a site that no one can block.
Confidential data can be helpful for your competitors, enemies and darknet market hackers from over the world. 
The consequences will be unpredictable and the process cannot be stopped. 
Information about data leaks is bound to get into the media. Your company's reputation will be damaged.
We value and respect every business, including yours.
Therefore, we suggest you avoid further negative consequences and return to your work as soon as possible.
We guarantee a fair and confidential deal in the shortest possible time. 
You will not only receive a decryptor, but also a description of your network vulnerabilities and information security recommendations. If necessary, you will be provided with qualified data recovery assistance.
You can trust us! Reputation is important to everyone. 
As a proof of our statements, we are ready to restore some files for free and
demonstrate how our product works.
Best regards, Underground team !

Contacts for communication via chat:
login to your account
(Tor Browser)
http://undgrddapc4reaunnrdrmnagvdelqfvmgycuvilgwb5uxm25sxawaoqd.onion/   
your login:      TPA
your password:   [redacted]
your ID: [redacted]

 --------------------------------------------------------------------------

                       HELLO [redacted]

If you are reading this message, means that: 
     - your network infrastructures have been compromised, 
     - critical data has leaked, 
     - files are encrypted

           ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
           ┃         Welcome to the Ransom House           ┃
           ┃                You are locked by              ┃
           ┃            W H I T E    R A B B I T           ┃
           ┃      Knock, Knock. Follow the White Rabbit... ┃
           ┃                                               ┃  
           ┃                   (\(\                        ┃  
           ┃                   (-.-)                       ┃          
           ┃                   (")(")                      ┃  
           ┃                                               ┃
           ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛

           The best and only thing you can do is to contact us 
             to settle the matter before any losses occurs.                                             

--------------------------------------------------------------------------

                                 1. THE FOLLOWING IS STRICTLY FORBIDDEN

1.1 DELETION THIS NOTE.    
                           Each note carries the encryption key 
                           needed to decrypt the data, 
                           don't lose it

1.2 EDITING FILES OR HDD.  
                           Renaming, copying or moving any files 
                           could DAMAGE the cypher and 
                           decryption will be impossible. 

1.3 USING THIRD-PARTY SOFTWARE. 
                           Trying to recover with any software 
                           can also break the cipher and 
                           file recovery will become a problem.

1.4 SHUTDOWN OR RESTART THE PC. 
                           Boot and recovery errors can also damage the cipher. 
                           Sorry about that, but doing so is entirely at your own risk.

1.5 HIRING THE FBI AND OTHERS
                           Cooperating with the FBI|CIA and so on 
                           and involving their officers in negotiations 
                           will end our communication with you 
                           and we will share all the leaked data for free. 

--------------------------------------------------------------------------------------------------

                                 2. EXPLANATION OF THE SITUATION
2.1 HOW DID THIS HAPPEN

The security of your IT perimeter has been compromised (it's not perfect at all). 
We encrypted your workstations and servers to make the fact of the intrusion visible and to prevent you from hiding critical data leaks.
We spent a lot of time for researching and finding out the most important directories of your business, your weak points. 
We have already downloaded a huge amount of critical data and analyzed it. Now it's fate is up to you, it will either be deleted or sold, or shared with the media.

2.2 VALUABLE DATA WE USUALLY STEAL:
                           - Databases, legal documents, billings, clients personal information, SSN...
                           - Audit reports
                           - Any financial documents (Statements, invoices, accounting, transfers etc.) 
                           - work files and corporate correspondence
                           - Any backups

2.3 TO DO LIST (best practies)
                           - Contact us as soon as possible
                           - Contact us only in our chat, otherwise you can run into scammers.
                           - Purchase our decryption tool and decrypt your files. There is no other way to do this.
                           - Realize that dealing with us is the shortest way to the success and secrecy.
                           - Give up the idea of using decryption help programs, otherwise you will destroy the system permanently
                           - Avoid any third-party negotiators and recovery groups. They can allow the event to leak.

--------------------------------------------------------------------------------------------------

                                 3. POSSIBLE DECISIONS
3.1 NOT MAKING THE DEAL
                           - After 4 days starting tomorrow your leaked data will be published or sold.
                           - We will also send the data to all interested supervisory organizations and the media.
                           - Decryption key will be deleted permanently and recovery will be impossible.
                           - Losses from the situation will be measured based on your annual budget

3.2 MAKING THE WIN-WIN DEAL
                           - You will get the Decryption Tool and the Manual how-to-use. 
                           - You will get our guarantee and log of non-recovarable deletion of all your data.
                           - You will get the guarantee of secrecy and deletion of all traces of the deal in internet. 
                           - You will get the security report on how to fix your security breaches.

--------------------------------------------------------------------------------------------------

                                 4. EVIDENCE OF THE LEAKAGE
4.1 SCREENSHOTS:
               [redacted]
               [redacted]
               [redacted]
               [redacted]
               [redacted]

4.2 DB sample:  hxxps://file[.]io/[redacted]
 hxxps://file[.]io/[redacted]  
 Password:[redacted]
--------------------------------------------------------------------------------------------------

                                 5. HOW TO CONTACT US

5.1 Download and install TOR Browser https://torproject.org
5.2 Open our live-chat website at [redacted]
5.3 To review leaked data at temporarily server get the ftp access in our live chat
5.4 If the TOR Browser is restricted in your area then use VPN services
5.5 All your Data will be published in 4 Days in the case of silence on your side
5.6 Your Decryption keys will be permanently destroyed synchronous 5.5
5.7 Your Data will be published if you will hire third-party negotiators to contact us

--------------------------------------------------------------------------------------------------

                                 6. RESPONSIBILITY

6.1 The breaking of critical points of this offer will cause:
                           - deletion of your decryption keys
                           - immediate selling of your data
                           - in the case of non-selling we will publish your data for free 
                           - notification of government supervision agencies, your competitors and clients
--------------------------------------------------------------------------------------------------
                                7. Encryption Key


---BEGIN KEY---
[redacted 256 bytes base64]
---END KEY---