Ransomware Variants

Our FREE comprehensive collection of ransomware variants with detailed information and recovery recommendations.

Isolate infected systems immediately
Restore from backups if available
View details for more...

Cartel

High Risk

Cartel is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Cicada3301

High Risk

Cicada3301 is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ************************************* *** Welcome to Cicada3301 *** ************************************* ** What Happened? ** ---------------------------------------------- Your computers and servers are encrypted, your backups are deleted. We use strong encryption algorithms, so you won't be able to decrypt your data. You can recover everything by purchasing a special data recovery program from us. This program will restore your entire network. ** Data Leak ** ---------------------- Sample ransom note: ************************************* *** Welcome to Cicada3301 *** ************************************* ** What Happened? ** ---------------------------------------------- Your computers and servers are encrypted, your backups are deleted. We use strong encryption algorithms, so you won't be able to decrypt your data. You can recover everything by purchasing a special data recovery program from us. This program will restore your entire network. ** Data Leak ** ---------------------- Sample ransom note: ************************************* *** Welcome to Cicada3301 *** ************************************* ** What Happened? ** ---------------------------------------------- Your computers and servers are encrypted, your backups are deleted. We use strong encryption algorithms, so you won't be able to decrypt your data. You can recover everything by purchasing a special data recovery program from us. This program will restore your entire network. ** Data Leak ** ----------------------

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Cloak

High Risk

Cloak is a ransomware variant with 3 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: !!! ATTENTION !!! Your network is hacked and files are encrypted. Including the encrypted data we also downloaded other confidential information: Data of your employees, customers, partners, as well as accounting and other internal documentation of your company. All data is stored until you will pay. After payment we will provide you the programs for decryption and we will delete your data. If you refuse to negotiate with us (for any reason) all your data will be put up for sale. Wha --- !!! ATTENTION !!! Your network is hacked and files are encrypted. Including the encrypted data we also downloaded other confidential information: Data of your employees, customers, partners, as well as accounting and other internal documentation of your company. All data is stored until you will pay. After payment we will provide you the programs for decryption and we will delete your data. If you refuse to negotiate with us (for any reason) all your data will be put up for sale. Wha --- Urgent! Your files have been encrypted - act now to recover them! Greetings, We are a Ransomware Group, and we have successfully infiltrated your system and encrypted your valuable files. We have the only working decryptor, which is the one way to restore your data. Do not attempt to recover the files yourself or involve any third-party organizations, such as law enforcement or cybersecurity firms. Any attempts to do so will result in the permanent deletion of your files without any chance of Sample ransom note: !!! ATTENTION !!! Your network is hacked and files are encrypted. Including the encrypted data we also downloaded other confidential information: Data of your employees, customers, partners, as well as accounting and other internal documentation of your company. All data is stored until you will pay. After payment we will provide you the programs for decryption and we will delete your data. If you refuse to negotiate with us (for any reason) all your data will be put up for sale. Wha --- !!! ATTENTION !!! Your network is hacked and files are encrypted. Including the encrypted data we also downloaded other confidential information: Data of your employees, customers, partners, as well as accounting and other internal documentation of your company. All data is stored until you will pay. After payment we will provide you the programs for decryption and we will delete your data. If you refuse to negotiate with us (for any reason) all your data will be put up for sale. Wha --- Urgent! Your files have been encrypted - act now to recover them! Greetings, We are a Ransomware Group, and we have successfully infiltrated your system and encrypted your valuable files. We have the only working decryptor, which is the one way to restore your data. Do not attempt to recover the files yourself or involve any third-party organizations, such as law enforcement or cybersecurity firms. Any attempts to do so will result in the permanent deletion of your files without any chance of Sample ransom note: !!! ATTENTION !!! Your network is hacked and files are encrypted. Including the encrypted data we also downloaded other confidential information: Data of your employees, customers, partners, as well as accounting and other internal documentation of your company. All data is stored until you will pay. After payment we will provide you the programs for decryption and we will delete your data. If you refuse to negotiate with us (for any reason) all your data will be put up for sale. Wha --- !!! ATTENTION !!! Your network is hacked and files are encrypted. Including the encrypted data we also downloaded other confidential information: Data of your employees, customers, partners, as well as accounting and other internal documentation of your company. All data is stored until you will pay. After payment we will provide you the programs for decryption and we will delete your data. If you refuse to negotiate with us (for any reason) all your data will be put up for sale. Wha --- Urgent! Your files have been encrypted - act now to recover them! Greetings, We are a Ransomware Group, and we have successfully infiltrated your system and encrypted your valuable files. We have the only working decryptor, which is the one way to restore your data. Do not attempt to recover the files yourself or involve any third-party organizations, such as law enforcement or cybersecurity firms. Any attempts to do so will result in the permanent deletion of your files without any chance of

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Clop

High Risk

Clop is a ransomware variant with 4 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Attention! We are the ones who hacked you and DOWNLOAD yor data! We have extensive experience and a strong reputation in this field. Take what is written below seriously!!!! We DOWNLOADED - 1,65 Tb We DOWNLOADED - Your financial documentation, HR Documents, Accounting, your mails,Databases,private correspondence about transactions, employee documents, company documents,Internal manuals, production data, and much more . If necessary, we are ready to provide all the evidence. Con --- Hello, [snip] !!!. We are CL0P^_ group. If you don't know us, search on google. Your company's data has been compromised through your cleo system. We own it now. To do this, you need to download the TOR browser https://www.torproject.org/download/ You can read about us here CL0P^_- LEAKS http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion Using a vulnerability in platform systems Cleo Harmony, VLTrader and LexiCom we gained access to your networks and downloaded all the info --- Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted or deleted or backup disks were formatted. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation No decryption software is available in the public. DO NOT RESET OR SHUTDOWN – files may be damaged. DO NOT RENAME OR MOVE the encrypted and readme files. Sample ransom note: Attention! We are the ones who hacked you and DOWNLOAD yor data! We have extensive experience and a strong reputation in this field. Take what is written below seriously!!!! We DOWNLOADED - 1,65 Tb We DOWNLOADED - Your financial documentation, HR Documents, Accounting, your mails,Databases,private correspondence about transactions, employee documents, company documents,Internal manuals, production data, and much more . If necessary, we are ready to provide all the evidence. Con --- Hello, [snip] !!!. We are CL0P^_ group. If you don't know us, search on google. Your company's data has been compromised through your cleo system. We own it now. To do this, you need to download the TOR browser https://www.torproject.org/download/ You can read about us here CL0P^_- LEAKS http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion Using a vulnerability in platform systems Cleo Harmony, VLTrader and LexiCom we gained access to your networks and downloaded all the info --- Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted or deleted or backup disks were formatted. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation No decryption software is available in the public. DO NOT RESET OR SHUTDOWN – files may be damaged. DO NOT RENAME OR MOVE the encrypted and readme files. Sample ransom note: Attention! We are the ones who hacked you and DOWNLOAD yor data! We have extensive experience and a strong reputation in this field. Take what is written below seriously!!!! We DOWNLOADED - 1,65 Tb We DOWNLOADED - Your financial documentation, HR Documents, Accounting, your mails,Databases,private correspondence about transactions, employee documents, company documents,Internal manuals, production data, and much more . If necessary, we are ready to provide all the evidence. Con --- Hello, [snip] !!!. We are CL0P^_ group. If you don't know us, search on google. Your company's data has been compromised through your cleo system. We own it now. To do this, you need to download the TOR browser https://www.torproject.org/download/ You can read about us here CL0P^_- LEAKS http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion Using a vulnerability in platform systems Cleo Harmony, VLTrader and LexiCom we gained access to your networks and downloaded all the info --- Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted or deleted or backup disks were formatted. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation No decryption software is available in the public. DO NOT RESET OR SHUTDOWN – files may be damaged. DO NOT RENAME OR MOVE the encrypted and readme files.

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Conti

High Risk

Conti is a ransomware variant with 4 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: All of your files are currently encrypted by CONTI strain. As you know (if you don't - just "google it"), all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value. To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of --- All of your files are currently encrypted by CONTI strain. As you know (if you don't - just "google it"), all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value. To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of --- All of your files are currently encrypted by CONTI ransomware. If you try to use any additional recovery software - the files might be damaged or lost. To make sure that we REALLY CAN recover data - we offer you to decrypt samples. You can contact us for further instructions through our website : TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion HTTPS VERSION : https://contire Sample ransom note: All of your files are currently encrypted by CONTI strain. As you know (if you don't - just "google it"), all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value. To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of --- All of your files are currently encrypted by CONTI strain. As you know (if you don't - just "google it"), all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value. To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of --- All of your files are currently encrypted by CONTI ransomware. If you try to use any additional recovery software - the files might be damaged or lost. To make sure that we REALLY CAN recover data - we offer you to decrypt samples. You can contact us for further instructions through our website : TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion HTTPS VERSION : https://contire Sample ransom note: All of your files are currently encrypted by CONTI strain. As you know (if you don't - just "google it"), all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value. To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of --- All of your files are currently encrypted by CONTI strain. As you know (if you don't - just "google it"), all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value. To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of --- All of your files are currently encrypted by CONTI ransomware. If you try to use any additional recovery software - the files might be damaged or lost. To make sure that we REALLY CAN recover data - we offer you to decrypt samples. You can contact us for further instructions through our website : TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion HTTPS VERSION : https://contire

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Cryptnet

High Risk

Cryptnet is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: *** CRYPTNET RANSOMWARE *** --- What happened? --- All of your files are encrypted and stolen. Stolen data will be published soon on our tor website. There is no way to recover your data and prevent data leakage without us Decryption is not possible without private key. Don't waste your and our time to recover your files. It is impossible without our help --- How to recover files & prevent leakage? --- To make sure that we REALLY CAN recover your data - we offer FREE DECRYPTION for warranty. Sample ransom note: *** CRYPTNET RANSOMWARE *** --- What happened? --- All of your files are encrypted and stolen. Stolen data will be published soon on our tor website. There is no way to recover your data and prevent data leakage without us Decryption is not possible without private key. Don't waste your and our time to recover your files. It is impossible without our help --- How to recover files & prevent leakage? --- To make sure that we REALLY CAN recover your data - we offer FREE DECRYPTION for warranty. Sample ransom note: *** CRYPTNET RANSOMWARE *** --- What happened? --- All of your files are encrypted and stolen. Stolen data will be published soon on our tor website. There is no way to recover your data and prevent data leakage without us Decryption is not possible without private key. Don't waste your and our time to recover your files. It is impossible without our help --- How to recover files & prevent leakage? --- To make sure that we REALLY CAN recover your data - we offer FREE DECRYPTION for warranty.

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Cryptomix

High Risk

Cryptomix is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: All your files have been encrypted! If you want to restore them, write us to the e-mail : [email protected] Write this ID in the title of your message DECRYPT-ID-[snip] number number In case of no answer in 48 hours write us to theese e-mails : [email protected] You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. Free decryption as guarantee Before paying you Sample ransom note: All your files have been encrypted! If you want to restore them, write us to the e-mail : [email protected] Write this ID in the title of your message DECRYPT-ID-[snip] number number In case of no answer in 48 hours write us to theese e-mails : [email protected] You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. Free decryption as guarantee Before paying you Sample ransom note: All your files have been encrypted! If you want to restore them, write us to the e-mail : [email protected] Write this ID in the title of your message DECRYPT-ID-[snip] number number In case of no answer in 48 hours write us to theese e-mails : [email protected] You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. Free decryption as guarantee Before paying you

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Cryptxxx

High Risk

Cryptxxx is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: @@@@@@@ NOT YOUR LANGUAGE? USE https://translate.google.com @@@@@@@ What happened to your files ? @@@@@@@ All of your files were protected by a strong encryption with RZA4096 @@@@@@@ More information about the en-Xryption keys using RZA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) @@@@@@@ How did this happen ? @@@@@@@ !!! Specially for your PC was generated personal RZA4096 Key , both publik and private. @@@@@@@ !!! ALL YOUR FILES were en-Xrypted with the publik key, Sample ransom note: @@@@@@@ NOT YOUR LANGUAGE? USE https://translate.google.com @@@@@@@ What happened to your files ? @@@@@@@ All of your files were protected by a strong encryption with RZA4096 @@@@@@@ More information about the en-Xryption keys using RZA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) @@@@@@@ How did this happen ? @@@@@@@ !!! Specially for your PC was generated personal RZA4096 Key , both publik and private. @@@@@@@ !!! ALL YOUR FILES were en-Xrypted with the publik key, Sample ransom note: @@@@@@@ NOT YOUR LANGUAGE? USE https://translate.google.com @@@@@@@ What happened to your files ? @@@@@@@ All of your files were protected by a strong encryption with RZA4096 @@@@@@@ More information about the en-Xryption keys using RZA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) @@@@@@@ How did this happen ? @@@@@@@ !!! Specially for your PC was generated personal RZA4096 Key , both publik and private. @@@@@@@ !!! ALL YOUR FILES were en-Xrypted with the publik key,

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Crytox

High Risk

Crytox is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: <html><head><meta charset='UTF-8'><title>recovery tool</title><HTA:APPLICATION\r\nICON='msiexec.exe'\r\nSINGLEINSTANCE='yes'\r\nSysMenu=\"no\">\r\n<script language='JScript'>window.moveTo(50,50);window.resizeTo(screen.width-100,screen.height-100);</script><script>function countdown(dateEnd){var timer,days,hours,minutes,seconds;dateEnd=new Date(dateEnd);dateEnd=dateEnd.getTime();if(isNaN(dateEnd)){return;}timer=setInterval(calculate,1000);function calculate(){var dateStart=new Date();var dateStar Sample ransom note: <html><head><meta charset='UTF-8'><title>recovery tool</title><HTA:APPLICATION\r\nICON='msiexec.exe'\r\nSINGLEINSTANCE='yes'\r\nSysMenu=\"no\">\r\n<script language='JScript'>window.moveTo(50,50);window.resizeTo(screen.width-100,screen.height-100);</script><script>function countdown(dateEnd){var timer,days,hours,minutes,seconds;dateEnd=new Date(dateEnd);dateEnd=dateEnd.getTime();if(isNaN(dateEnd)){return;}timer=setInterval(calculate,1000);function calculate(){var dateStart=new Date();var dateStar Sample ransom note: <html><head><meta charset='UTF-8'><title>recovery tool</title><HTA:APPLICATION\r\nICON='msiexec.exe'\r\nSINGLEINSTANCE='yes'\r\nSysMenu=\"no\">\r\n<script language='JScript'>window.moveTo(50,50);window.resizeTo(screen.width-100,screen.height-100);</script><script>function countdown(dateEnd){var timer,days,hours,minutes,seconds;dateEnd=new Date(dateEnd);dateEnd=dateEnd.getTime();if(isNaN(dateEnd)){return;}timer=setInterval(calculate,1000);function calculate(){var dateStart=new Date();var dateStar

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Ctblocker

High Risk

Ctblocker is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key. If you see the main locker window, follow the instructions on the locker. Overwise, it's seems that you or your antivirus deleted the locker program. Now you have the last chance to decrypt your files. Open http: Sample ransom note: Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key. If you see the main locker window, follow the instructions on the locker. Overwise, it's seems that you or your antivirus deleted the locker program. Now you have the last chance to decrypt your files. Open http: Sample ransom note: Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key. If you see the main locker window, follow the instructions on the locker. Overwise, it's seems that you or your antivirus deleted the locker program. Now you have the last chance to decrypt your files. Open http:

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Cuba

High Risk

Cuba is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Good day. All your files are encrypted. For decryption contact us. Write here [email protected] reserve [email protected] jabber [email protected] We also inform that your databases, ftp server and file server were downloaded by us to our servers. If we do not receive a message from you within three days, we regard this as a refusal to negotiate. Check our platform: http://cuba4ikm4jakjgmkezytyawtdgr2xymvy6nvzgw5cglswg3si76icnqd.onion/ * Do not rename encrypted files. * Do not try to de Sample ransom note: Good day. All your files are encrypted. For decryption contact us. Write here [email protected] reserve [email protected] jabber [email protected] We also inform that your databases, ftp server and file server were downloaded by us to our servers. If we do not receive a message from you within three days, we regard this as a refusal to negotiate. Check our platform: http://cuba4ikm4jakjgmkezytyawtdgr2xymvy6nvzgw5cglswg3si76icnqd.onion/ * Do not rename encrypted files. * Do not try to de Sample ransom note: Good day. All your files are encrypted. For decryption contact us. Write here [email protected] reserve [email protected] jabber [email protected] We also inform that your databases, ftp server and file server were downloaded by us to our servers. If we do not receive a message from you within three days, we regard this as a refusal to negotiate. Check our platform: http://cuba4ikm4jakjgmkezytyawtdgr2xymvy6nvzgw5cglswg3si76icnqd.onion/ * Do not rename encrypted files. * Do not try to de

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Cyberex

High Risk

Cyberex is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Your organization has been impacted by a Hacker's attack! All Your Files has been Encrypted. We are using Military Grade Encryption Algorithms. That means the files can't be decrypted without our decryption tool. Valuble Data has been copyed to OUR Servers. To recover your data and prevent data leakage you must contact us within 48 hours. To start negotiating you need to download: https://www.torproject.org/download/ Then open one of link below to start Chat: http://p6lm43x2ntdgx5ixdqfmhrn Sample ransom note: Your organization has been impacted by a Hacker's attack! All Your Files has been Encrypted. We are using Military Grade Encryption Algorithms. That means the files can't be decrypted without our decryption tool. Valuble Data has been copyed to OUR Servers. To recover your data and prevent data leakage you must contact us within 48 hours. To start negotiating you need to download: https://www.torproject.org/download/ Then open one of link below to start Chat: http://p6lm43x2ntdgx5ixdqfmhrn Sample ransom note: Your organization has been impacted by a Hacker's attack! All Your Files has been Encrypted. We are using Military Grade Encryption Algorithms. That means the files can't be decrypted without our decryption tool. Valuble Data has been copyed to OUR Servers. To recover your data and prevent data leakage you must contact us within 48 hours. To start negotiating you need to download: https://www.torproject.org/download/ Then open one of link below to start Chat: http://p6lm43x2ntdgx5ixdqfmhrn

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Dagonlocker

High Risk

Dagonlocker is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: <!DOCTYPE html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no"> <title>Pwned by DAGON Locker</title> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw0AcxV/TSkUqohYRcQhSnSyIijhKFYtgobQVWnUwufQLmjQkKS6OgmvBwY/FqoOLs64OroIg+AHi6OSk6CIl/i8ptIj14Lgf7+497t4BQq3EVNM3AaiaZSSiETGdWRX9r/ChDwPoxYjETD2WXEyh7fi6h4evd2Ge1f7cn6 Sample ransom note: <!DOCTYPE html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no"> <title>Pwned by DAGON Locker</title> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw0AcxV/TSkUqohYRcQhSnSyIijhKFYtgobQVWnUwufQLmjQkKS6OgmvBwY/FqoOLs64OroIg+AHi6OSk6CIl/i8ptIj14Lgf7+497t4BQq3EVNM3AaiaZSSiETGdWRX9r/ChDwPoxYjETD2WXEyh7fi6h4evd2Ge1f7cn6 Sample ransom note: <!DOCTYPE html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no"> <title>Pwned by DAGON Locker</title> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw0AcxV/TSkUqohYRcQhSnSyIijhKFYtgobQVWnUwufQLmjQkKS6OgmvBwY/FqoOLs64OroIg+AHi6OSk6CIl/i8ptIj14Lgf7+497t4BQq3EVNM3AaiaZSSiETGdWRX9r/ChDwPoxYjETD2WXEyh7fi6h4evd2Ge1f7cn6

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Darkangels

High Risk

Darkangels is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: -------------------------------------------------------------------------- HELLO dear Management of [snip] If you are reading this message, it means that: - your network infrastructure has been compromised, - critical data was leaked, - files are encrypted, - backups are deleted ------------------------------------------------------ by D A R K A N G E L S T E A M The best and only thing you can do is to contact us to settle the matter before any losses occurs. 1. THE FOLLOWING IS STRICTLY F Sample ransom note: -------------------------------------------------------------------------- HELLO dear Management of [snip] If you are reading this message, it means that: - your network infrastructure has been compromised, - critical data was leaked, - files are encrypted, - backups are deleted ------------------------------------------------------ by D A R K A N G E L S T E A M The best and only thing you can do is to contact us to settle the matter before any losses occurs. 1. THE FOLLOWING IS STRICTLY F Sample ransom note: -------------------------------------------------------------------------- HELLO dear Management of [snip] If you are reading this message, it means that: - your network infrastructure has been compromised, - critical data was leaked, - files are encrypted, - backups are deleted ------------------------------------------------------ by D A R K A N G E L S T E A M The best and only thing you can do is to contact us to settle the matter before any losses occurs. 1. THE FOLLOWING IS STRICTLY F

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Darkbit

High Risk

Darkbit is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Dear Colleagues, We’re sorry to inform you that we’ve had to hack [snip] network completely and transfer “all” data to our secure servers. So, keep calm, take a breath and think about an apartheid regime that causes troubles here and there. They should pay for their lies and crimes, their names and shames. They should pay for occupation, war crimes against humanity, killing the people (not only Palestinians’ bodies, but also Israelis’ souls) and destroying the future and all dreams we had. They Sample ransom note: Dear Colleagues, We’re sorry to inform you that we’ve had to hack [snip] network completely and transfer “all” data to our secure servers. So, keep calm, take a breath and think about an apartheid regime that causes troubles here and there. They should pay for their lies and crimes, their names and shames. They should pay for occupation, war crimes against humanity, killing the people (not only Palestinians’ bodies, but also Israelis’ souls) and destroying the future and all dreams we had. They Sample ransom note: Dear Colleagues, We’re sorry to inform you that we’ve had to hack [snip] network completely and transfer “all” data to our secure servers. So, keep calm, take a breath and think about an apartheid regime that causes troubles here and there. They should pay for their lies and crimes, their names and shames. They should pay for occupation, war crimes against humanity, killing the people (not only Palestinians’ bodies, but also Israelis’ souls) and destroying the future and all dreams we had. They

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Darkpower

High Risk

Darkpower is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: %PDF-1.6 % 14 0 obj [/View /Design] endobj 15 0 obj << /CreatorInfo << /Creator (Adobe Illustrator 26.0) /Subtype /Artwork >> >> endobj 13 0 obj << /Intent 14 0 R /Name (Layer 1) /Type /OCG /Usage 15 0 R >> endobj 16 0 obj << /AIS false /BM /Normal /CA 1 /OP false /OPM 1 /SA true /SMask /None /Type /ExtGState /ca 1 /op false >> endobj 18 0 obj << /BitsPerComponent 8 /ColorSpace /DeviceRGB /Height 595 /Intent /RelativeColorimetric /Subtype /Image /Type /XObject /Width 840 /Filter [/FlateDecode /D Sample ransom note: %PDF-1.6 % 14 0 obj [/View /Design] endobj 15 0 obj << /CreatorInfo << /Creator (Adobe Illustrator 26.0) /Subtype /Artwork >> >> endobj 13 0 obj << /Intent 14 0 R /Name (Layer 1) /Type /OCG /Usage 15 0 R >> endobj 16 0 obj << /AIS false /BM /Normal /CA 1 /OP false /OPM 1 /SA true /SMask /None /Type /ExtGState /ca 1 /op false >> endobj 18 0 obj << /BitsPerComponent 8 /ColorSpace /DeviceRGB /Height 595 /Intent /RelativeColorimetric /Subtype /Image /Type /XObject /Width 840 /Filter [/FlateDecode /D Sample ransom note: %PDF-1.6 % 14 0 obj [/View /Design] endobj 15 0 obj << /CreatorInfo << /Creator (Adobe Illustrator 26.0) /Subtype /Artwork >> >> endobj 13 0 obj << /Intent 14 0 R /Name (Layer 1) /Type /OCG /Usage 15 0 R >> endobj 16 0 obj << /AIS false /BM /Normal /CA 1 /OP false /OPM 1 /SA true /SMask /None /Type /ExtGState /ca 1 /op false >> endobj 18 0 obj << /BitsPerComponent 8 /ColorSpace /DeviceRGB /Height 595 /Intent /RelativeColorimetric /Subtype /Image /Type /XObject /Width 840 /Filter [/FlateDecode /D

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Darkside

High Risk

Darkside is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ----------- [ Welcome to DarkSide ] -------------> What happend? ---------------------------------------------- Your computers and servers are encrypted, backups are deleted. We use strong encryption algorithms, so you cannot decrypt your data. But you can restore everything by purchasing a special program from us - universal decryptor. This program will restore all your network. Follow our instructions below and you will recover all your data. What guarantees? -------------- Sample ransom note: ----------- [ Welcome to DarkSide ] -------------> What happend? ---------------------------------------------- Your computers and servers are encrypted, backups are deleted. We use strong encryption algorithms, so you cannot decrypt your data. But you can restore everything by purchasing a special program from us - universal decryptor. This program will restore all your network. Follow our instructions below and you will recover all your data. What guarantees? -------------- Sample ransom note: ----------- [ Welcome to DarkSide ] -------------> What happend? ---------------------------------------------- Your computers and servers are encrypted, backups are deleted. We use strong encryption algorithms, so you cannot decrypt your data. But you can restore everything by purchasing a special program from us - universal decryptor. This program will restore all your network. Follow our instructions below and you will recover all your data. What guarantees? --------------

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Dataf

High Risk

Dataf is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ----------- [ Hello! ] -------------> ****BY DATAF L**OCKER**** What happend? ---------------------------------------------- Your computers and servers are encrypted, backups are deleted from your network and copied. We use strong encryption algorithms, so you cannot decrypt your data. But you can restore everything by purchasing a special program from us - a universal decoder. This program will restore your entire network. Follow our instructions below and you will recover all your dat Sample ransom note: ----------- [ Hello! ] -------------> ****BY DATAF L**OCKER**** What happend? ---------------------------------------------- Your computers and servers are encrypted, backups are deleted from your network and copied. We use strong encryption algorithms, so you cannot decrypt your data. But you can restore everything by purchasing a special program from us - a universal decoder. This program will restore your entire network. Follow our instructions below and you will recover all your dat Sample ransom note: ----------- [ Hello! ] -------------> ****BY DATAF L**OCKER**** What happend? ---------------------------------------------- Your computers and servers are encrypted, backups are deleted from your network and copied. We use strong encryption algorithms, so you cannot decrypt your data. But you can restore everything by purchasing a special program from us - a universal decoder. This program will restore your entire network. Follow our instructions below and you will recover all your dat

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Deadbydawn

High Risk

Deadbydawn is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ------------------------------------------------------------------------------------------------------------------------ Title: We have encrypted your network - DEADbyDAWN Team Hello [snip], This is Contact DEADbyDAWN Team. As you may have already seen we have succesfully breached your infrastructure. Let's discuss the current situation: Our monitoring tool reported: - We have breached your network. - All the data, including confidential and PII documents were extracted to external servers Sample ransom note: ------------------------------------------------------------------------------------------------------------------------ Title: We have encrypted your network - DEADbyDAWN Team Hello [snip], This is Contact DEADbyDAWN Team. As you may have already seen we have succesfully breached your infrastructure. Let's discuss the current situation: Our monitoring tool reported: - We have breached your network. - All the data, including confidential and PII documents were extracted to external servers Sample ransom note: ------------------------------------------------------------------------------------------------------------------------ Title: We have encrypted your network - DEADbyDAWN Team Hello [snip], This is Contact DEADbyDAWN Team. As you may have already seen we have succesfully breached your infrastructure. Let's discuss the current situation: Our monitoring tool reported: - We have breached your network. - All the data, including confidential and PII documents were extracted to external servers

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Dennisthehitman

High Risk

Dennisthehitman is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: YOUR PERSONAL ID: - /!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\ All your important files have been encrypted! Your files are safe! Only modified. (RSA+AES) ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE WILL PERMANENTLY CORRUPT IT. DO NOT MODIFY ENCRYPTED FILES. DO NOT RENAME ENCRYPTED FILES. No software available on internet can help you. We are the only ones able to solve your problem. We gath Sample ransom note: YOUR PERSONAL ID: - /!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\ All your important files have been encrypted! Your files are safe! Only modified. (RSA+AES) ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE WILL PERMANENTLY CORRUPT IT. DO NOT MODIFY ENCRYPTED FILES. DO NOT RENAME ENCRYPTED FILES. No software available on internet can help you. We are the only ones able to solve your problem. We gath Sample ransom note: YOUR PERSONAL ID: - /!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\ All your important files have been encrypted! Your files are safe! Only modified. (RSA+AES) ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE WILL PERMANENTLY CORRUPT IT. DO NOT MODIFY ENCRYPTED FILES. DO NOT RENAME ENCRYPTED FILES. No software available on internet can help you. We are the only ones able to solve your problem. We gath

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Dharma

High Risk

Dharma is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: All your files have been encrypted! All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail [email protected] Write this ID in the title of your message [snip] In case of no answer in 24 hours write us to theese e-mails: [email protected] You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. Free dec Sample ransom note: All your files have been encrypted! All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail [email protected] Write this ID in the title of your message [snip] In case of no answer in 24 hours write us to theese e-mails: [email protected] You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. Free dec Sample ransom note: All your files have been encrypted! All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail [email protected] Write this ID in the title of your message [snip] In case of no answer in 24 hours write us to theese e-mails: [email protected] You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. Free dec

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Diavol

High Risk

Diavol is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: # What happened? # Your network was ATTACKED, your computers and servers were LOCKED. You need to buy decryption tool for restore the network. Take into consideration that we have also downloaded data from your network that in case of not making payment will be published on our news website. # How to get my files back? # 1. Download Tor Browser and install it. 2. Open the Tor Browser and visit our website - hxxps://r2gttyb5vqu6swf5\.onion/eE5PWTlvbWc6OmxGYW5HM0dMd3FIRGQyUFo=/%cid_bot% --- You've been hacked. All your corporate network servers and workstations are encrypted. Your company is a victim of double extortion ransomware attack. What is it? Basically it means that not only your data is encrypted, but it's also have been exfiltrated from your network. Double Extortion attack explained in details : https://www.zscaler.com/resources/security-terms-glossary/what-is-double-extortion-ransomware ===== What now? ===== If you want your network to be fully operational again and Sample ransom note: # What happened? # Your network was ATTACKED, your computers and servers were LOCKED. You need to buy decryption tool for restore the network. Take into consideration that we have also downloaded data from your network that in case of not making payment will be published on our news website. # How to get my files back? # 1. Download Tor Browser and install it. 2. Open the Tor Browser and visit our website - hxxps://r2gttyb5vqu6swf5\.onion/eE5PWTlvbWc6OmxGYW5HM0dMd3FIRGQyUFo=/%cid_bot% --- You've been hacked. All your corporate network servers and workstations are encrypted. Your company is a victim of double extortion ransomware attack. What is it? Basically it means that not only your data is encrypted, but it's also have been exfiltrated from your network. Double Extortion attack explained in details : https://www.zscaler.com/resources/security-terms-glossary/what-is-double-extortion-ransomware ===== What now? ===== If you want your network to be fully operational again and Sample ransom note: # What happened? # Your network was ATTACKED, your computers and servers were LOCKED. You need to buy decryption tool for restore the network. Take into consideration that we have also downloaded data from your network that in case of not making payment will be published on our news website. # How to get my files back? # 1. Download Tor Browser and install it. 2. Open the Tor Browser and visit our website - hxxps://r2gttyb5vqu6swf5\.onion/eE5PWTlvbWc6OmxGYW5HM0dMd3FIRGQyUFo=/%cid_bot% --- You've been hacked. All your corporate network servers and workstations are encrypted. Your company is a victim of double extortion ransomware attack. What is it? Basically it means that not only your data is encrypted, but it's also have been exfiltrated from your network. Double Extortion attack explained in details : https://www.zscaler.com/resources/security-terms-glossary/what-is-double-extortion-ransomware ===== What now? ===== If you want your network to be fully operational again and

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Donut

High Risk

Donut is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: <!DOCTYPE html> <html lang="en"><head><meta charset="UTF-8"><style> body{ height: 100vh; display: flex; align-items: center; justify-content: center; background-color: black; } h1{ font-family: 'Oswald', sans-serif; text-transform: uppercase; font-size: 90%; text-align: left; color: white; } span{ display: inline-block; } .container { overflow: hidden; background-color: black; height: 100%; } .container { color: white; display: -webki Sample ransom note: <!DOCTYPE html> <html lang="en"><head><meta charset="UTF-8"><style> body{ height: 100vh; display: flex; align-items: center; justify-content: center; background-color: black; } h1{ font-family: 'Oswald', sans-serif; text-transform: uppercase; font-size: 90%; text-align: left; color: white; } span{ display: inline-block; } .container { overflow: hidden; background-color: black; height: 100%; } .container { color: white; display: -webki Sample ransom note: <!DOCTYPE html> <html lang="en"><head><meta charset="UTF-8"><style> body{ height: 100vh; display: flex; align-items: center; justify-content: center; background-color: black; } h1{ font-family: 'Oswald', sans-serif; text-transform: uppercase; font-size: 90%; text-align: left; color: white; } span{ display: inline-block; } .container { overflow: hidden; background-color: black; height: 100%; } .container { color: white; display: -webki

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Doppelpaymer

High Risk

Doppelpaymer is a ransomware variant with 4 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: [snip] Your network has been hacked. Your ID: 106 Your files, backups and shadow copies are unavailable until you pay for a decryption tool. Otherwise your sensitive data will be shared to public at http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion and all the rest will remain unreachable to you. TO SAVE YOUR DATA FROM DESTRUCTION: DO NOT RESET OR SHUTDOWN your PC or server. DO NOT RENAME/ MOVE/ DELETE the encrypted and readme files. DO NOT USE ANY RECOVERY TOOLS that --- Your network was hacked. Your ID: 269 DO NOT RESET OR SHUTDOWN your PC or server. DO NOT RENAME/ MOVE/ DELETE the encrypted and readme files. Info: http://fcjam663uvgid2xbar24kab2vt4hjzsn6o77glh35jscuo567b2mnyqd.onion/order/[snip] [email protected] If you decide not to cooperate your sensitive data will be shared to public at http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion and all the rest will remain unreachable to you. --- Your network has been hacked. Your ID: 191 Your files, backups and shadow copies are unavailable until you pay for a decryption tool. If no contact made in 3 business days after the infection first portion of data will be shared to public at http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion and all the rest will remain unreachable to you. TO SAVE YOUR DATA FROM DESTRUCTION: DO NOT RESET OR SHUTDOWN your PC or server. DO NOT RENAME/ MOVE/ DELETE the encrypted and rea Sample ransom note: [snip] Your network has been hacked. Your ID: 106 Your files, backups and shadow copies are unavailable until you pay for a decryption tool. Otherwise your sensitive data will be shared to public at http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion and all the rest will remain unreachable to you. TO SAVE YOUR DATA FROM DESTRUCTION: DO NOT RESET OR SHUTDOWN your PC or server. DO NOT RENAME/ MOVE/ DELETE the encrypted and readme files. DO NOT USE ANY RECOVERY TOOLS that --- Your network was hacked. Your ID: 269 DO NOT RESET OR SHUTDOWN your PC or server. DO NOT RENAME/ MOVE/ DELETE the encrypted and readme files. Info: http://fcjam663uvgid2xbar24kab2vt4hjzsn6o77glh35jscuo567b2mnyqd.onion/order/[snip] [email protected] If you decide not to cooperate your sensitive data will be shared to public at http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion and all the rest will remain unreachable to you. --- Your network has been hacked. Your ID: 191 Your files, backups and shadow copies are unavailable until you pay for a decryption tool. If no contact made in 3 business days after the infection first portion of data will be shared to public at http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion and all the rest will remain unreachable to you. TO SAVE YOUR DATA FROM DESTRUCTION: DO NOT RESET OR SHUTDOWN your PC or server. DO NOT RENAME/ MOVE/ DELETE the encrypted and rea Sample ransom note: [snip] Your network has been hacked. Your ID: 106 Your files, backups and shadow copies are unavailable until you pay for a decryption tool. Otherwise your sensitive data will be shared to public at http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion and all the rest will remain unreachable to you. TO SAVE YOUR DATA FROM DESTRUCTION: DO NOT RESET OR SHUTDOWN your PC or server. DO NOT RENAME/ MOVE/ DELETE the encrypted and readme files. DO NOT USE ANY RECOVERY TOOLS that --- Your network was hacked. Your ID: 269 DO NOT RESET OR SHUTDOWN your PC or server. DO NOT RENAME/ MOVE/ DELETE the encrypted and readme files. Info: http://fcjam663uvgid2xbar24kab2vt4hjzsn6o77glh35jscuo567b2mnyqd.onion/order/[snip] [email protected] If you decide not to cooperate your sensitive data will be shared to public at http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion and all the rest will remain unreachable to you. --- Your network has been hacked. Your ID: 191 Your files, backups and shadow copies are unavailable until you pay for a decryption tool. If no contact made in 3 business days after the infection first portion of data will be shared to public at http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion and all the rest will remain unreachable to you. TO SAVE YOUR DATA FROM DESTRUCTION: DO NOT RESET OR SHUTDOWN your PC or server. DO NOT RENAME/ MOVE/ DELETE the encrypted and rea

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Dragonforce

High Risk

Dragonforce is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Hello! Your files (orcl, IADeAPP, [snip] dbs) have been stolen from your network and encrypted with a strong algorithm. We work for money and are not associated with politics. All you need to do is contact us and pay. --- Our communication process: 1. You contact us. 2. We send you a list of files that were stolen. 3. We decrypt 1 file to confirm that our decryptor works. 4. We agree on the amount, which must be paid using BTC. 5. We delete your files, we give you a decryptor. 6. We gi --- Good afternoon, As you can see you have been attacked by a ransomware program! We The DragonForce Ransomware Cartel offer you to make a deal with us. We can make a deal with you, all you need to do is contact us by following the instructions below. We are in no way connected to politics, we always keep our word. You have a chance to decrypt your files and avoid being published on our blog! Use this opportunity and also don't waste your time. The approximate date of deletion of the decryptor Sample ransom note: Hello! Your files (orcl, IADeAPP, [snip] dbs) have been stolen from your network and encrypted with a strong algorithm. We work for money and are not associated with politics. All you need to do is contact us and pay. --- Our communication process: 1. You contact us. 2. We send you a list of files that were stolen. 3. We decrypt 1 file to confirm that our decryptor works. 4. We agree on the amount, which must be paid using BTC. 5. We delete your files, we give you a decryptor. 6. We gi --- Good afternoon, As you can see you have been attacked by a ransomware program! We The DragonForce Ransomware Cartel offer you to make a deal with us. We can make a deal with you, all you need to do is contact us by following the instructions below. We are in no way connected to politics, we always keep our word. You have a chance to decrypt your files and avoid being published on our blog! Use this opportunity and also don't waste your time. The approximate date of deletion of the decryptor Sample ransom note: Hello! Your files (orcl, IADeAPP, [snip] dbs) have been stolen from your network and encrypted with a strong algorithm. We work for money and are not associated with politics. All you need to do is contact us and pay. --- Our communication process: 1. You contact us. 2. We send you a list of files that were stolen. 3. We decrypt 1 file to confirm that our decryptor works. 4. We agree on the amount, which must be paid using BTC. 5. We delete your files, we give you a decryptor. 6. We gi --- Good afternoon, As you can see you have been attacked by a ransomware program! We The DragonForce Ransomware Cartel offer you to make a deal with us. We can make a deal with you, all you need to do is contact us by following the instructions below. We are in no way connected to politics, we always keep our word. You have a chance to decrypt your files and avoid being published on our blog! Use this opportunity and also don't waste your time. The approximate date of deletion of the decryptor

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Ech0Raix

High Risk

Ech0Raix is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: All your data has been locked(crypted). How to unlock(decrypt) instruction located in this TOR website: http://veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion/order/[snip] Use TOR browser for access .onion websites. https://duckduckgo.com/html?q=tor+browser+how+to Sample ransom note: All your data has been locked(crypted). How to unlock(decrypt) instruction located in this TOR website: http://veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion/order/[snip] Use TOR browser for access .onion websites. https://duckduckgo.com/html?q=tor+browser+how+to Sample ransom note: All your data has been locked(crypted). How to unlock(decrypt) instruction located in this TOR website: http://veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion/order/[snip] Use TOR browser for access .onion websites. https://duckduckgo.com/html?q=tor+browser+how+to

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Eldorado

High Risk

Eldorado is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: To the board of directors. Your network has been attacked through various vulnerabilities found in your system. We have gained full access to the entire network infrastructure. All your confidential information about all employees and all partners and developments has been downloaded to our servers and is located with us. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Our team has an extensive background in legal and so called white hat hacking. Howeve --- Hello! Your files have been stolen from your network and encrypted with a strong algorithm. We work for money and are not associated with politics. All you need to do is contact us and pay. --- Our communication process: 1. You contact us. 1. We send you a list of files that were stolen. 2. We decrypt 1 file to confirm that our decryptor works. 3. We agree on the amount, which must be paid using BTC. 4. We delete your files, we give you a decryptor. 5. We give you a detailed report on Sample ransom note: To the board of directors. Your network has been attacked through various vulnerabilities found in your system. We have gained full access to the entire network infrastructure. All your confidential information about all employees and all partners and developments has been downloaded to our servers and is located with us. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Our team has an extensive background in legal and so called white hat hacking. Howeve --- Hello! Your files have been stolen from your network and encrypted with a strong algorithm. We work for money and are not associated with politics. All you need to do is contact us and pay. --- Our communication process: 1. You contact us. 1. We send you a list of files that were stolen. 2. We decrypt 1 file to confirm that our decryptor works. 3. We agree on the amount, which must be paid using BTC. 4. We delete your files, we give you a decryptor. 5. We give you a detailed report on Sample ransom note: To the board of directors. Your network has been attacked through various vulnerabilities found in your system. We have gained full access to the entire network infrastructure. All your confidential information about all employees and all partners and developments has been downloaded to our servers and is located with us. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Our team has an extensive background in legal and so called white hat hacking. Howeve --- Hello! Your files have been stolen from your network and encrypted with a strong algorithm. We work for money and are not associated with politics. All you need to do is contact us and pay. --- Our communication process: 1. You contact us. 1. We send you a list of files that were stolen. 2. We decrypt 1 file to confirm that our decryptor works. 3. We agree on the amount, which must be paid using BTC. 4. We delete your files, we give you a decryptor. 5. We give you a detailed report on

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Grief

High Risk

Grief is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: [snip], you are fucked. DO NOT TOUCH ANYTHING! What to do ( password: [snip] ): http://payorgz3j6hs2gj66nk6omfw65atgmqwzxqbbxnqi3bv2mlwgcirunad.onion/context/[snip] USE TOR. P0G_ Sample ransom note: [snip], you are fucked. DO NOT TOUCH ANYTHING! What to do ( password: [snip] ): http://payorgz3j6hs2gj66nk6omfw65atgmqwzxqbbxnqi3bv2mlwgcirunad.onion/context/[snip] USE TOR. P0G_ Sample ransom note: [snip], you are fucked. DO NOT TOUCH ANYTHING! What to do ( password: [snip] ): http://payorgz3j6hs2gj66nk6omfw65atgmqwzxqbbxnqi3bv2mlwgcirunad.onion/context/[snip] USE TOR. P0G_

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Esxiargs

High Risk

Esxiargs is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: <html lang="en"> <head> <title>How to Restore Your Files</title> </head> <body> <h1>How to Restore Your Files</h1> <p><strong><u>Security Alert!!!</u></strong></p> <p>We hacked your company successfully</p> <p>All files have been stolen and encrypted by us</p> <p>If you want to restore files or avoid file leaks, please send <b>2.0781</b> bitcoins to the wallet <b>1PAFdD9fwqRWG4VcCGuY27VTW8xPZmuF1D</b></p> <p>If money is received, encryption key will be available on <b>TOX_ID: D6C324719AD0A Sample ransom note: <html lang="en"> <head> <title>How to Restore Your Files</title> </head> <body> <h1>How to Restore Your Files</h1> <p><strong><u>Security Alert!!!</u></strong></p> <p>We hacked your company successfully</p> <p>All files have been stolen and encrypted by us</p> <p>If you want to restore files or avoid file leaks, please send <b>2.0781</b> bitcoins to the wallet <b>1PAFdD9fwqRWG4VcCGuY27VTW8xPZmuF1D</b></p> <p>If money is received, encryption key will be available on <b>TOX_ID: D6C324719AD0A Sample ransom note: <html lang="en"> <head> <title>How to Restore Your Files</title> </head> <body> <h1>How to Restore Your Files</h1> <p><strong><u>Security Alert!!!</u></strong></p> <p>We hacked your company successfully</p> <p>All files have been stolen and encrypted by us</p> <p>If you want to restore files or avoid file leaks, please send <b>2.0781</b> bitcoins to the wallet <b>1PAFdD9fwqRWG4VcCGuY27VTW8xPZmuF1D</b></p> <p>If money is received, encryption key will be available on <b>TOX_ID: D6C324719AD0A

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Fog

High Risk

Fog is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: If you are reading this, then you have been the victim of a cyber attack. We call ourselves Fog and we take responsibility for this incident. We are the ones who encrypted your data and also copied some of it to our internal resource. The sooner you contact us, the sooner we can resolve this incident and get you back to work. To contact us you need to have Tor browser installed: 1. Follow this link: xql562evsy7njcsngacphc2erzjfecwotdkobn3m4uxu2gtqh26newid.onion 2. Enter the code: [snip] 3. No --- If you are reading this, then you have been the victim of a cyber attack. We call ourselves Fog and we take responsibility for this incident. You can check out our blog where we post company data: xbkv2qey6u3gd3qxcojynrt4h5sgrhkar6whuo74wo63hijnn677jnyd.onion You might appear there if you opt out of our communication. We are the ones who encrypted your data and also copied some of it to our internal resource. The sooner you contact us, the sooner we can resolve this incident and get you back to Sample ransom note: If you are reading this, then you have been the victim of a cyber attack. We call ourselves Fog and we take responsibility for this incident. We are the ones who encrypted your data and also copied some of it to our internal resource. The sooner you contact us, the sooner we can resolve this incident and get you back to work. To contact us you need to have Tor browser installed: 1. Follow this link: xql562evsy7njcsngacphc2erzjfecwotdkobn3m4uxu2gtqh26newid.onion 2. Enter the code: [snip] 3. No --- If you are reading this, then you have been the victim of a cyber attack. We call ourselves Fog and we take responsibility for this incident. You can check out our blog where we post company data: xbkv2qey6u3gd3qxcojynrt4h5sgrhkar6whuo74wo63hijnn677jnyd.onion You might appear there if you opt out of our communication. We are the ones who encrypted your data and also copied some of it to our internal resource. The sooner you contact us, the sooner we can resolve this incident and get you back to Sample ransom note: If you are reading this, then you have been the victim of a cyber attack. We call ourselves Fog and we take responsibility for this incident. We are the ones who encrypted your data and also copied some of it to our internal resource. The sooner you contact us, the sooner we can resolve this incident and get you back to work. To contact us you need to have Tor browser installed: 1. Follow this link: xql562evsy7njcsngacphc2erzjfecwotdkobn3m4uxu2gtqh26newid.onion 2. Enter the code: [snip] 3. No --- If you are reading this, then you have been the victim of a cyber attack. We call ourselves Fog and we take responsibility for this incident. You can check out our blog where we post company data: xbkv2qey6u3gd3qxcojynrt4h5sgrhkar6whuo74wo63hijnn677jnyd.onion You might appear there if you opt out of our communication. We are the ones who encrypted your data and also copied some of it to our internal resource. The sooner you contact us, the sooner we can resolve this incident and get you back to

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Ftcode

High Risk

Ftcode is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: <h1>All your files was encrypted!</h1> <p>Your personal ID: <b>[snip]</b></p> <p>Your personal KEY: [snip]</p> <p>1. Download Tor browser - <a href='https://www.torproject.org/download/'>https://www.torproject.org/download/</a></p> <p>2. Install Tor browser</p> <p>3. Open Tor Browser</p> <p>4. Open link in TOR browser: <b>http://qvo5sd7p5yazwbrgioky7rdu4vslxrcaeruhjr7ztn3t2pihp56ewlqd.onion/?guid=[snip]</b></p> <p>5. Follow the instructions on this page</p> <h2>***** Warning*****</h2> <p>Do not Sample ransom note: <h1>All your files was encrypted!</h1> <p>Your personal ID: <b>[snip]</b></p> <p>Your personal KEY: [snip]</p> <p>1. Download Tor browser - <a href='https://www.torproject.org/download/'>https://www.torproject.org/download/</a></p> <p>2. Install Tor browser</p> <p>3. Open Tor Browser</p> <p>4. Open link in TOR browser: <b>http://qvo5sd7p5yazwbrgioky7rdu4vslxrcaeruhjr7ztn3t2pihp56ewlqd.onion/?guid=[snip]</b></p> <p>5. Follow the instructions on this page</p> <h2>***** Warning*****</h2> <p>Do not Sample ransom note: <h1>All your files was encrypted!</h1> <p>Your personal ID: <b>[snip]</b></p> <p>Your personal KEY: [snip]</p> <p>1. Download Tor browser - <a href='https://www.torproject.org/download/'>https://www.torproject.org/download/</a></p> <p>2. Install Tor browser</p> <p>3. Open Tor Browser</p> <p>4. Open link in TOR browser: <b>http://qvo5sd7p5yazwbrgioky7rdu4vslxrcaeruhjr7ztn3t2pihp56ewlqd.onion/?guid=[snip]</b></p> <p>5. Follow the instructions on this page</p> <h2>***** Warning*****</h2> <p>Do not

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

GandCrab

Medium Risk

GandCrab was one of the most prolific ransomware families of 2018 and early 2019.

View Details

File Extensions

.gdcb, .krab, .crab

Indicators

Ransom note with the name "GDCB-DECRYPT.txt" or similar. Reference to Gandcrab in the note. Sample ransom note: ---= GANDCRAB V5.0.4 =--- ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED*********************** *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION --- ---= GANDCRAB V4 =--- Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .KRAB The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download To Sample ransom note: ---= GANDCRAB V5.0.4 =--- ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED*********************** *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION --- ---= GANDCRAB V4 =--- Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .KRAB The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download To Sample ransom note: ---= GANDCRAB V5.0.4 =--- ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED*********************** *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION --- ---= GANDCRAB V4 =--- Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .KRAB The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download To

Recovery Options

Free decryptors available for some versions through No More Ransom project.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Gwisinlocker

High Risk

Gwisinlocker is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Hello [snip], You have been visited by GWISIN. We have exfiltrated a lot of sensitive data from your networks, including, but not limited to: I. Production applications, source (Git/SVN), files and DBs [1] LIMS (all regions) + DNA and other internal platforms By combining lab (LIMS) data and the primary big customer platform (DNA), it is easy to identify customer projects, credentials and data. Despite ISO27001 and ISMS-P with a good PIMS strategy, you have failed to protect customer data acro Sample ransom note: Hello [snip], You have been visited by GWISIN. We have exfiltrated a lot of sensitive data from your networks, including, but not limited to: I. Production applications, source (Git/SVN), files and DBs [1] LIMS (all regions) + DNA and other internal platforms By combining lab (LIMS) data and the primary big customer platform (DNA), it is easy to identify customer projects, credentials and data. Despite ISO27001 and ISMS-P with a good PIMS strategy, you have failed to protect customer data acro Sample ransom note: Hello [snip], You have been visited by GWISIN. We have exfiltrated a lot of sensitive data from your networks, including, but not limited to: I. Production applications, source (Git/SVN), files and DBs [1] LIMS (all regions) + DNA and other internal platforms By combining lab (LIMS) data and the primary big customer platform (DNA), it is easy to identify customer projects, credentials and data. Despite ISO27001 and ISMS-P with a good PIMS strategy, you have failed to protect customer data acro

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

H0Lygh0St

High Risk

H0Lygh0St is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: <html> <head> <style> display: block margin-left: auto margin-right: auto text-align:center </style> <img src="https://cloud-ex42.usaupload.com/cache/plugins/filepreviewer/374400/e13cb2db4180993642e2a5b800ec86206e0a0a4885349964868ad20c14f04ceb/1100x800_cropped.jpg" alt="H0lyGh0st" style="width:20% </head> <body> <h1>Please Read this text to decrypt all files encrypted.</h1> <p>We have uploaded all files to cloud. Url: <b><a href=https://[snip].com/5YYK/prime.7z></a></b></p> <p>Don't worry, you c Sample ransom note: <html> <head> <style> display: block margin-left: auto margin-right: auto text-align:center </style> <img src="https://cloud-ex42.usaupload.com/cache/plugins/filepreviewer/374400/e13cb2db4180993642e2a5b800ec86206e0a0a4885349964868ad20c14f04ceb/1100x800_cropped.jpg" alt="H0lyGh0st" style="width:20% </head> <body> <h1>Please Read this text to decrypt all files encrypted.</h1> <p>We have uploaded all files to cloud. Url: <b><a href=https://[snip].com/5YYK/prime.7z></a></b></p> <p>Don't worry, you c Sample ransom note: <html> <head> <style> display: block margin-left: auto margin-right: auto text-align:center </style> <img src="https://cloud-ex42.usaupload.com/cache/plugins/filepreviewer/374400/e13cb2db4180993642e2a5b800ec86206e0a0a4885349964868ad20c14f04ceb/1100x800_cropped.jpg" alt="H0lyGh0st" style="width:20% </head> <body> <h1>Please Read this text to decrypt all files encrypted.</h1> <p>We have uploaded all files to cloud. Url: <b><a href=https://[snip].com/5YYK/prime.7z></a></b></p> <p>Don't worry, you c

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Hades

High Risk

Hades is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: What happened? [+] Your files are encrypted, and currently unavailable. You can check it: all files on you computer has extension *.kgkq9 By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant get back your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in ou Sample ransom note: What happened? [+] Your files are encrypted, and currently unavailable. You can check it: all files on you computer has extension *.kgkq9 By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant get back your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in ou Sample ransom note: What happened? [+] Your files are encrypted, and currently unavailable. You can check it: all files on you computer has extension *.kgkq9 By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant get back your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in ou

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Hellcat

High Risk

Hellcat is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Your network has been breached and all data were encrypted. It can be restored to their original state with a decryptor key that only we have. Warning: 1. Do NOT modify encrypted files yourself. 2. Do NOT use third-party software to restore your data. 3. Do NOT hire a recovery company. They can not decrypt without out private key. 4. Do NOT reboot or turn off storage media. If you do not contact us within 3 days, or we cannot reach an agreement, informati on will either be sold, or shared with Sample ransom note: Your network has been breached and all data were encrypted. It can be restored to their original state with a decryptor key that only we have. Warning: 1. Do NOT modify encrypted files yourself. 2. Do NOT use third-party software to restore your data. 3. Do NOT hire a recovery company. They can not decrypt without out private key. 4. Do NOT reboot or turn off storage media. If you do not contact us within 3 days, or we cannot reach an agreement, informati on will either be sold, or shared with Sample ransom note: Your network has been breached and all data were encrypted. It can be restored to their original state with a decryptor key that only we have. Warning: 1. Do NOT modify encrypted files yourself. 2. Do NOT use third-party software to restore your data. 3. Do NOT hire a recovery company. They can not decrypt without out private key. 4. Do NOT reboot or turn off storage media. If you do not contact us within 3 days, or we cannot reach an agreement, informati on will either be sold, or shared with

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Helldown

High Risk

Helldown is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: -------------------------------------------------------------------------------------------- | | | Hello dear Management of Active directory domain | | | | If you are reading this message,it means that: | | Sample ransom note: -------------------------------------------------------------------------------------------- | | | Hello dear Management of Active directory domain | | | | If you are reading this message,it means that: | | Sample ransom note: -------------------------------------------------------------------------------------------- | | | Hello dear Management of Active directory domain | | | | If you are reading this message,it means that: | |

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Hellokitty

High Risk

Hellokitty is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Hello [snip], Unfortunately, your files were encrypted, and more than 200 GB of your critical date was leaked from your File, DEV and SQL servers (Administration and Finance, Direzione, Legal, HR, Risorse umane). For a more detailed list of documents, please contact us and we will send you the samples we have. We are also ready to help you recover your files, prevent the spread of leaks, as well as help solve problems in your IT infrastructure that were the cause of the current situation, so tha Sample ransom note: Hello [snip], Unfortunately, your files were encrypted, and more than 200 GB of your critical date was leaked from your File, DEV and SQL servers (Administration and Finance, Direzione, Legal, HR, Risorse umane). For a more detailed list of documents, please contact us and we will send you the samples we have. We are also ready to help you recover your files, prevent the spread of leaks, as well as help solve problems in your IT infrastructure that were the cause of the current situation, so tha Sample ransom note: Hello [snip], Unfortunately, your files were encrypted, and more than 200 GB of your critical date was leaked from your File, DEV and SQL servers (Administration and Finance, Direzione, Legal, HR, Risorse umane). For a more detailed list of documents, please contact us and we will send you the samples we have. We are also ready to help you recover your files, prevent the spread of leaks, as well as help solve problems in your IT infrastructure that were the cause of the current situation, so tha

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Hive

High Risk

Hive is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Your network has been breached and all data were encrypted. Personal data, financial reports and important documents are ready to disclose. To decrypt all the data and to prevent exfiltrated files to be disclosed at http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/ you will need to purchase our decryption software. Please contact our sales department at: http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/ Login: [snip] Password: [sni --- Your network has been breached and all data were encrypted. Personal data, financial reports and important documents are ready to disclose. To decrypt all the data and to prevent exfiltrated files to be disclosed at http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/ you will need to purchase our decryption software. Please contact our sales department at: http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/ Login: [snip] Password: [s Sample ransom note: Your network has been breached and all data were encrypted. Personal data, financial reports and important documents are ready to disclose. To decrypt all the data and to prevent exfiltrated files to be disclosed at http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/ you will need to purchase our decryption software. Please contact our sales department at: http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/ Login: [snip] Password: [sni --- Your network has been breached and all data were encrypted. Personal data, financial reports and important documents are ready to disclose. To decrypt all the data and to prevent exfiltrated files to be disclosed at http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/ you will need to purchase our decryption software. Please contact our sales department at: http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/ Login: [snip] Password: [s Sample ransom note: Your network has been breached and all data were encrypted. Personal data, financial reports and important documents are ready to disclose. To decrypt all the data and to prevent exfiltrated files to be disclosed at http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/ you will need to purchase our decryption software. Please contact our sales department at: http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/ Login: [snip] Password: [sni --- Your network has been breached and all data were encrypted. Personal data, financial reports and important documents are ready to disclose. To decrypt all the data and to prevent exfiltrated files to be disclosed at http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/ you will need to purchase our decryption software. Please contact our sales department at: http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/ Login: [snip] Password: [s

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Hunters

High Risk

Hunters is a ransomware variant with 3 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: _ _ _ _ _ _ _____ _____ ____ ____ | | | | | | | \ | |_ _| ____| _ \/ ___| | |_| | | | | \| | | | | _| | |_) \___ \ | _ | |_| | |\ | | | | |___| _ < ___) | |_|_|_|\___/|_|_\_|_|_|_|_____|_|_\_\____/____ ___ ___ _ _ _ _ |_ _| \ | |_ _| ____| _ \| \ | | / \|_ _|_ _/ _ \| \ | | / \ | | | || \| | | | | _| | |_) | --- _ _ _ _ _ _ _____ _____ ____ ____ | | | | | | | \ | |_ _| ____| _ \/ ___| | |_| | | | | \| | | | | _| | |_) \___ \ | _ | |_| | |\ | | | | |___| _ < ___) | |_|_|_|\___/|_|_\_|_|_|_|_____|_|_\_\____/____ ___ ___ _ _ _ _ |_ _| \ | |_ _| ____| _ \| \ | | / \|_ _|_ _/ _ \| \ | | / \ | | | || \| | | | | _| | |_) | --- 1. WHAT HAPPENED? <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Your company's network has been compromised by the HUNTERS INTERNATIONAL group. All files are encrypted using a military-grade AES encryption algorithm. A large amount of sensitive data was exfiltrated. We usually download: - Employees personal data: CVs, DL, SSN, PII, NDA contracts, etc. - Financial information: documents, payrolls, bank statements, bills, transfers, budgets, annual reports, etc. - Customer da Sample ransom note: _ _ _ _ _ _ _____ _____ ____ ____ | | | | | | | \ | |_ _| ____| _ \/ ___| | |_| | | | | \| | | | | _| | |_) \___ \ | _ | |_| | |\ | | | | |___| _ < ___) | |_|_|_|\___/|_|_\_|_|_|_|_____|_|_\_\____/____ ___ ___ _ _ _ _ |_ _| \ | |_ _| ____| _ \| \ | | / \|_ _|_ _/ _ \| \ | | / \ | | | || \| | | | | _| | |_) | --- _ _ _ _ _ _ _____ _____ ____ ____ | | | | | | | \ | |_ _| ____| _ \/ ___| | |_| | | | | \| | | | | _| | |_) \___ \ | _ | |_| | |\ | | | | |___| _ < ___) | |_|_|_|\___/|_|_\_|_|_|_|_____|_|_\_\____/____ ___ ___ _ _ _ _ |_ _| \ | |_ _| ____| _ \| \ | | / \|_ _|_ _/ _ \| \ | | / \ | | | || \| | | | | _| | |_) | --- 1. WHAT HAPPENED? <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Your company's network has been compromised by the HUNTERS INTERNATIONAL group. All files are encrypted using a military-grade AES encryption algorithm. A large amount of sensitive data was exfiltrated. We usually download: - Employees personal data: CVs, DL, SSN, PII, NDA contracts, etc. - Financial information: documents, payrolls, bank statements, bills, transfers, budgets, annual reports, etc. - Customer da Sample ransom note: _ _ _ _ _ _ _____ _____ ____ ____ | | | | | | | \ | |_ _| ____| _ \/ ___| | |_| | | | | \| | | | | _| | |_) \___ \ | _ | |_| | |\ | | | | |___| _ < ___) | |_|_|_|\___/|_|_\_|_|_|_|_____|_|_\_\____/____ ___ ___ _ _ _ _ |_ _| \ | |_ _| ____| _ \| \ | | / \|_ _|_ _/ _ \| \ | | / \ | | | || \| | | | | _| | |_) | --- _ _ _ _ _ _ _____ _____ ____ ____ | | | | | | | \ | |_ _| ____| _ \/ ___| | |_| | | | | \| | | | | _| | |_) \___ \ | _ | |_| | |\ | | | | |___| _ < ___) | |_|_|_|\___/|_|_\_|_|_|_|_____|_|_\_\____/____ ___ ___ _ _ _ _ |_ _| \ | |_ _| ____| _ \| \ | | / \|_ _|_ _/ _ \| \ | | / \ | | | || \| | | | | _| | |_) | --- 1. WHAT HAPPENED? <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Your company's network has been compromised by the HUNTERS INTERNATIONAL group. All files are encrypted using a military-grade AES encryption algorithm. A large amount of sensitive data was exfiltrated. We usually download: - Employees personal data: CVs, DL, SSN, PII, NDA contracts, etc. - Financial information: documents, payrolls, bank statements, bills, transfers, budgets, annual reports, etc. - Customer da

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Icefire

High Risk

Icefire is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ********************Your network has been infected!!!******************** IMPORTANT : DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED!!! All your important files have been encrypted. Any attempts to restore your files with thrid-party software will be fatal for your files! Restore your data posible only buying private key from us. We have also downloaded a lot of private data from your network. If you do not contact us in a 5 days, we will post information about your breach on Sample ransom note: ********************Your network has been infected!!!******************** IMPORTANT : DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED!!! All your important files have been encrypted. Any attempts to restore your files with thrid-party software will be fatal for your files! Restore your data posible only buying private key from us. We have also downloaded a lot of private data from your network. If you do not contact us in a 5 days, we will post information about your breach on Sample ransom note: ********************Your network has been infected!!!******************** IMPORTANT : DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED!!! All your important files have been encrypted. Any attempts to restore your files with thrid-party software will be fatal for your files! Restore your data posible only buying private key from us. We have also downloaded a lot of private data from your network. If you do not contact us in a 5 days, we will post information about your breach on

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Braincipher

High Risk

Braincipher is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\Welcome to Brain Cipher Ransomware!\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\Dear managers!\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --- *** Welcome to Brain Cipher Ransomware! *** Dear managers! If you're reading this, it means your systems have been hacked and encrypted and your data stolen. *** The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours. In order for it to be successful, you must follow a few points: 1.Don't go to the police, etc. 2.Do not attempt to recover data on your own. 3.Do not take the help of third-party data recovery companies. In most case Sample ransom note: <html> <head> <title>Inc. Ransomware</title> </head> <body style="width: 100%; height: 100%; display: flex; flex-direction: column; justify-content: center; align-items: center; overflow: auto;"> <div style="max-width: 500px; "> <h1 style="text-align: center;">Inc. Ransomware</h1> <div> <p>We have hacked you and downloaded all confidential data of your company a --- Inc. Ransomware We have hacked you and downloaded all confidential data of your company and its clients. It can be spread out to people and media. Your reputation will be ruined. Do not hesitate and save your business. Please, contact us via: http://incpaysp74dphcbjyvg2eepxnl3tkgt5mq5vd4tnjusoissz342bdnad.onion/ Your personal ID: [snip] We're the ones who can quickly recover your systems with no losses. Do not try to devalue our tool - nothing will come of it. Starting from now, you ha --- Inc. Ransomware We have hacked you and downloaded all confidential data of your company and its clients. It can be spread out to people and media. Your reputation will be ruined. Do not hesitate and save your business. Please, contact us via: http://incpaysp74dphcbjyvg2eepxnl3tkgt5mq5vd4tnjusoissz342bdnad.onion/ Your personal ID: [snip] We're the ones who can quickly recover your systems with no losses. Do not try to devalue our tool - nothing will come of it. Starting from now, you ha Sample ransom note: \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\Welcome to Brain Cipher Ransomware!\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\Dear managers!\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --- *** Welcome to Brain Cipher Ransomware! *** Dear managers! If you're reading this, it means your systems have been hacked and encrypted and your data stolen. *** The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours. In order for it to be successful, you must follow a few points: 1.Don't go to the police, etc. 2.Do not attempt to recover data on your own. 3.Do not take the help of third-party data recovery companies. In most case Sample ransom note: <html> <head> <title>Inc. Ransomware</title> </head> <body style="width: 100%; height: 100%; display: flex; flex-direction: column; justify-content: center; align-items: center; overflow: auto;"> <div style="max-width: 500px; "> <h1 style="text-align: center;">Inc. Ransomware</h1> <div> <p>We have hacked you and downloaded all confidential data of your company a --- Inc. Ransomware We have hacked you and downloaded all confidential data of your company and its clients. It can be spread out to people and media. Your reputation will be ruined. Do not hesitate and save your business. Please, contact us via: http://incpaysp74dphcbjyvg2eepxnl3tkgt5mq5vd4tnjusoissz342bdnad.onion/ Your personal ID: [snip] We're the ones who can quickly recover your systems with no losses. Do not try to devalue our tool - nothing will come of it. Starting from now, you ha --- Inc. Ransomware We have hacked you and downloaded all confidential data of your company and its clients. It can be spread out to people and media. Your reputation will be ruined. Do not hesitate and save your business. Please, contact us via: http://incpaysp74dphcbjyvg2eepxnl3tkgt5mq5vd4tnjusoissz342bdnad.onion/ Your personal ID: [snip] We're the ones who can quickly recover your systems with no losses. Do not try to devalue our tool - nothing will come of it. Starting from now, you ha Sample ransom note: \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\Welcome to Brain Cipher Ransomware!\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\Dear managers!\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --- *** Welcome to Brain Cipher Ransomware! *** Dear managers! If you're reading this, it means your systems have been hacked and encrypted and your data stolen. *** The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours. In order for it to be successful, you must follow a few points: 1.Don't go to the police, etc. 2.Do not attempt to recover data on your own. 3.Do not take the help of third-party data recovery companies. In most case Sample ransom note: <html> <head> <title>Inc. Ransomware</title> </head> <body style="width: 100%; height: 100%; display: flex; flex-direction: column; justify-content: center; align-items: center; overflow: auto;"> <div style="max-width: 500px; "> <h1 style="text-align: center;">Inc. Ransomware</h1> <div> <p>We have hacked you and downloaded all confidential data of your company a --- Inc. Ransomware We have hacked you and downloaded all confidential data of your company and its clients. It can be spread out to people and media. Your reputation will be ruined. Do not hesitate and save your business. Please, contact us via: http://incpaysp74dphcbjyvg2eepxnl3tkgt5mq5vd4tnjusoissz342bdnad.onion/ Your personal ID: [snip] We're the ones who can quickly recover your systems with no losses. Do not try to devalue our tool - nothing will come of it. Starting from now, you ha --- Inc. Ransomware We have hacked you and downloaded all confidential data of your company and its clients. It can be spread out to people and media. Your reputation will be ruined. Do not hesitate and save your business. Please, contact us via: http://incpaysp74dphcbjyvg2eepxnl3tkgt5mq5vd4tnjusoissz342bdnad.onion/ Your personal ID: [snip] We're the ones who can quickly recover your systems with no losses. Do not try to devalue our tool - nothing will come of it. Starting from now, you ha

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Industrialspy

High Risk

Industrialspy is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: We must inform you that all your company's private data were stolen and will be offered for sale in our market. You can find it in the Tor network using this link: (spyarea23ttlty6qav3ecmbclpqym3p32lksanoypvrqm6j5onstsjad.onion) The data will be uploaded there within 24 hours. Everyone will have access to it in a "private" directory. Our clients can only browse the directories and list filenames, dates of creation\modification and it's sizes. Nobody will have access to your files or an option Sample ransom note: We must inform you that all your company's private data were stolen and will be offered for sale in our market. You can find it in the Tor network using this link: (spyarea23ttlty6qav3ecmbclpqym3p32lksanoypvrqm6j5onstsjad.onion) The data will be uploaded there within 24 hours. Everyone will have access to it in a "private" directory. Our clients can only browse the directories and list filenames, dates of creation\modification and it's sizes. Nobody will have access to your files or an option Sample ransom note: We must inform you that all your company's private data were stolen and will be offered for sale in our market. You can find it in the Tor network using this link: (spyarea23ttlty6qav3ecmbclpqym3p32lksanoypvrqm6j5onstsjad.onion) The data will be uploaded there within 24 hours. Everyone will have access to it in a "private" directory. Our clients can only browse the directories and list filenames, dates of creation\modification and it's sizes. Nobody will have access to your files or an option

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Jaff

High Risk

Jaff is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: <html> <head> <meta content="text/html; charset=UTF-8" http-equiv="content-type"> <title>jaff decryptor system</title> </head> <body style="background-color: rgb(102, 204, 204); color: rgb(0, 0, 0);" alink="#ee0000" link="#0000ee" vlink="#551a8b"> <div style="position: absolute; top:0; text-align:center; width:100%" > <h1 style="font-family: System; color: rgb(102, 102, 102);"><big>jaff decryptor system</big></h1> </div> <style> .center { width: 1000px; padding: 10px; margin: auto; backgr Sample ransom note: <html> <head> <meta content="text/html; charset=UTF-8" http-equiv="content-type"> <title>jaff decryptor system</title> </head> <body style="background-color: rgb(102, 204, 204); color: rgb(0, 0, 0);" alink="#ee0000" link="#0000ee" vlink="#551a8b"> <div style="position: absolute; top:0; text-align:center; width:100%" > <h1 style="font-family: System; color: rgb(102, 102, 102);"><big>jaff decryptor system</big></h1> </div> <style> .center { width: 1000px; padding: 10px; margin: auto; backgr Sample ransom note: <html> <head> <meta content="text/html; charset=UTF-8" http-equiv="content-type"> <title>jaff decryptor system</title> </head> <body style="background-color: rgb(102, 204, 204); color: rgb(0, 0, 0);" alink="#ee0000" link="#0000ee" vlink="#551a8b"> <div style="position: absolute; top:0; text-align:center; width:100%" > <h1 style="font-family: System; color: rgb(102, 102, 102);"><big>jaff decryptor system</big></h1> </div> <style> .center { width: 1000px; padding: 10px; margin: auto; backgr

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Kairos

High Risk

Kairos is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ██╗░░██╗░█████╗░██╗██████╗░░█████╗░░██████╗ ██║░██╔╝██╔══██╗██║██╔══██╗██╔══██╗██╔════╝ █████═╝░███████║██║██████╔╝██║░░██║╚█████╗░ ██╔═██╗░██╔══██║██║██╔══██╗██║░░██║░╚═══██╗ ██║░╚██╗██║░░██║██║██║░░██║╚█████╔╝██████╔╝ ╚═╝░░╚═╝╚═╝░░╚═╝╚═╝╚═╝░░╚═╝░╚════╝░╚═════╝░ Your security was breached, allowing us to control your network for WEEKS. We are not a politically motivated group and we want nothing more than money. We have downloaded your most SENSITIVE DATA -- if you do not pay, everything will Sample ransom note: ██╗░░██╗░█████╗░██╗██████╗░░█████╗░░██████╗ ██║░██╔╝██╔══██╗██║██╔══██╗██╔══██╗██╔════╝ █████═╝░███████║██║██████╔╝██║░░██║╚█████╗░ ██╔═██╗░██╔══██║██║██╔══██╗██║░░██║░╚═══██╗ ██║░╚██╗██║░░██║██║██║░░██║╚█████╔╝██████╔╝ ╚═╝░░╚═╝╚═╝░░╚═╝╚═╝╚═╝░░╚═╝░╚════╝░╚═════╝░ Your security was breached, allowing us to control your network for WEEKS. We are not a politically motivated group and we want nothing more than money. We have downloaded your most SENSITIVE DATA -- if you do not pay, everything will Sample ransom note: ██╗░░██╗░█████╗░██╗██████╗░░█████╗░░██████╗ ██║░██╔╝██╔══██╗██║██╔══██╗██╔══██╗██╔════╝ █████═╝░███████║██║██████╔╝██║░░██║╚█████╗░ ██╔═██╗░██╔══██║██║██╔══██╗██║░░██║░╚═══██╗ ██║░╚██╗██║░░██║██║██║░░██║╚█████╔╝██████╔╝ ╚═╝░░╚═╝╚═╝░░╚═╝╚═╝╚═╝░░╚═╝░╚════╝░╚═════╝░ Your security was breached, allowing us to control your network for WEEKS. We are not a politically motivated group and we want nothing more than money. We have downloaded your most SENSITIVE DATA -- if you do not pay, everything will

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Karakurt

High Risk

Karakurt is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ===================================================================== Welcome, this is karakurt team. ===================================================================== Your network has been breached. Internal documents and files were stolen. ===================================================================== PLEASE READ THIS SO YOU CAN CONTACT US! ===================================================================== Ok, you are reading this - so it means that we have your attention. Her --- Ok, you are reading this - so it means that we have your attention. Here's the deal : 1. We breached your internal network and took control over all of your systems. 2. We analyzed and located each piece of more-or-less important files while spending weeks inside. 3. We exfiltrated anything we wanted (the total size of taken data is 1000 (!!!) GB BUT it is very sensitive and very confidential. Our team attacked you pointwise) You can find full listing of taken files in attached file. FAQ: Sample ransom note: ===================================================================== Welcome, this is karakurt team. ===================================================================== Your network has been breached. Internal documents and files were stolen. ===================================================================== PLEASE READ THIS SO YOU CAN CONTACT US! ===================================================================== Ok, you are reading this - so it means that we have your attention. Her --- Ok, you are reading this - so it means that we have your attention. Here's the deal : 1. We breached your internal network and took control over all of your systems. 2. We analyzed and located each piece of more-or-less important files while spending weeks inside. 3. We exfiltrated anything we wanted (the total size of taken data is 1000 (!!!) GB BUT it is very sensitive and very confidential. Our team attacked you pointwise) You can find full listing of taken files in attached file. FAQ: Sample ransom note: ===================================================================== Welcome, this is karakurt team. ===================================================================== Your network has been breached. Internal documents and files were stolen. ===================================================================== PLEASE READ THIS SO YOU CAN CONTACT US! ===================================================================== Ok, you are reading this - so it means that we have your attention. Her --- Ok, you are reading this - so it means that we have your attention. Here's the deal : 1. We breached your internal network and took control over all of your systems. 2. We analyzed and located each piece of more-or-less important files while spending weeks inside. 3. We exfiltrated anything we wanted (the total size of taken data is 1000 (!!!) GB BUT it is very sensitive and very confidential. Our team attacked you pointwise) You can find full listing of taken files in attached file. FAQ:

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Karma

High Risk

Karma is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Your network has been breached by Karma ransomware group. We have extracted valuable or sensitive data from your network and encrypted the data on your systems. Decryption is only possible with a private key that only we posses. Our group's only aim is to financially benefit from our brief acquaintance,this is a guarantee that we will do what we promise. Scamming is just bad for business in this line of work. Contact us to negotiate the terms of reversing the damage we have done and deleting Sample ransom note: Your network has been breached by Karma ransomware group. We have extracted valuable or sensitive data from your network and encrypted the data on your systems. Decryption is only possible with a private key that only we posses. Our group's only aim is to financially benefit from our brief acquaintance,this is a guarantee that we will do what we promise. Scamming is just bad for business in this line of work. Contact us to negotiate the terms of reversing the damage we have done and deleting Sample ransom note: Your network has been breached by Karma ransomware group. We have extracted valuable or sensitive data from your network and encrypted the data on your systems. Decryption is only possible with a private key that only we posses. Our group's only aim is to financially benefit from our brief acquaintance,this is a guarantee that we will do what we promise. Scamming is just bad for business in this line of work. Contact us to negotiate the terms of reversing the damage we have done and deleting

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Knight

High Risk

Knight is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: >> What happens? Your files are encrypted, without our help, it's irreversible. We got all of your confidential data, including business information.If we do not receive payment, we will leak the data(Including your competitors or law enforcement may get them on the web).Of course our disclosure will not reveal the complete document, some confidential information will appear in redacted form, which will not be recoverable on a computer.Everyone needs to be paid for their labor, and if you do --- >> What happens? Your data is stolen and encrypted.If you don't pay the ransom, the data will be published on our blog(http://knight3xppu263m7g4ag3xlit2qxpryjwueobh7vjdc3zrscqlfu3pqd.onion). Keep in mind that once your data appears on our blog, it could be bought by your competitors at any second, so don't hesitate for a long time. >> How to contact with us? 1. Download and install TOR Browser (https://www.torproject.org/).[If you don't know that, Google search!] 2. Open http://3r7zqtidvuj Sample ransom note: >> What happens? Your files are encrypted, without our help, it's irreversible. We got all of your confidential data, including business information.If we do not receive payment, we will leak the data(Including your competitors or law enforcement may get them on the web).Of course our disclosure will not reveal the complete document, some confidential information will appear in redacted form, which will not be recoverable on a computer.Everyone needs to be paid for their labor, and if you do --- >> What happens? Your data is stolen and encrypted.If you don't pay the ransom, the data will be published on our blog(http://knight3xppu263m7g4ag3xlit2qxpryjwueobh7vjdc3zrscqlfu3pqd.onion). Keep in mind that once your data appears on our blog, it could be bought by your competitors at any second, so don't hesitate for a long time. >> How to contact with us? 1. Download and install TOR Browser (https://www.torproject.org/).[If you don't know that, Google search!] 2. Open http://3r7zqtidvuj Sample ransom note: >> What happens? Your files are encrypted, without our help, it's irreversible. We got all of your confidential data, including business information.If we do not receive payment, we will leak the data(Including your competitors or law enforcement may get them on the web).Of course our disclosure will not reveal the complete document, some confidential information will appear in redacted form, which will not be recoverable on a computer.Everyone needs to be paid for their labor, and if you do --- >> What happens? Your data is stolen and encrypted.If you don't pay the ransom, the data will be published on our blog(http://knight3xppu263m7g4ag3xlit2qxpryjwueobh7vjdc3zrscqlfu3pqd.onion). Keep in mind that once your data appears on our blog, it could be bought by your competitors at any second, so don't hesitate for a long time. >> How to contact with us? 1. Download and install TOR Browser (https://www.torproject.org/).[If you don't know that, Google search!] 2. Open http://3r7zqtidvuj

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Krypt

High Risk

Krypt is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: <?> What happend? All your files are encrypted and stolen. We recover your files in exchange for money. <?> What guarantees? You can contact us and send us an unimportant file less than 1 MG, We decrypt it as guarantee. If we do not send you the decryption software or delete stolen data, no one will pay us in future so we will keep our promise. <?> How we can contact you? [1] TOR website - RECOMMENDED: | 1. Download and install Tor browser - https://www.torproject.org/downl Sample ransom note: <?> What happend? All your files are encrypted and stolen. We recover your files in exchange for money. <?> What guarantees? You can contact us and send us an unimportant file less than 1 MG, We decrypt it as guarantee. If we do not send you the decryption software or delete stolen data, no one will pay us in future so we will keep our promise. <?> How we can contact you? [1] TOR website - RECOMMENDED: | 1. Download and install Tor browser - https://www.torproject.org/downl Sample ransom note: <?> What happend? All your files are encrypted and stolen. We recover your files in exchange for money. <?> What guarantees? You can contact us and send us an unimportant file less than 1 MG, We decrypt it as guarantee. If we do not send you the decryption software or delete stolen data, no one will pay us in future so we will keep our promise. <?> How we can contact you? [1] TOR website - RECOMMENDED: | 1. Download and install Tor browser - https://www.torproject.org/downl

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Linkc

High Risk

Linkc is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Sensitive data on your network was exfiltrated and encrypted. Please contact us for more information: 1) Get Tor Browser: https://www.torproject.org/download 2) Log in to: http://xs4psqhvekjle3qwyiav7dzccuo4ylw2eylvd3peuqrld74kzzjzhcyd.onion/?secret=[snip] Sample ransom note: Sensitive data on your network was exfiltrated and encrypted. Please contact us for more information: 1) Get Tor Browser: https://www.torproject.org/download 2) Log in to: http://xs4psqhvekjle3qwyiav7dzccuo4ylw2eylvd3peuqrld74kzzjzhcyd.onion/?secret=[snip] Sample ransom note: Sensitive data on your network was exfiltrated and encrypted. Please contact us for more information: 1) Get Tor Browser: https://www.torproject.org/download 2) Log in to: http://xs4psqhvekjle3qwyiav7dzccuo4ylw2eylvd3peuqrld74kzzjzhcyd.onion/?secret=[snip]

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Kuiper

High Risk

Kuiper is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Your network has been compromised! All your important data has been encrypted! There is only one way to get your data back to normal: 1. Contact us as soon as possible to avoid damages and losses from your business. 2. Send to us any encrypted file of your choice and your personal key. 3. We will decrypt 1 file for test (maximum file size = 1 MB), its guaranteed that we can decrypt your files. 4. Pay the amount required in order to restore your network back to normal. 5. We will then send you Sample ransom note: Your network has been compromised! All your important data has been encrypted! There is only one way to get your data back to normal: 1. Contact us as soon as possible to avoid damages and losses from your business. 2. Send to us any encrypted file of your choice and your personal key. 3. We will decrypt 1 file for test (maximum file size = 1 MB), its guaranteed that we can decrypt your files. 4. Pay the amount required in order to restore your network back to normal. 5. We will then send you Sample ransom note: Your network has been compromised! All your important data has been encrypted! There is only one way to get your data back to normal: 1. Contact us as soon as possible to avoid damages and losses from your business. 2. Send to us any encrypted file of your choice and your personal key. 3. We will decrypt 1 file for test (maximum file size = 1 MB), its guaranteed that we can decrypt your files. 4. Pay the amount required in order to restore your network back to normal. 5. We will then send you

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Lambda

High Risk

Lambda is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: [[=== Lambda Ransomware ===]] [+] What's happened? All your files are encrypted and stolen, but you need to follow our instructions. otherwise, you cant return your data (NEVER). [+] What guarantees? Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, we decrypt one file for free. That is our guarantee. If Sample ransom note: [[=== Lambda Ransomware ===]] [+] What's happened? All your files are encrypted and stolen, but you need to follow our instructions. otherwise, you cant return your data (NEVER). [+] What guarantees? Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, we decrypt one file for free. That is our guarantee. If Sample ransom note: [[=== Lambda Ransomware ===]] [+] What's happened? All your files are encrypted and stolen, but you need to follow our instructions. otherwise, you cant return your data (NEVER). [+] What guarantees? Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, we decrypt one file for free. That is our guarantee. If

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Lapiovra

High Risk

Lapiovra is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Lilith

High Risk

Lilith is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: All your important files have been encrypted and stolen! Contact us for price and get decryption software. You have 3 days to contact us for negotiation. If you don't contact within three days, we'll start leaking data. 1) Contact our tox. Tox download address: hxxps://tox.chat/ Our poison ID: [snip] * Note that this server is available via Tor browser only Follow the instructions to open the link: 1. Type the addres "hxxps://www.torproject.org" in your Internet browser. It opens the Tor s Sample ransom note: All your important files have been encrypted and stolen! Contact us for price and get decryption software. You have 3 days to contact us for negotiation. If you don't contact within three days, we'll start leaking data. 1) Contact our tox. Tox download address: hxxps://tox.chat/ Our poison ID: [snip] * Note that this server is available via Tor browser only Follow the instructions to open the link: 1. Type the addres "hxxps://www.torproject.org" in your Internet browser. It opens the Tor s Sample ransom note: All your important files have been encrypted and stolen! Contact us for price and get decryption software. You have 3 days to contact us for negotiation. If you don't contact within three days, we'll start leaking data. 1) Contact our tox. Tox download address: hxxps://tox.chat/ Our poison ID: [snip] * Note that this server is available via Tor browser only Follow the instructions to open the link: 1. Type the addres "hxxps://www.torproject.org" in your Internet browser. It opens the Tor s

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Lockbit

High Risk

Lockbit is a ransomware variant with 4 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~ >>>>> Your data is stolen and encrypted. BLOG Tor Browser Links: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/ http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/ http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/ http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/ http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/ ht --- ~~~ You have been attacked by LockBit 4.0 - the fastest, most stable and immortal ransomware since 2019 ~~~~ >>>>> You must pay us. Tor Browser Links BLOG where the stolen infortmation will be published: ( often times to protect our web sites from ddos attacks we include ACCESS KEY - ADTISZRLVUMXDJ34RCBZFNO6BNKLEYKYS5FZPNNXK4S2RSHOENUA ) http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/ http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/ http://lockbit3o --- LockBit 2.0 Ransomware Your data are stolen and encrypted The data will be published on TOR website http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion and https://bigblog.at if you do not pay the ransom You can contact us and decrypt one file for free on these TOR sites http://lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion http://lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion OR https://decoding.at Decryption ID: [snip] Sample ransom note: ~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~ >>>>> Your data is stolen and encrypted. BLOG Tor Browser Links: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/ http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/ http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/ http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/ http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/ ht --- ~~~ You have been attacked by LockBit 4.0 - the fastest, most stable and immortal ransomware since 2019 ~~~~ >>>>> You must pay us. Tor Browser Links BLOG where the stolen infortmation will be published: ( often times to protect our web sites from ddos attacks we include ACCESS KEY - ADTISZRLVUMXDJ34RCBZFNO6BNKLEYKYS5FZPNNXK4S2RSHOENUA ) http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/ http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/ http://lockbit3o --- LockBit 2.0 Ransomware Your data are stolen and encrypted The data will be published on TOR website http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion and https://bigblog.at if you do not pay the ransom You can contact us and decrypt one file for free on these TOR sites http://lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion http://lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion OR https://decoding.at Decryption ID: [snip] Sample ransom note: ~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~ >>>>> Your data is stolen and encrypted. BLOG Tor Browser Links: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/ http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/ http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/ http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/ http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/ ht --- ~~~ You have been attacked by LockBit 4.0 - the fastest, most stable and immortal ransomware since 2019 ~~~~ >>>>> You must pay us. Tor Browser Links BLOG where the stolen infortmation will be published: ( often times to protect our web sites from ddos attacks we include ACCESS KEY - ADTISZRLVUMXDJ34RCBZFNO6BNKLEYKYS5FZPNNXK4S2RSHOENUA ) http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/ http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/ http://lockbit3o --- LockBit 2.0 Ransomware Your data are stolen and encrypted The data will be published on TOR website http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion and https://bigblog.at if you do not pay the ransom You can contact us and decrypt one file for free on these TOR sites http://lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion http://lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion OR https://decoding.at Decryption ID: [snip]

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Locky

High Risk

Locky is ransomware that was first identified in February 2016 and spread through malicious email attachments.

View Details

File Extensions

.locky, .zepto, .odin, .aesir, .thor, .osiris

Indicators

Changes desktop background to ransom message. Files renamed with unique identifier. Sample ransom note: !!! IMPORTANT INFORMATION !!!! All of your files are encrypted with RSA-2048 and AES-128 ciphers. More information about the RSA and AES can be found here: https://en.wikipedia.org/wiki/RSA_(cryptosystem) https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server. To receive your private key follow one of the links: 1. http://6dtxgqam4crv6rr6.tor2web.org Sample ransom note: !!! IMPORTANT INFORMATION !!!! All of your files are encrypted with RSA-2048 and AES-128 ciphers. More information about the RSA and AES can be found here: https://en.wikipedia.org/wiki/RSA_(cryptosystem) https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server. To receive your private key follow one of the links: 1. http://6dtxgqam4crv6rr6.tor2web.org Sample ransom note: !!! IMPORTANT INFORMATION !!!! All of your files are encrypted with RSA-2048 and AES-128 ciphers. More information about the RSA and AES can be found here: https://en.wikipedia.org/wiki/RSA_(cryptosystem) https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server. To receive your private key follow one of the links: 1. http://6dtxgqam4crv6rr6.tor2web.org

Recovery Options

No reliable free decryptors for recent variants. Professional data recovery recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Luckbit

High Risk

Luckbit is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Urgent Notice - Your Data Has Been Encrypted Attention, We regret to inform you that your computer network has been compromised, and all your valuable data has been encrypted using advanced encryption algorithms.Our team of skilled hackers gained access to your systems through a vulnerability we discovered, granting us full control over your files and databases. We are writing to you as the sole entity capable of reversing this encryption and restoring your data to its original state.However, Sample ransom note: Urgent Notice - Your Data Has Been Encrypted Attention, We regret to inform you that your computer network has been compromised, and all your valuable data has been encrypted using advanced encryption algorithms.Our team of skilled hackers gained access to your systems through a vulnerability we discovered, granting us full control over your files and databases. We are writing to you as the sole entity capable of reversing this encryption and restoring your data to its original state.However, Sample ransom note: Urgent Notice - Your Data Has Been Encrypted Attention, We regret to inform you that your computer network has been compromised, and all your valuable data has been encrypted using advanced encryption algorithms.Our team of skilled hackers gained access to your systems through a vulnerability we discovered, granting us full control over your files and databases. We are writing to you as the sole entity capable of reversing this encryption and restoring your data to its original state.However,

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Lv

High Risk

Lv is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: === Welcome to LV === [+] What's Happened? [+] Your files have been encrypted and currently unavailable. You can check it. All files in your system have gfiez7d7x extension. By the way, everything is possible to recover (restore) but you should follow our instructions. Otherwise you can NEVER return your data. [+] ATTENTION. YOUR DATA 80GB IS LEAKED [+] All your important documents was downloaded. Data leaked included: - Finance - Accounting - Bank Documents - Insurances - Clients Bases If Sample ransom note: === Welcome to LV === [+] What's Happened? [+] Your files have been encrypted and currently unavailable. You can check it. All files in your system have gfiez7d7x extension. By the way, everything is possible to recover (restore) but you should follow our instructions. Otherwise you can NEVER return your data. [+] ATTENTION. YOUR DATA 80GB IS LEAKED [+] All your important documents was downloaded. Data leaked included: - Finance - Accounting - Bank Documents - Insurances - Clients Bases If Sample ransom note: === Welcome to LV === [+] What's Happened? [+] Your files have been encrypted and currently unavailable. You can check it. All files in your system have gfiez7d7x extension. By the way, everything is possible to recover (restore) but you should follow our instructions. Otherwise you can NEVER return your data. [+] ATTENTION. YOUR DATA 80GB IS LEAKED [+] All your important documents was downloaded. Data leaked included: - Finance - Accounting - Bank Documents - Insurances - Clients Bases If

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Medusa

High Risk

Medusa is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: $$\ $$\ $$$$$$$$\ $$$$$$$\ $$\ $$\ $$$$$$\ $$$$$$\ $$$\ $$$ |$$ _____|$$ __$$\ $$ | $$ |$$ __$$\ $$ __$$\ $$$$\ $$$$ |$$ | $$ | $$ |$$ | $$ |$$ / \__|$$ / $$ | $$\$$\$$ $$ |$$$$$\ $$ | $$ |$$ | $$ |\$$$$$$\ $$$$$$$$ | $$ \$$$ $$ |$$ __| $$ | $$ |$$ | $$ | \____$$\ $$ __$$ | $$ |\$ /$$ |$$ | $$ | $$ |$$ | $$ |$$\ $$ |$$ | $$ | $$ | \_/ $$ |$$$$$$$$\ $$$$$$$ |\$$$$$$ |\$$$$$$ |$$ | $$ | \__| \__|\________|\_______/ \______/ \______/ --- $$\ $$\ $$$$$$$$\ $$$$$$$\ $$\ $$\ $$$$$$\ $$$$$$\ $$$\ $$$ |$$ _____|$$ __$$\ $$ | $$ |$$ __$$\ $$ __$$\ $$$$\ $$$$ |$$ | $$ | $$ |$$ | $$ |$$ / \__|$$ / $$ | $$\$$\$$ $$ |$$$$$\ $$ | $$ |$$ | $$ |\$$$$$$\ $$$$$$$$ | $$ \$$$ $$ |$$ __| $$ | $$ |$$ | $$ | \____$$\ $$ __$$ | $$ |\$ /$$ |$$ | $$ | $$ |$$ | $$ |$$\ $$ |$$ | $$ | $$ | \_/ $$ |$$$$$$$$\ $$$$$$$ |\$$$$$$ |\$$$$$$ |$$ | $$ | \__| \__|\________|\_______/ \______/ \______/ Sample ransom note: $$\ $$\ $$$$$$$$\ $$$$$$$\ $$\ $$\ $$$$$$\ $$$$$$\ $$$\ $$$ |$$ _____|$$ __$$\ $$ | $$ |$$ __$$\ $$ __$$\ $$$$\ $$$$ |$$ | $$ | $$ |$$ | $$ |$$ / \__|$$ / $$ | $$\$$\$$ $$ |$$$$$\ $$ | $$ |$$ | $$ |\$$$$$$\ $$$$$$$$ | $$ \$$$ $$ |$$ __| $$ | $$ |$$ | $$ | \____$$\ $$ __$$ | $$ |\$ /$$ |$$ | $$ | $$ |$$ | $$ |$$\ $$ |$$ | $$ | $$ | \_/ $$ |$$$$$$$$\ $$$$$$$ |\$$$$$$ |\$$$$$$ |$$ | $$ | \__| \__|\________|\_______/ \______/ \______/ --- $$\ $$\ $$$$$$$$\ $$$$$$$\ $$\ $$\ $$$$$$\ $$$$$$\ $$$\ $$$ |$$ _____|$$ __$$\ $$ | $$ |$$ __$$\ $$ __$$\ $$$$\ $$$$ |$$ | $$ | $$ |$$ | $$ |$$ / \__|$$ / $$ | $$\$$\$$ $$ |$$$$$\ $$ | $$ |$$ | $$ |\$$$$$$\ $$$$$$$$ | $$ \$$$ $$ |$$ __| $$ | $$ |$$ | $$ | \____$$\ $$ __$$ | $$ |\$ /$$ |$$ | $$ | $$ |$$ | $$ |$$\ $$ |$$ | $$ | $$ | \_/ $$ |$$$$$$$$\ $$$$$$$ |\$$$$$$ |\$$$$$$ |$$ | $$ | \__| \__|\________|\_______/ \______/ \______/ Sample ransom note: $$\ $$\ $$$$$$$$\ $$$$$$$\ $$\ $$\ $$$$$$\ $$$$$$\ $$$\ $$$ |$$ _____|$$ __$$\ $$ | $$ |$$ __$$\ $$ __$$\ $$$$\ $$$$ |$$ | $$ | $$ |$$ | $$ |$$ / \__|$$ / $$ | $$\$$\$$ $$ |$$$$$\ $$ | $$ |$$ | $$ |\$$$$$$\ $$$$$$$$ | $$ \$$$ $$ |$$ __| $$ | $$ |$$ | $$ | \____$$\ $$ __$$ | $$ |\$ /$$ |$$ | $$ | $$ |$$ | $$ |$$\ $$ |$$ | $$ | $$ | \_/ $$ |$$$$$$$$\ $$$$$$$ |\$$$$$$ |\$$$$$$ |$$ | $$ | \__| \__|\________|\_______/ \______/ \______/ --- $$\ $$\ $$$$$$$$\ $$$$$$$\ $$\ $$\ $$$$$$\ $$$$$$\ $$$\ $$$ |$$ _____|$$ __$$\ $$ | $$ |$$ __$$\ $$ __$$\ $$$$\ $$$$ |$$ | $$ | $$ |$$ | $$ |$$ / \__|$$ / $$ | $$\$$\$$ $$ |$$$$$\ $$ | $$ |$$ | $$ |\$$$$$$\ $$$$$$$$ | $$ \$$$ $$ |$$ __| $$ | $$ |$$ | $$ | \____$$\ $$ __$$ | $$ |\$ /$$ |$$ | $$ | $$ |$$ | $$ |$$\ $$ |$$ | $$ | $$ | \_/ $$ |$$$$$$$$\ $$$$$$$ |\$$$$$$ |\$$$$$$ |$$ | $$ | \__| \__|\________|\_______/ \______/ \______/

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Lynx

High Risk

Lynx is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Your data is stolen and encrypted. Your unique identificator is [snip] Use this TOR site to contact with us: http://lynxch2k5xi35j7hlbmwl7d6u2oz4vp2wqp6qkwol624cod3d6iqiyqd.onion/login Use this email to contact with us: [email protected] Our blog ~ TOR Network: http://lynxbllrfr5262yvbgtqoyq76s7mpztcqkv6tjjxgpilpma7nyoeohyd.onion/disclosures ~ Mirror #1: http://lynxblog.net/ --- Your data is stolen and encrypted. Download TOR Browser to contact with us. ID ~ [snip] Chat site: ~ TOR Network: http://lynxchatly4zludmhmi75jrwhycnoqvkxb4prohxmyzf4euf5gjxroad.onion/login ~ TOR Mirror #1: http://lynxchatfw4rgsclp4567i4llkqjr2kltaumwwobxdik3qa2oorrknad.onion/login ~ TOR Mirror #2: http://lynxchatohmppv6au67lloc2vs6chy7nya7dsu2hhs55mcjxp2joglad.onion/login ~ TOR Mirror #3: http://lynxchatbykq2vycvyrtjqb3yuj4ze2wvdubzr2u6b632trwvdbsgmyd.onion/login ~ TOR Mirror #4: http:/ Sample ransom note: Your data is stolen and encrypted. Your unique identificator is [snip] Use this TOR site to contact with us: http://lynxch2k5xi35j7hlbmwl7d6u2oz4vp2wqp6qkwol624cod3d6iqiyqd.onion/login Use this email to contact with us: [email protected] Our blog ~ TOR Network: http://lynxbllrfr5262yvbgtqoyq76s7mpztcqkv6tjjxgpilpma7nyoeohyd.onion/disclosures ~ Mirror #1: http://lynxblog.net/ --- Your data is stolen and encrypted. Download TOR Browser to contact with us. ID ~ [snip] Chat site: ~ TOR Network: http://lynxchatly4zludmhmi75jrwhycnoqvkxb4prohxmyzf4euf5gjxroad.onion/login ~ TOR Mirror #1: http://lynxchatfw4rgsclp4567i4llkqjr2kltaumwwobxdik3qa2oorrknad.onion/login ~ TOR Mirror #2: http://lynxchatohmppv6au67lloc2vs6chy7nya7dsu2hhs55mcjxp2joglad.onion/login ~ TOR Mirror #3: http://lynxchatbykq2vycvyrtjqb3yuj4ze2wvdubzr2u6b632trwvdbsgmyd.onion/login ~ TOR Mirror #4: http:/ Sample ransom note: Your data is stolen and encrypted. Your unique identificator is [snip] Use this TOR site to contact with us: http://lynxch2k5xi35j7hlbmwl7d6u2oz4vp2wqp6qkwol624cod3d6iqiyqd.onion/login Use this email to contact with us: [email protected] Our blog ~ TOR Network: http://lynxbllrfr5262yvbgtqoyq76s7mpztcqkv6tjjxgpilpma7nyoeohyd.onion/disclosures ~ Mirror #1: http://lynxblog.net/ --- Your data is stolen and encrypted. Download TOR Browser to contact with us. ID ~ [snip] Chat site: ~ TOR Network: http://lynxchatly4zludmhmi75jrwhycnoqvkxb4prohxmyzf4euf5gjxroad.onion/login ~ TOR Mirror #1: http://lynxchatfw4rgsclp4567i4llkqjr2kltaumwwobxdik3qa2oorrknad.onion/login ~ TOR Mirror #2: http://lynxchatohmppv6au67lloc2vs6chy7nya7dsu2hhs55mcjxp2joglad.onion/login ~ TOR Mirror #3: http://lynxchatbykq2vycvyrtjqb3yuj4ze2wvdubzr2u6b632trwvdbsgmyd.onion/login ~ TOR Mirror #4: http:/

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Magniber

High Risk

Magniber is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ==================================================================================================== Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third party software will be fatal for your files! =============================== Sample ransom note: ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ==================================================================================================== Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third party software will be fatal for your files! =============================== Sample ransom note: ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ==================================================================================================== Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the private key and decryption program. Any attempts to restore your files with the third party software will be fatal for your files! ===============================

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Makop

High Risk

Makop is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: All of your files have been encrypted. Your backup files as well. We have exfiltrated tons of your private data to our servers including data of your clients Read on. In order to restore your operations avoid leaking/selling your data and keep your business reputation intact contact us directly on the below TOX ID as soon as possible. 1) TOX Download: https://tox.chat/ 2) TOX ID: 4A7F41CC6A5B87AF99450066F313C224D4E0E5501414670A8C5B802403E6292F9A8D1936A9F0 3) Install TOX and add the TOX ID in th Sample ransom note: All of your files have been encrypted. Your backup files as well. We have exfiltrated tons of your private data to our servers including data of your clients Read on. In order to restore your operations avoid leaking/selling your data and keep your business reputation intact contact us directly on the below TOX ID as soon as possible. 1) TOX Download: https://tox.chat/ 2) TOX ID: 4A7F41CC6A5B87AF99450066F313C224D4E0E5501414670A8C5B802403E6292F9A8D1936A9F0 3) Install TOX and add the TOX ID in th Sample ransom note: All of your files have been encrypted. Your backup files as well. We have exfiltrated tons of your private data to our servers including data of your clients Read on. In order to restore your operations avoid leaking/selling your data and keep your business reputation intact contact us directly on the below TOX ID as soon as possible. 1) TOX Download: https://tox.chat/ 2) TOX ID: 4A7F41CC6A5B87AF99450066F313C224D4E0E5501414670A8C5B802403E6292F9A8D1936A9F0 3) Install TOX and add the TOX ID in th

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Mallox

High Risk

Mallox is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Hello Your files are encrypted and can not be used To return your files in work condition you need decryption tool Follow the instructions to decrypt all your data Do not try to change or restore files yourself, this will break them If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB How to get decryption tool: 1) Download and install TOR browser by this link: https://www.torproject.org/download/ 2) If TOR --- Hello Your files are encrypted and can not be used We have downloaded your confidential data and are ready to publish it on our blog To return your files in work condition you need decryption tool Follow the instructions to decrypt all your data Do not try to change or restore files yourself, this will break them If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB How to get decryption tool: 1) Download an Sample ransom note: Hello Your files are encrypted and can not be used To return your files in work condition you need decryption tool Follow the instructions to decrypt all your data Do not try to change or restore files yourself, this will break them If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB How to get decryption tool: 1) Download and install TOR browser by this link: https://www.torproject.org/download/ 2) If TOR --- Hello Your files are encrypted and can not be used We have downloaded your confidential data and are ready to publish it on our blog To return your files in work condition you need decryption tool Follow the instructions to decrypt all your data Do not try to change or restore files yourself, this will break them If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB How to get decryption tool: 1) Download an Sample ransom note: Hello Your files are encrypted and can not be used To return your files in work condition you need decryption tool Follow the instructions to decrypt all your data Do not try to change or restore files yourself, this will break them If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB How to get decryption tool: 1) Download and install TOR browser by this link: https://www.torproject.org/download/ 2) If TOR --- Hello Your files are encrypted and can not be used We have downloaded your confidential data and are ready to publish it on our blog To return your files in work condition you need decryption tool Follow the instructions to decrypt all your data Do not try to change or restore files yourself, this will break them If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB How to get decryption tool: 1) Download an

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Maze

High Risk

Maze is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Attention! ---------------------------- | What happened? ---------------------------- All your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms. You cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps. ---------------------------- | How to get my files back? ---------------------------- The only method to restore your files is to purchase a unique for you private key which is s Sample ransom note: Attention! ---------------------------- | What happened? ---------------------------- All your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms. You cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps. ---------------------------- | How to get my files back? ---------------------------- The only method to restore your files is to purchase a unique for you private key which is s Sample ransom note: Attention! ---------------------------- | What happened? ---------------------------- All your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms. You cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps. ---------------------------- | How to get my files back? ---------------------------- The only method to restore your files is to purchase a unique for you private key which is s

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Medusalocker

High Risk

Medusalocker is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: <html> <style type="text/css"> body { background-color: #f5f5f5; } h1, h3{ text-align: center; text-transform: uppercase; font-weight: normal; } /*---*/ .tabs1{ display: block; margin: auto; } .tabs1 .head{ text-align: center; float: top; padding: 0px; text-transform: uppercase; font-weight: normal; display: block; background: #81bef7; color: #DF0101; font-size: 30px; } .tabs1 .identi { font-size: 10px; text-al Sample ransom note: <html> <style type="text/css"> body { background-color: #f5f5f5; } h1, h3{ text-align: center; text-transform: uppercase; font-weight: normal; } /*---*/ .tabs1{ display: block; margin: auto; } .tabs1 .head{ text-align: center; float: top; padding: 0px; text-transform: uppercase; font-weight: normal; display: block; background: #81bef7; color: #DF0101; font-size: 30px; } .tabs1 .identi { font-size: 10px; text-al Sample ransom note: <html> <style type="text/css"> body { background-color: #f5f5f5; } h1, h3{ text-align: center; text-transform: uppercase; font-weight: normal; } /*---*/ .tabs1{ display: block; margin: auto; } .tabs1 .head{ text-align: center; float: top; padding: 0px; text-transform: uppercase; font-weight: normal; display: block; background: #81bef7; color: #DF0101; font-size: 30px; } .tabs1 .identi { font-size: 10px; text-al

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Moneymessage

High Risk

Moneymessage is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Your files was stolen by "Money message" profitable organization. Dear managers and founders of the company! Your business uses the possibilities of modern information technologies for its own brand and business reputation, which results in an increase in sales of insurance services and the attraction of both new and existing customers. Our specialists found that your company did not have sufficient protection against the leakage of personal data. You have neglected the trust of your customers --- Your files was encrypted by "Money message" profitable organization and can't be accessed anymore. If you pay ransom, you will get a decryptor to decrypt them. Don't try to decrypt files yourself - in that case they will be damaged and unrecoverable. For further negotiations open this clientcuworpelkdwecucgvfhp5uz5n7uohsnokndrlhm2zkntyg3had.onion/chat.php?chatId=[snip] using tor browser https://www.torproject.org/download/ In case you refuse to pay, we will post the files we stole from your Sample ransom note: Your files was stolen by "Money message" profitable organization. Dear managers and founders of the company! Your business uses the possibilities of modern information technologies for its own brand and business reputation, which results in an increase in sales of insurance services and the attraction of both new and existing customers. Our specialists found that your company did not have sufficient protection against the leakage of personal data. You have neglected the trust of your customers --- Your files was encrypted by "Money message" profitable organization and can't be accessed anymore. If you pay ransom, you will get a decryptor to decrypt them. Don't try to decrypt files yourself - in that case they will be damaged and unrecoverable. For further negotiations open this clientcuworpelkdwecucgvfhp5uz5n7uohsnokndrlhm2zkntyg3had.onion/chat.php?chatId=[snip] using tor browser https://www.torproject.org/download/ In case you refuse to pay, we will post the files we stole from your Sample ransom note: Your files was stolen by "Money message" profitable organization. Dear managers and founders of the company! Your business uses the possibilities of modern information technologies for its own brand and business reputation, which results in an increase in sales of insurance services and the attraction of both new and existing customers. Our specialists found that your company did not have sufficient protection against the leakage of personal data. You have neglected the trust of your customers --- Your files was encrypted by "Money message" profitable organization and can't be accessed anymore. If you pay ransom, you will get a decryptor to decrypt them. Don't try to decrypt files yourself - in that case they will be damaged and unrecoverable. For further negotiations open this clientcuworpelkdwecucgvfhp5uz5n7uohsnokndrlhm2zkntyg3had.onion/chat.php?chatId=[snip] using tor browser https://www.torproject.org/download/ In case you refuse to pay, we will post the files we stole from your

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Monti

High Risk

Monti is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: All of your files are currently encrypted by BIDON strain. If you don't know who we are - just "Google it." As you already know, all of your data has been encrypted by our software. It cannot be recovered by any means without contacting our team directly. DON'T TRY TO RECOVER your data by yourselves. Any attempt to recover your data (including the usage of the additional recovery software) can damage your files. However, if you want to try - we recommend choosing the data of the lowest value. --- All of your files are currently encrypted by MONTI strain. If you don't know who we are - just "Google it." As you already know, all of your data has been encrypted by our software. It cannot be recovered by any means without contacting our team directly. DON'T TRY TO RECOVER your data by yourselves. Any attempt to recover your data (including the usage of the additional recovery software) can damage your files. However, if you want to try - we recommend choosing the data of the lowest value. Sample ransom note: All of your files are currently encrypted by BIDON strain. If you don't know who we are - just "Google it." As you already know, all of your data has been encrypted by our software. It cannot be recovered by any means without contacting our team directly. DON'T TRY TO RECOVER your data by yourselves. Any attempt to recover your data (including the usage of the additional recovery software) can damage your files. However, if you want to try - we recommend choosing the data of the lowest value. --- All of your files are currently encrypted by MONTI strain. If you don't know who we are - just "Google it." As you already know, all of your data has been encrypted by our software. It cannot be recovered by any means without contacting our team directly. DON'T TRY TO RECOVER your data by yourselves. Any attempt to recover your data (including the usage of the additional recovery software) can damage your files. However, if you want to try - we recommend choosing the data of the lowest value. Sample ransom note: All of your files are currently encrypted by BIDON strain. If you don't know who we are - just "Google it." As you already know, all of your data has been encrypted by our software. It cannot be recovered by any means without contacting our team directly. DON'T TRY TO RECOVER your data by yourselves. Any attempt to recover your data (including the usage of the additional recovery software) can damage your files. However, if you want to try - we recommend choosing the data of the lowest value. --- All of your files are currently encrypted by MONTI strain. If you don't know who we are - just "Google it." As you already know, all of your data has been encrypted by our software. It cannot be recovered by any means without contacting our team directly. DON'T TRY TO RECOVER your data by yourselves. Any attempt to recover your data (including the usage of the additional recovery software) can damage your files. However, if you want to try - we recommend choosing the data of the lowest value.

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Morpheus

High Risk

Morpheus is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Naga

High Risk

Naga is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: :: :. -=: =: :=+=:.==:-. .-++=::--=+++=+++: .:----::.-=+==***+**=. .=*=-=+**+=-=*******=+**=. .= Sample ransom note: :: :. -=: =: :=+=:.==:-. .-++=::--=+++=+++: .:----::.-=+==***+**=. .=*=-=+**+=-=*******=+**=. .= Sample ransom note: :: :. -=: =: :=+=:.==:-. .-++=::--=+++=+++: .:----::.-=+==***+**=. .=*=-=+**+=-=*******=+**=. .=

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Nefilim

High Risk

Nefilim is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Two things have happened to your company. ========================================================================================================================== All of your files have been encrypted with military grade algorithms. The only way to retrieve your data is with our software. Restoration of your data requires a private key which only we possess. ========================================================================================================================== Informat Sample ransom note: Two things have happened to your company. ========================================================================================================================== All of your files have been encrypted with military grade algorithms. The only way to retrieve your data is with our software. Restoration of your data requires a private key which only we possess. ========================================================================================================================== Informat Sample ransom note: Two things have happened to your company. ========================================================================================================================== All of your files have been encrypted with military grade algorithms. The only way to retrieve your data is with our software. Restoration of your data requires a private key which only we possess. ========================================================================================================================== Informat

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Nemty

High Risk

Nemty is a ransomware variant with 3 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ---=== NEMTY PROJECT ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on you computer has extension .nemty By the way, everything is possible to restore, but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] It's just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate w --- NEMTY PROJECT V1.6 Don't worry, all your encrypted files can be restored. It's a business, if we can't provide full decryption, other people won't trust us. In confirmation, that we have decryption key, we can provide you test decryption. On our website you can upload 1 encrypted picture (png,bmp,jpg,gif) and get it decrypted. There is no way to decrypt your files without our help. Don't trust anyone. Even your dog. There is 1 way how to get to the website: 1) Any browser a) Open your bro --- ---> NEMTY 2.5 REVENGE <--- Some (or maybe all) of your files got encryped. We provide decryption tool if you pay a ransom. Don't worry, if we can't help you with decrypting - other people won't trust us. We provide test decryption, as proof that we can decrypt your data. You have 3 month to pay (after visiting the ransom page) until decryption key will be deleted from server. After 3 month no one, even our service can't make decryptor. 1) Web-Browser a) Open your browser. B) Open t Sample ransom note: ---=== NEMTY PROJECT ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on you computer has extension .nemty By the way, everything is possible to restore, but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] It's just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate w --- NEMTY PROJECT V1.6 Don't worry, all your encrypted files can be restored. It's a business, if we can't provide full decryption, other people won't trust us. In confirmation, that we have decryption key, we can provide you test decryption. On our website you can upload 1 encrypted picture (png,bmp,jpg,gif) and get it decrypted. There is no way to decrypt your files without our help. Don't trust anyone. Even your dog. There is 1 way how to get to the website: 1) Any browser a) Open your bro --- ---> NEMTY 2.5 REVENGE <--- Some (or maybe all) of your files got encryped. We provide decryption tool if you pay a ransom. Don't worry, if we can't help you with decrypting - other people won't trust us. We provide test decryption, as proof that we can decrypt your data. You have 3 month to pay (after visiting the ransom page) until decryption key will be deleted from server. After 3 month no one, even our service can't make decryptor. 1) Web-Browser a) Open your browser. B) Open t Sample ransom note: ---=== NEMTY PROJECT ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on you computer has extension .nemty By the way, everything is possible to restore, but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] It's just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate w --- NEMTY PROJECT V1.6 Don't worry, all your encrypted files can be restored. It's a business, if we can't provide full decryption, other people won't trust us. In confirmation, that we have decryption key, we can provide you test decryption. On our website you can upload 1 encrypted picture (png,bmp,jpg,gif) and get it decrypted. There is no way to decrypt your files without our help. Don't trust anyone. Even your dog. There is 1 way how to get to the website: 1) Any browser a) Open your bro --- ---> NEMTY 2.5 REVENGE <--- Some (or maybe all) of your files got encryped. We provide decryption tool if you pay a ransom. Don't worry, if we can't help you with decrypting - other people won't trust us. We provide test decryption, as proof that we can decrypt your data. You have 3 month to pay (after visiting the ransom page) until decryption key will be deleted from server. After 3 month no one, even our service can't make decryptor. 1) Web-Browser a) Open your browser. B) Open t

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Netwalker

High Risk

Netwalker is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .eebf08 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our Sample ransom note: Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .eebf08 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our Sample ransom note: Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .eebf08 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Nevada

High Risk

Nevada is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Greetings! Your files were stolen and encrypted. You have two ways: -> Pay a ransom and save your reputation. -> Wait for a miracle and lose precious time. We advise you not to wait. After 2 days of your silence we will make a call your superiors and notificate them about what's happened. After another 2 days all your competitors will be informed about your decision. Finally, after 3 days we will post your critical data on our TOR-website. If you are going to recover your files fr Sample ransom note: Greetings! Your files were stolen and encrypted. You have two ways: -> Pay a ransom and save your reputation. -> Wait for a miracle and lose precious time. We advise you not to wait. After 2 days of your silence we will make a call your superiors and notificate them about what's happened. After another 2 days all your competitors will be informed about your decision. Finally, after 3 days we will post your critical data on our TOR-website. If you are going to recover your files fr Sample ransom note: Greetings! Your files were stolen and encrypted. You have two ways: -> Pay a ransom and save your reputation. -> Wait for a miracle and lose precious time. We advise you not to wait. After 2 days of your silence we will make a call your superiors and notificate them about what's happened. After another 2 days all your competitors will be informed about your decision. Finally, after 3 days we will post your critical data on our TOR-website. If you are going to recover your files fr

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Nightspire

High Risk

Nightspire is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Dear Management, If you are reading this message, it means that: - your network infrastructure has been compromised, - sensetive data was leaked, - files are encrypted -------------------------------------------------------------------------- The best and only thing you can do is to contact us to settle the matter before any losses occurs. Onion Site: http://nspireyzmvapgiwgtuoznlafqvlyz7ey6himtgn5b --- Hi, Your hotel is hacked! Your servers and files are locked and copied. =================================== REMEMBER! We also locked files in OneDrive. And we did not change the extensions of files in OneDrive. =================================== You cannot decrypt yourself without our key, even you're using third party software or from help of security companies. Please do not waste your time. Your files will be easily decrypted with pay. Never worry. We're waiting here with UUID Sample ransom note: Dear Management, If you are reading this message, it means that: - your network infrastructure has been compromised, - sensetive data was leaked, - files are encrypted -------------------------------------------------------------------------- The best and only thing you can do is to contact us to settle the matter before any losses occurs. Onion Site: http://nspireyzmvapgiwgtuoznlafqvlyz7ey6himtgn5b --- Hi, Your hotel is hacked! Your servers and files are locked and copied. =================================== REMEMBER! We also locked files in OneDrive. And we did not change the extensions of files in OneDrive. =================================== You cannot decrypt yourself without our key, even you're using third party software or from help of security companies. Please do not waste your time. Your files will be easily decrypted with pay. Never worry. We're waiting here with UUID Sample ransom note: Dear Management, If you are reading this message, it means that: - your network infrastructure has been compromised, - sensetive data was leaked, - files are encrypted -------------------------------------------------------------------------- The best and only thing you can do is to contact us to settle the matter before any losses occurs. Onion Site: http://nspireyzmvapgiwgtuoznlafqvlyz7ey6himtgn5b --- Hi, Your hotel is hacked! Your servers and files are locked and copied. =================================== REMEMBER! We also locked files in OneDrive. And we did not change the extensions of files in OneDrive. =================================== You cannot decrypt yourself without our key, even you're using third party software or from help of security companies. Please do not waste your time. Your files will be easily decrypted with pay. Never worry. We're waiting here with UUID

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Nitrogen

High Risk

Nitrogen is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Nitrogen welcome you! Take this seriously, this is not a joke! Your company network are encrypted and your data has been stolen and downloaded to our servers. Ignoring this message will result in all your data being published on our blog: http://nitrogenczslprh3xyw6lh5xyjvmsz7ciljoqxxknd7uymkfetfhgvqd.onion This problem can be solved: 1. Your network and data can will be restored. 2. Your data is stolen and stored on our server, after receive payment it will be completely removed from our Sample ransom note: Nitrogen welcome you! Take this seriously, this is not a joke! Your company network are encrypted and your data has been stolen and downloaded to our servers. Ignoring this message will result in all your data being published on our blog: http://nitrogenczslprh3xyw6lh5xyjvmsz7ciljoqxxknd7uymkfetfhgvqd.onion This problem can be solved: 1. Your network and data can will be restored. 2. Your data is stolen and stored on our server, after receive payment it will be completely removed from our Sample ransom note: Nitrogen welcome you! Take this seriously, this is not a joke! Your company network are encrypted and your data has been stolen and downloaded to our servers. Ignoring this message will result in all your data being published on our blog: http://nitrogenczslprh3xyw6lh5xyjvmsz7ciljoqxxknd7uymkfetfhgvqd.onion This problem can be solved: 1. Your network and data can will be restored. 2. Your data is stolen and stored on our server, after receive payment it will be completely removed from our

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Noescape

High Risk

Noescape is a ransomware variant with 3 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>>> H O W T O R E C O V E R F I L E S <<<<<<<<<<<<<<<<<< -------------------------------------------------------------------------------- $$\ $$\ $$$$$$$$\ $$$\ $$ | $$ _____| $$$$\ $$ | $$$$$$\ $$ | $$$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$\ $$$$$$\ $$ $$\$$ |$$ --- -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>>> H O W T O R E C O V E R F I L E S <<<<<<<<<<<<<<<<<< -------------------------------------------------------------------------------- $$\ $$\ $$$$$$$$\ $$$\ $$ | $$ _____| $$$$\ $$ | $$$$$$\ $$ | $$$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$\ $$$$$$\ $$ $$\$$ |$$ --- > WHAT HAPPEND? Important files on your network have been ENCRYPTED and now have the extension {ext}. To recover your files, you need to follow the instructions below. > SENSITIVE DATA Sensitive data from your network has been DOWNLOADED. If you DON'T WANT to your sensitive data PUBLISHED on our leak blog, you must act quickly. LEAK BLOG: noescapemsqxvizdxyl7f7rmg5cdjwp33pg2wpmiaaibilb4btwzttad.onion Data includes: - Personal data of employees, resume, DL, SSN. - Complete network map, inclu Sample ransom note: -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>>> H O W T O R E C O V E R F I L E S <<<<<<<<<<<<<<<<<< -------------------------------------------------------------------------------- $$\ $$\ $$$$$$$$\ $$$\ $$ | $$ _____| $$$$\ $$ | $$$$$$\ $$ | $$$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$\ $$$$$$\ $$ $$\$$ |$$ --- -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>>> H O W T O R E C O V E R F I L E S <<<<<<<<<<<<<<<<<< -------------------------------------------------------------------------------- $$\ $$\ $$$$$$$$\ $$$\ $$ | $$ _____| $$$$\ $$ | $$$$$$\ $$ | $$$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$\ $$$$$$\ $$ $$\$$ |$$ --- > WHAT HAPPEND? Important files on your network have been ENCRYPTED and now have the extension {ext}. To recover your files, you need to follow the instructions below. > SENSITIVE DATA Sensitive data from your network has been DOWNLOADED. If you DON'T WANT to your sensitive data PUBLISHED on our leak blog, you must act quickly. LEAK BLOG: noescapemsqxvizdxyl7f7rmg5cdjwp33pg2wpmiaaibilb4btwzttad.onion Data includes: - Personal data of employees, resume, DL, SSN. - Complete network map, inclu Sample ransom note: -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>>> H O W T O R E C O V E R F I L E S <<<<<<<<<<<<<<<<<< -------------------------------------------------------------------------------- $$\ $$\ $$$$$$$$\ $$$\ $$ | $$ _____| $$$$\ $$ | $$$$$$\ $$ | $$$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$\ $$$$$$\ $$ $$\$$ |$$ --- -------------------------------------------------------------------------------- >>>>>>>>>>>>>>>>>> H O W T O R E C O V E R F I L E S <<<<<<<<<<<<<<<<<< -------------------------------------------------------------------------------- $$\ $$\ $$$$$$$$\ $$$\ $$ | $$ _____| $$$$\ $$ | $$$$$$\ $$ | $$$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$\ $$$$$$\ $$ $$\$$ |$$ --- > WHAT HAPPEND? Important files on your network have been ENCRYPTED and now have the extension {ext}. To recover your files, you need to follow the instructions below. > SENSITIVE DATA Sensitive data from your network has been DOWNLOADED. If you DON'T WANT to your sensitive data PUBLISHED on our leak blog, you must act quickly. LEAK BLOG: noescapemsqxvizdxyl7f7rmg5cdjwp33pg2wpmiaaibilb4btwzttad.onion Data includes: - Personal data of employees, resume, DL, SSN. - Complete network map, inclu

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Nokoyawa

High Risk

Nokoyawa is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Nokoyawa. If you see this, your files were successfully encrypted. We advice you not to search free decryption method. It's impossible. We are using symmetrical and asymmetric encryption. ATTENTION: - Don't rename encrypted files. - Don't change encrypted files. - Don't use third party software. To reach an agreement we offer you to visit our Onion Website. How to open Onion links: - Download TOR Browser from official website. - Open and enter this link: http://6yofnrq7evqrtz3tzi3dkbr --- Dear %username%, your files were encrypted, some are compromised. Be sure, you can't restore it without our help. You need a private key that only we have. Contact us to reach an agreement or we will leak your black shit to media. You will need to download TOR Browser. After installation open this link and contact with support: http://lirncvjfmdhv6samxvvlohfqx7jklfxoxj7xn3fh7qeabs3taemdsdqd.onion/pay id=[snip] Be careful with your messages or you will never get your files back. Sample ransom note: Nokoyawa. If you see this, your files were successfully encrypted. We advice you not to search free decryption method. It's impossible. We are using symmetrical and asymmetric encryption. ATTENTION: - Don't rename encrypted files. - Don't change encrypted files. - Don't use third party software. To reach an agreement we offer you to visit our Onion Website. How to open Onion links: - Download TOR Browser from official website. - Open and enter this link: http://6yofnrq7evqrtz3tzi3dkbr --- Dear %username%, your files were encrypted, some are compromised. Be sure, you can't restore it without our help. You need a private key that only we have. Contact us to reach an agreement or we will leak your black shit to media. You will need to download TOR Browser. After installation open this link and contact with support: http://lirncvjfmdhv6samxvvlohfqx7jklfxoxj7xn3fh7qeabs3taemdsdqd.onion/pay id=[snip] Be careful with your messages or you will never get your files back. Sample ransom note: Nokoyawa. If you see this, your files were successfully encrypted. We advice you not to search free decryption method. It's impossible. We are using symmetrical and asymmetric encryption. ATTENTION: - Don't rename encrypted files. - Don't change encrypted files. - Don't use third party software. To reach an agreement we offer you to visit our Onion Website. How to open Onion links: - Download TOR Browser from official website. - Open and enter this link: http://6yofnrq7evqrtz3tzi3dkbr --- Dear %username%, your files were encrypted, some are compromised. Be sure, you can't restore it without our help. You need a private key that only we have. Contact us to reach an agreement or we will leak your black shit to media. You will need to download TOR Browser. After installation open this link and contact with support: http://lirncvjfmdhv6samxvvlohfqx7jklfxoxj7xn3fh7qeabs3taemdsdqd.onion/pay id=[snip] Be careful with your messages or you will never get your files back.

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Noname

High Risk

Noname is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: If you want take back your data Contact with us For you be sure your datas available you can sent us little sized 3 file we will decrpyt and sent you back. For Contact US Please sent us all emails sometimes some email provider block our emails e-mail : [email protected] Your WorkID : [WORKID] >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! For commmunicate with us via qtox download https://tox.chat/download.html and add our QTOX ID QTOX : A5F2F6058F --- >>>> Your data are stolen and encrypted >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there i Sample ransom note: If you want take back your data Contact with us For you be sure your datas available you can sent us little sized 3 file we will decrpyt and sent you back. For Contact US Please sent us all emails sometimes some email provider block our emails e-mail : [email protected] Your WorkID : [WORKID] >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! For commmunicate with us via qtox download https://tox.chat/download.html and add our QTOX ID QTOX : A5F2F6058F --- >>>> Your data are stolen and encrypted >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there i Sample ransom note: If you want take back your data Contact with us For you be sure your datas available you can sent us little sized 3 file we will decrpyt and sent you back. For Contact US Please sent us all emails sometimes some email provider block our emails e-mail : [email protected] Your WorkID : [WORKID] >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! For commmunicate with us via qtox download https://tox.chat/download.html and add our QTOX ID QTOX : A5F2F6058F --- >>>> Your data are stolen and encrypted >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there i

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Weaxor

High Risk

Weaxor is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Your data has been encrypted In order to return your files back you need decryption tool 1)Download TOR Browser 2)Open in TOR browser link below and contact with us there: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/[snip] Or email: [email protected] Backup email: [email protected] Limit for free decryption: 3 files up to 5mb (no database or backups) --- Your files has been encrypted To recover them you need decryption tool You can contact us in two ways: 1 Download TOR Browser https://www.torproject.org/download/ (sometimes need VPN to download) Open TOR browser and follow by link below: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/[snip] 2 Or email: [email protected] Your key: [snip] Include your key in your letter Our guarantee: we provide free decyrption for 3 files up to 3 m Sample ransom note: Your data has been encrypted In order to return your files back you need decryption tool 1)Download TOR Browser 2)Open in TOR browser link below and contact with us there: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/[snip] Or email: [email protected] Backup email: [email protected] Limit for free decryption: 3 files up to 5mb (no database or backups) --- Your files has been encrypted To recover them you need decryption tool You can contact us in two ways: 1 Download TOR Browser https://www.torproject.org/download/ (sometimes need VPN to download) Open TOR browser and follow by link below: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/[snip] 2 Or email: [email protected] Your key: [snip] Include your key in your letter Our guarantee: we provide free decyrption for 3 files up to 3 m Sample ransom note: Your data has been encrypted In order to return your files back you need decryption tool 1)Download TOR Browser 2)Open in TOR browser link below and contact with us there: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/[snip] Or email: [email protected] Backup email: [email protected] Limit for free decryption: 3 files up to 5mb (no database or backups) --- Your files has been encrypted To recover them you need decryption tool You can contact us in two ways: 1 Download TOR Browser https://www.torproject.org/download/ (sometimes need VPN to download) Open TOR browser and follow by link below: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/[snip] 2 Or email: [email protected] Your key: [snip] Include your key in your letter Our guarantee: we provide free decyrption for 3 files up to 3 m

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Novagroup

High Risk

Novagroup is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: # Nova Group Your unique network Id: [snip] ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [+] What happened? Your computers and servers are encrypted, backups are deleted. We use strong encryption algorithms, so you cannot decrypt your data.Each system in the network is encrypted with a unique identifier. But you can restore everything by purch Sample ransom note: # Nova Group Your unique network Id: [snip] ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [+] What happened? Your computers and servers are encrypted, backups are deleted. We use strong encryption algorithms, so you cannot decrypt your data.Each system in the network is encrypted with a unique identifier. But you can restore everything by purch Sample ransom note: # Nova Group Your unique network Id: [snip] ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [+] What happened? Your computers and servers are encrypted, backups are deleted. We use strong encryption algorithms, so you cannot decrypt your data.Each system in the network is encrypted with a unique identifier. But you can restore everything by purch

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Nullbulge

High Risk

Nullbulge is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ~~~NULLBULGE LOCK - BASED ON LOCKBIT~~~ >>>> Your data is encrypted... but dont freak out If we encrypted you, you majorly fucked up. But... all can be saved But not for free, we require an xmr payment >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption. Life is too short to be sad. Dont be sad money is only paper. Y Sample ransom note: ~~~NULLBULGE LOCK - BASED ON LOCKBIT~~~ >>>> Your data is encrypted... but dont freak out If we encrypted you, you majorly fucked up. But... all can be saved But not for free, we require an xmr payment >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption. Life is too short to be sad. Dont be sad money is only paper. Y Sample ransom note: ~~~NULLBULGE LOCK - BASED ON LOCKBIT~~~ >>>> Your data is encrypted... but dont freak out If we encrypted you, you majorly fucked up. But... all can be saved But not for free, we require an xmr payment >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption. Life is too short to be sad. Dont be sad money is only paper. Y

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Phobos

High Risk

Phobos is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: !!!All of your files are encrypted!!! To decrypt them send e-mail to this address: [email protected]. If we don't answer in 24h., send e-mail to this address: [email protected] If there is no response from our mail, you can install the Jabber client and write to us in support of [email protected] or [email protected] Sample ransom note: !!!All of your files are encrypted!!! To decrypt them send e-mail to this address: [email protected]. If we don't answer in 24h., send e-mail to this address: [email protected] If there is no response from our mail, you can install the Jabber client and write to us in support of [email protected] or [email protected] Sample ransom note: !!!All of your files are encrypted!!! To decrypt them send e-mail to this address: [email protected]. If we don't answer in 24h., send e-mail to this address: [email protected] If there is no response from our mail, you can install the Jabber client and write to us in support of [email protected] or [email protected]

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Prolock

High Risk

Prolock is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Your files have been encrypted by ProLock Ransomware using RSA-2048 algorithm. [.:Nothing personal just business:.] No one can help you to restore files without our special decryption tool. To get your files back you have to pay the decryption fee in BTC. The final price depends on how fast you write to us. 1. Download TOR browser: https://www.torproject.org/ 2. Install the TOR Browser. 3. Open the TOR Browser. 4. Open our website in the TOR browser: msaoyrayohnp32tcgwcanhjoue Sample ransom note: Your files have been encrypted by ProLock Ransomware using RSA-2048 algorithm. [.:Nothing personal just business:.] No one can help you to restore files without our special decryption tool. To get your files back you have to pay the decryption fee in BTC. The final price depends on how fast you write to us. 1. Download TOR browser: https://www.torproject.org/ 2. Install the TOR Browser. 3. Open the TOR Browser. 4. Open our website in the TOR browser: msaoyrayohnp32tcgwcanhjoue Sample ransom note: Your files have been encrypted by ProLock Ransomware using RSA-2048 algorithm. [.:Nothing personal just business:.] No one can help you to restore files without our special decryption tool. To get your files back you have to pay the decryption fee in BTC. The final price depends on how fast you write to us. 1. Download TOR browser: https://www.torproject.org/ 2. Install the TOR Browser. 3. Open the TOR Browser. 4. Open our website in the TOR browser: msaoyrayohnp32tcgwcanhjoue

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Prometheus

High Risk

Prometheus is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: YOUR COMPANY NETWORK HAS BEEN HACKED All your important files have been encrypted! Your files are safe! Only modified.(AES) No software available on internet can help you. We are the only ones able to decrypt your files. -------------------------------------------------------------------------------- We also gathered highly confidential/personal data. These data are currently stored on a private server. Files are also encrypted and stored securely. ----------------------------------------- Sample ransom note: YOUR COMPANY NETWORK HAS BEEN HACKED All your important files have been encrypted! Your files are safe! Only modified.(AES) No software available on internet can help you. We are the only ones able to decrypt your files. -------------------------------------------------------------------------------- We also gathered highly confidential/personal data. These data are currently stored on a private server. Files are also encrypted and stored securely. ----------------------------------------- Sample ransom note: YOUR COMPANY NETWORK HAS BEEN HACKED All your important files have been encrypted! Your files are safe! Only modified.(AES) No software available on internet can help you. We are the only ones able to decrypt your files. -------------------------------------------------------------------------------- We also gathered highly confidential/personal data. These data are currently stored on a private server. Files are also encrypted and stored securely. -----------------------------------------

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Qlocker

High Risk

Qlocker is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: !!! All your files have been encrypted !!! All your files were encrypted using a private and unique key generated for the computer. This key is stored in our server and the only way to receive your key and decrypt your files is making a Bitcoin payment. To purchase your key and decrypt your files, please follow these steps: 1. Dowload the Tor Browser at "https://www.torproject.org/". If you need help, please Google for "access onion page". 2. Visit the following pages with the Tor Browser: Sample ransom note: !!! All your files have been encrypted !!! All your files were encrypted using a private and unique key generated for the computer. This key is stored in our server and the only way to receive your key and decrypt your files is making a Bitcoin payment. To purchase your key and decrypt your files, please follow these steps: 1. Dowload the Tor Browser at "https://www.torproject.org/". If you need help, please Google for "access onion page". 2. Visit the following pages with the Tor Browser: Sample ransom note: !!! All your files have been encrypted !!! All your files were encrypted using a private and unique key generated for the computer. This key is stored in our server and the only way to receive your key and decrypt your files is making a Bitcoin payment. To purchase your key and decrypt your files, please follow these steps: 1. Dowload the Tor Browser at "https://www.torproject.org/". If you need help, please Google for "access onion page". 2. Visit the following pages with the Tor Browser:

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Quantumlocker

High Risk

Quantumlocker is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: <html> <head> <title>Quantum</title> </head> <body> <h1>Your ID:</h1> <b> <pre> [snip] </pre> </b> <hr/> This message contains an information how to fix the troubles you've got with your network.<br><br> Files on the workstations in your network were encrypted and any your attempt to change, decrypt or rename them could destroy the content.<br> The only way to get files back is a decryption with Key, provided by the Quantum Locker.<br><br> During the period you Sample ransom note: <html> <head> <title>Quantum</title> </head> <body> <h1>Your ID:</h1> <b> <pre> [snip] </pre> </b> <hr/> This message contains an information how to fix the troubles you've got with your network.<br><br> Files on the workstations in your network were encrypted and any your attempt to change, decrypt or rename them could destroy the content.<br> The only way to get files back is a decryption with Key, provided by the Quantum Locker.<br><br> During the period you Sample ransom note: <html> <head> <title>Quantum</title> </head> <body> <h1>Your ID:</h1> <b> <pre> [snip] </pre> </b> <hr/> This message contains an information how to fix the troubles you've got with your network.<br><br> Files on the workstations in your network were encrypted and any your attempt to change, decrypt or rename them could destroy the content.<br> The only way to get files back is a decryption with Key, provided by the Quantum Locker.<br><br> During the period you

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Ragnarlocker

High Risk

Ragnarlocker is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ******************************************************************************************************************** HELLO [snip] ! If you reading this message, it means your network was PENETRATED and your most sensitive files were COMPROMISED ------------------------------------------------- | --- *************************************************************************************************************** HELLO [snip] ! If you reading this message, it means your network was PENETRATED and all of your files and data has been ENCRYPTED ------------------------------------------------- | Sample ransom note: ******************************************************************************************************************** HELLO [snip] ! If you reading this message, it means your network was PENETRATED and your most sensitive files were COMPROMISED ------------------------------------------------- | --- *************************************************************************************************************** HELLO [snip] ! If you reading this message, it means your network was PENETRATED and all of your files and data has been ENCRYPTED ------------------------------------------------- | Sample ransom note: ******************************************************************************************************************** HELLO [snip] ! If you reading this message, it means your network was PENETRATED and your most sensitive files were COMPROMISED ------------------------------------------------- | --- *************************************************************************************************************** HELLO [snip] ! If you reading this message, it means your network was PENETRATED and all of your files and data has been ENCRYPTED ------------------------------------------------- |

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Ragnarok

High Risk

Ragnarok is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: <!DOCTYPE html><h1>#ALL YOUR FILES ARE ENCRYPTED AND STOLEN BY RAGNAROK</h1>Dear Sir<br><br>Your files are encrypted with RSA4096 and AES encryption algorithm. <br>But don't worry, you can return all your files!! follow the instructions to recover your files <br><br>Cooperate with us and get the decrypter program as soon as possible will be your best solution.<br>Only our software can decrypt all your encrypted files.<br><br>What guarantees you have?<br>We take our reputation seriously. We reje --- It's not late to say happy new year right? but how didn't i bring a gift as the first time we met :) #what happend to your files? Unfortunately your files are encrypted with rsa4096 and aes encryption,you won't decrypt your files without our tool but don't worry,you can follow the instructions to decrypt your files 1.obviously you need a decrypt tool so that you can decrypt all of your files 2.contact with us for our btcoin address and send us your DEVICE ID after you decide to pay 3.i Sample ransom note: <!DOCTYPE html><h1>#ALL YOUR FILES ARE ENCRYPTED AND STOLEN BY RAGNAROK</h1>Dear Sir<br><br>Your files are encrypted with RSA4096 and AES encryption algorithm. <br>But don't worry, you can return all your files!! follow the instructions to recover your files <br><br>Cooperate with us and get the decrypter program as soon as possible will be your best solution.<br>Only our software can decrypt all your encrypted files.<br><br>What guarantees you have?<br>We take our reputation seriously. We reje --- It's not late to say happy new year right? but how didn't i bring a gift as the first time we met :) #what happend to your files? Unfortunately your files are encrypted with rsa4096 and aes encryption,you won't decrypt your files without our tool but don't worry,you can follow the instructions to decrypt your files 1.obviously you need a decrypt tool so that you can decrypt all of your files 2.contact with us for our btcoin address and send us your DEVICE ID after you decide to pay 3.i Sample ransom note: <!DOCTYPE html><h1>#ALL YOUR FILES ARE ENCRYPTED AND STOLEN BY RAGNAROK</h1>Dear Sir<br><br>Your files are encrypted with RSA4096 and AES encryption algorithm. <br>But don't worry, you can return all your files!! follow the instructions to recover your files <br><br>Cooperate with us and get the decrypter program as soon as possible will be your best solution.<br>Only our software can decrypt all your encrypted files.<br><br>What guarantees you have?<br>We take our reputation seriously. We reje --- It's not late to say happy new year right? but how didn't i bring a gift as the first time we met :) #what happend to your files? Unfortunately your files are encrypted with rsa4096 and aes encryption,you won't decrypt your files without our tool but don't worry,you can follow the instructions to decrypt your files 1.obviously you need a decrypt tool so that you can decrypt all of your files 2.contact with us for our btcoin address and send us your DEVICE ID after you decide to pay 3.i

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Ralord

High Risk

Ralord is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ----------------------------------------------------------------------------- RALord ransomware ----------------------------------------------------------------------------- -> Hello , without any problems , if you see this Readme its mean you under controll by RLord ransomware , the data has been stolen and everything done , but -> you can recover the files by contact us and pay the ransom , the data taken from this device or network have crenditals and your systeminfo too , without talk about Sample ransom note: ----------------------------------------------------------------------------- RALord ransomware ----------------------------------------------------------------------------- -> Hello , without any problems , if you see this Readme its mean you under controll by RLord ransomware , the data has been stolen and everything done , but -> you can recover the files by contact us and pay the ransom , the data taken from this device or network have crenditals and your systeminfo too , without talk about Sample ransom note: ----------------------------------------------------------------------------- RALord ransomware ----------------------------------------------------------------------------- -> Hello , without any problems , if you see this Readme its mean you under controll by RLord ransomware , the data has been stolen and everything done , but -> you can recover the files by contact us and pay the ransom , the data taken from this device or network have crenditals and your systeminfo too , without talk about

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Rancoz

High Risk

Rancoz is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ~~~ Hello! Your company has been hacked! ~~~ >>>> Your data are stolen and encrypted >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then Sample ransom note: ~~~ Hello! Your company has been hacked! ~~~ >>>> Your data are stolen and encrypted >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then Sample ransom note: ~~~ Hello! Your company has been hacked! ~~~ >>>> Your data are stolen and encrypted >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Ransomexx

High Risk

Ransomexx is a ransomware variant with 5 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Attention: Your data has undergone encryption. It is imperative that you abstain from any attempts to modify or rename the encrypted files, as such actions could result in substantial data loss and decryption complications. We have downloaded 134GB of your confidential data and we are ready yo publish it. Access your personalized link to communicate with us about resolving this issue (make sure to use the Tor browser): http://jbdg4buq6jd7ed3rd6cynqtq5abttuekjnxqrqyvk4xam5i7ld33jvqd.onion/[snip --- Hello! Your data was encrypted. Please don’t try to modify or rename any of encrypted files, because it can result in serious data loss and decryption failure. Note that we've downloaded a lot of your files from [snip] and we are ready to publish it. Contact us ASAP to prevent it. Your personal link with full information regarding this accident (use Tor browser): http://rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad.onion/[snip]/ --- Attention: Your data has undergone encryption.\nIt is imperative that you abstain from any attempts to modify or rename the encrypted files, as such actions could result in substantial data loss and decryption complications. Access your personalized link to communicate with us about resolving this issue (make sure to use the Tor browser): http://jbdg4buq6jd7ed3rd6cynqtq5abttuekjnxqrqyvk4xam5i7ld33jvqd.onion/[snip]/chat Sample ransom note: Attention: Your data has undergone encryption. It is imperative that you abstain from any attempts to modify or rename the encrypted files, as such actions could result in substantial data loss and decryption complications. We have downloaded 134GB of your confidential data and we are ready yo publish it. Access your personalized link to communicate with us about resolving this issue (make sure to use the Tor browser): http://jbdg4buq6jd7ed3rd6cynqtq5abttuekjnxqrqyvk4xam5i7ld33jvqd.onion/[snip --- Hello! Your data was encrypted. Please don’t try to modify or rename any of encrypted files, because it can result in serious data loss and decryption failure. Note that we've downloaded a lot of your files from [snip] and we are ready to publish it. Contact us ASAP to prevent it. Your personal link with full information regarding this accident (use Tor browser): http://rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad.onion/[snip]/ --- Attention: Your data has undergone encryption.\nIt is imperative that you abstain from any attempts to modify or rename the encrypted files, as such actions could result in substantial data loss and decryption complications. Access your personalized link to communicate with us about resolving this issue (make sure to use the Tor browser): http://jbdg4buq6jd7ed3rd6cynqtq5abttuekjnxqrqyvk4xam5i7ld33jvqd.onion/[snip]/chat Sample ransom note: Attention: Your data has undergone encryption. It is imperative that you abstain from any attempts to modify or rename the encrypted files, as such actions could result in substantial data loss and decryption complications. We have downloaded 134GB of your confidential data and we are ready yo publish it. Access your personalized link to communicate with us about resolving this issue (make sure to use the Tor browser): http://jbdg4buq6jd7ed3rd6cynqtq5abttuekjnxqrqyvk4xam5i7ld33jvqd.onion/[snip --- Hello! Your data was encrypted. Please don’t try to modify or rename any of encrypted files, because it can result in serious data loss and decryption failure. Note that we've downloaded a lot of your files from [snip] and we are ready to publish it. Contact us ASAP to prevent it. Your personal link with full information regarding this accident (use Tor browser): http://rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad.onion/[snip]/ --- Attention: Your data has undergone encryption.\nIt is imperative that you abstain from any attempts to modify or rename the encrypted files, as such actions could result in substantial data loss and decryption complications. Access your personalized link to communicate with us about resolving this issue (make sure to use the Tor browser): http://jbdg4buq6jd7ed3rd6cynqtq5abttuekjnxqrqyvk4xam5i7ld33jvqd.onion/[snip]/chat

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Ransomhub

High Risk

Ransomhub is a ransomware variant with 4 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Hello! Visit our Blog: Tor Browser Links: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/ Links for normal browser: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion.ly/ >>> Your data is stolen and encrypted. If you don't pay the ransom, the data will be published on our TOR darknet sites. Keep in mind that once your data appears on our leak site, it could be bought by your competitors at any second, so don't hesitate for a --- Hello! Visit our Blog: Tor Browser Links: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/ Links for normal browser: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion.ly/ >>> Your data is stolen and encrypted. If you don't pay the ransom, the data will be published on our TOR darknet sites. Keep in mind that once your data appears on our leak site, it could be bought by your competitors at any second, so don't hesitate for a --- We are the RansomHub. Your company Servers are locked and Data has been taken to our servers. This is serious. Good news: - your server system and data will be restored by our Decryption Tool; - for now, your data is secured and safely stored on our server; - nobody in the world is aware about the data leak from your company except you and RansomHub team; FAQs: Who we are? - Normal Browser Links: https://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion.ly/ - Tor Browser Links: Sample ransom note: Hello! Visit our Blog: Tor Browser Links: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/ Links for normal browser: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion.ly/ >>> Your data is stolen and encrypted. If you don't pay the ransom, the data will be published on our TOR darknet sites. Keep in mind that once your data appears on our leak site, it could be bought by your competitors at any second, so don't hesitate for a --- Hello! Visit our Blog: Tor Browser Links: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/ Links for normal browser: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion.ly/ >>> Your data is stolen and encrypted. If you don't pay the ransom, the data will be published on our TOR darknet sites. Keep in mind that once your data appears on our leak site, it could be bought by your competitors at any second, so don't hesitate for a --- We are the RansomHub. Your company Servers are locked and Data has been taken to our servers. This is serious. Good news: - your server system and data will be restored by our Decryption Tool; - for now, your data is secured and safely stored on our server; - nobody in the world is aware about the data leak from your company except you and RansomHub team; FAQs: Who we are? - Normal Browser Links: https://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion.ly/ - Tor Browser Links: Sample ransom note: Hello! Visit our Blog: Tor Browser Links: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/ Links for normal browser: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion.ly/ >>> Your data is stolen and encrypted. If you don't pay the ransom, the data will be published on our TOR darknet sites. Keep in mind that once your data appears on our leak site, it could be bought by your competitors at any second, so don't hesitate for a --- Hello! Visit our Blog: Tor Browser Links: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/ Links for normal browser: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion.ly/ >>> Your data is stolen and encrypted. If you don't pay the ransom, the data will be published on our TOR darknet sites. Keep in mind that once your data appears on our leak site, it could be bought by your competitors at any second, so don't hesitate for a --- We are the RansomHub. Your company Servers are locked and Data has been taken to our servers. This is serious. Good news: - your server system and data will be restored by our Decryption Tool; - for now, your data is secured and safely stored on our server; - nobody in the world is aware about the data leak from your company except you and RansomHub team; FAQs: Who we are? - Normal Browser Links: https://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion.ly/ - Tor Browser Links:

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Ranzy

High Risk

Ranzy is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Your servers is LOCKED. Do not try to use other software. You can contact us directly for further instructions through emails: [email protected] [email protected] In subject write your key (below). Recovery information: key: {PATTERN_ID} personal id: {UID} Sample ransom note: Your servers is LOCKED. Do not try to use other software. You can contact us directly for further instructions through emails: [email protected] [email protected] In subject write your key (below). Recovery information: key: {PATTERN_ID} personal id: {UID} Sample ransom note: Your servers is LOCKED. Do not try to use other software. You can contact us directly for further instructions through emails: [email protected] [email protected] In subject write your key (below). Recovery information: key: {PATTERN_ID} personal id: {UID}

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Raworld

High Risk

Raworld is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: # RA World ---- ## Notification Your data are stolen and encrypted when you read this letter. We have copied all data to our server. Don't worry, your data will not be made public if you do what I want. But if you don't pay, we will release the data, contact your customers and regulators and destroy your system again. We can decrypt some files to prove that the decrypt tool works correctly. ## What we want? Contact us, pay for ransom. If you pay, we will provide you the programs for decryption Sample ransom note: # RA World ---- ## Notification Your data are stolen and encrypted when you read this letter. We have copied all data to our server. Don't worry, your data will not be made public if you do what I want. But if you don't pay, we will release the data, contact your customers and regulators and destroy your system again. We can decrypt some files to prove that the decrypt tool works correctly. ## What we want? Contact us, pay for ransom. If you pay, we will provide you the programs for decryption Sample ransom note: # RA World ---- ## Notification Your data are stolen and encrypted when you read this letter. We have copied all data to our server. Don't worry, your data will not be made public if you do what I want. But if you don't pay, we will release the data, contact your customers and regulators and destroy your system again. We can decrypt some files to prove that the decrypt tool works correctly. ## What we want? Contact us, pay for ransom. If you pay, we will provide you the programs for decryption

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Redalert

High Risk

Redalert is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Hello, [snip] Your network was penterated We have encrypted your files and stole large amount of sensitive data, including: - NDA contracts and data - Financial documents, payrolls, bank statements - Employee data, personal documents, SSN, DL, CC - Customer data, contracts, purchase agreements, etc. - Credentials to local and remote devices And more... Encryption is reverssible process, your data can be easily recovered with our help We offer you to purchase special decryption software, payme Sample ransom note: Hello, [snip] Your network was penterated We have encrypted your files and stole large amount of sensitive data, including: - NDA contracts and data - Financial documents, payrolls, bank statements - Employee data, personal documents, SSN, DL, CC - Customer data, contracts, purchase agreements, etc. - Credentials to local and remote devices And more... Encryption is reverssible process, your data can be easily recovered with our help We offer you to purchase special decryption software, payme Sample ransom note: Hello, [snip] Your network was penterated We have encrypted your files and stole large amount of sensitive data, including: - NDA contracts and data - Financial documents, payrolls, bank statements - Employee data, personal documents, SSN, DL, CC - Customer data, contracts, purchase agreements, etc. - Credentials to local and remote devices And more... Encryption is reverssible process, your data can be easily recovered with our help We offer you to purchase special decryption software, payme

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Relic

High Risk

Relic is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: <pre> [ Welcome to Relic Project ] (\__/) (='.'=) E[:]|||||[:]З (")_(") >>> WHAT'S HAPPENED? [ WE Sample ransom note: <pre> [ Welcome to Relic Project ] (\__/) (='.'=) E[:]|||||[:]З (")_(") >>> WHAT'S HAPPENED? [ WE Sample ransom note: <pre> [ Welcome to Relic Project ] (\__/) (='.'=) E[:]|||||[:]З (")_(") >>> WHAT'S HAPPENED? [ WE

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Revil

High Risk

Revil is a ransomware variant with 3 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension {EXT}. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not c --- ---=== Welcome. Again. ===--- We strongly encourage You to pay your attention to this message and read it to the end. All Your files are encrypted, and currently unavailable, now all files on your system has extension {EXT} Before that, all of your most important personal and business files were backed up to our secure offline storage. We took them for temporary storage - but we don't need your files and we are not personally interested in your business. Our encryption algorithm is the mo --- ---=== Welcome. Again. ===--- >> Whats Happen Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension lgzcfcr. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). >> What guarantees Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with Sample ransom note: ---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension {EXT}. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not c --- ---=== Welcome. Again. ===--- We strongly encourage You to pay your attention to this message and read it to the end. All Your files are encrypted, and currently unavailable, now all files on your system has extension {EXT} Before that, all of your most important personal and business files were backed up to our secure offline storage. We took them for temporary storage - but we don't need your files and we are not personally interested in your business. Our encryption algorithm is the mo --- ---=== Welcome. Again. ===--- >> Whats Happen Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension lgzcfcr. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). >> What guarantees Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with Sample ransom note: ---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension {EXT}. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not c --- ---=== Welcome. Again. ===--- We strongly encourage You to pay your attention to this message and read it to the end. All Your files are encrypted, and currently unavailable, now all files on your system has extension {EXT} Before that, all of your most important personal and business files were backed up to our secure offline storage. We took them for temporary storage - but we don't need your files and we are not personally interested in your business. Our encryption algorithm is the mo --- ---=== Welcome. Again. ===--- >> Whats Happen Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension lgzcfcr. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). >> What guarantees Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Rhysida

High Risk

Rhysida is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Critical Breach Detected - Immediate Response Required Dear company, This is an automated alert from cybersecurity team Rhysida. An unfortunate situation has arisen - your digital ecosystem has been compromised, and a substantial amount of confidential data has been exfiltrated from your network. The potential ramifications of this could be dire, including the sale, publication, or distribution of your data to competitors or media outlets. This could inflict significant reputational and financ Sample ransom note: Critical Breach Detected - Immediate Response Required Dear company, This is an automated alert from cybersecurity team Rhysida. An unfortunate situation has arisen - your digital ecosystem has been compromised, and a substantial amount of confidential data has been exfiltrated from your network. The potential ramifications of this could be dire, including the sale, publication, or distribution of your data to competitors or media outlets. This could inflict significant reputational and financ Sample ransom note: Critical Breach Detected - Immediate Response Required Dear company, This is an automated alert from cybersecurity team Rhysida. An unfortunate situation has arisen - your digital ecosystem has been compromised, and a substantial amount of confidential data has been exfiltrated from your network. The potential ramifications of this could be dire, including the sale, publication, or distribution of your data to competitors or media outlets. This could inflict significant reputational and financ

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Risen

High Risk

Risen is a ransomware variant with 4 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: RisenNote : Read this text file carefully. We have penetrated your whole network due some critical security issues. We have encrypted all of your files on each host in the network within strong algorithm. We have also Took your critical data such as docs, images, engineering data, accounting data, customers and ... And trust me, we exactly know what should we collect in case of NO corporation until the end of the deadline we WILL leak or sell your data, the only way to stop this process i --- <doctype html><html><head><hta:application applicationname="Application Name" border="none" caption="No" contextmenu="No" maximizebutton="No" minimizebutton="No" navigable="No" scroll="Yes" selection="No" showintaskbar="No" windowstate="Maximize"><meta name="viewport" content="width=device-width"><meta http-equiv="x-ua-compatible" content="ie=9"><title>Risen</title><style type="text/css">*{box-sizing:border-box;margin:0;padding:0}body{background-color:#000;margin:0 auto;color:#e2e8f0;padding:1.2 --- <doctype html><html><head><hta:application applicationname="Application Name" border="none" caption="No" contextmenu="No" maximizebutton="No" minimizebutton="No" navigable="No" scroll="Yes" selection="No" showintaskbar="No" windowstate="Maximize"><meta name="viewport" content="width=device-width"><meta http-equiv="x-ua-compatible" content="ie=9"><title>Risen</title><style type="text/css">*{box-sizing:border-box;margin:0;padding:0}body{background-color:#000;margin:0 auto;color:#e2e8f0;padding:1.2 Sample ransom note: RisenNote : Read this text file carefully. We have penetrated your whole network due some critical security issues. We have encrypted all of your files on each host in the network within strong algorithm. We have also Took your critical data such as docs, images, engineering data, accounting data, customers and ... And trust me, we exactly know what should we collect in case of NO corporation until the end of the deadline we WILL leak or sell your data, the only way to stop this process i --- <doctype html><html><head><hta:application applicationname="Application Name" border="none" caption="No" contextmenu="No" maximizebutton="No" minimizebutton="No" navigable="No" scroll="Yes" selection="No" showintaskbar="No" windowstate="Maximize"><meta name="viewport" content="width=device-width"><meta http-equiv="x-ua-compatible" content="ie=9"><title>Risen</title><style type="text/css">*{box-sizing:border-box;margin:0;padding:0}body{background-color:#000;margin:0 auto;color:#e2e8f0;padding:1.2 --- <doctype html><html><head><hta:application applicationname="Application Name" border="none" caption="No" contextmenu="No" maximizebutton="No" minimizebutton="No" navigable="No" scroll="Yes" selection="No" showintaskbar="No" windowstate="Maximize"><meta name="viewport" content="width=device-width"><meta http-equiv="x-ua-compatible" content="ie=9"><title>Risen</title><style type="text/css">*{box-sizing:border-box;margin:0;padding:0}body{background-color:#000;margin:0 auto;color:#e2e8f0;padding:1.2 Sample ransom note: RisenNote : Read this text file carefully. We have penetrated your whole network due some critical security issues. We have encrypted all of your files on each host in the network within strong algorithm. We have also Took your critical data such as docs, images, engineering data, accounting data, customers and ... And trust me, we exactly know what should we collect in case of NO corporation until the end of the deadline we WILL leak or sell your data, the only way to stop this process i --- <doctype html><html><head><hta:application applicationname="Application Name" border="none" caption="No" contextmenu="No" maximizebutton="No" minimizebutton="No" navigable="No" scroll="Yes" selection="No" showintaskbar="No" windowstate="Maximize"><meta name="viewport" content="width=device-width"><meta http-equiv="x-ua-compatible" content="ie=9"><title>Risen</title><style type="text/css">*{box-sizing:border-box;margin:0;padding:0}body{background-color:#000;margin:0 auto;color:#e2e8f0;padding:1.2 --- <doctype html><html><head><hta:application applicationname="Application Name" border="none" caption="No" contextmenu="No" maximizebutton="No" minimizebutton="No" navigable="No" scroll="Yes" selection="No" showintaskbar="No" windowstate="Maximize"><meta name="viewport" content="width=device-width"><meta http-equiv="x-ua-compatible" content="ie=9"><title>Risen</title><style type="text/css">*{box-sizing:border-box;margin:0;padding:0}body{background-color:#000;margin:0 auto;color:#e2e8f0;padding:1.2

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Rook

High Risk

Rook is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: -----------Welcome. Again. -------------------- [+]Whats Happen?[+] Your files are encrypted,and currently unavailable. You can check it: all files on you computer has expansion robet. By the way,everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees?[+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nob Sample ransom note: -----------Welcome. Again. -------------------- [+]Whats Happen?[+] Your files are encrypted,and currently unavailable. You can check it: all files on you computer has expansion robet. By the way,everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees?[+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nob Sample ransom note: -----------Welcome. Again. -------------------- [+]Whats Happen?[+] Your files are encrypted,and currently unavailable. You can check it: all files on you computer has expansion robet. By the way,everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees?[+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nob

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Royal

High Risk

Royal is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Hello! If you are reading this, it means that your system were hit by Royal ransomware. Please contact us via : http://royal2xthig3ou5hd7zsliqagy6yygk2cdelaxtni2fyad6dpmpxedid.onion/[snip] In the meantime, let us explain this case.It may seem complicated, but it is not! Most likely what happened was that you decided to save some money on your security infrastructure. Alas, as a result your critical data was not only encrypted but also copied from your systems on a secure server. From there Sample ransom note: Hello! If you are reading this, it means that your system were hit by Royal ransomware. Please contact us via : http://royal2xthig3ou5hd7zsliqagy6yygk2cdelaxtni2fyad6dpmpxedid.onion/[snip] In the meantime, let us explain this case.It may seem complicated, but it is not! Most likely what happened was that you decided to save some money on your security infrastructure. Alas, as a result your critical data was not only encrypted but also copied from your systems on a secure server. From there Sample ransom note: Hello! If you are reading this, it means that your system were hit by Royal ransomware. Please contact us via : http://royal2xthig3ou5hd7zsliqagy6yygk2cdelaxtni2fyad6dpmpxedid.onion/[snip] In the meantime, let us explain this case.It may seem complicated, but it is not! Most likely what happened was that you decided to save some money on your security infrastructure. Alas, as a result your critical data was not only encrypted but also copied from your systems on a secure server. From there

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Rtmlocker

High Risk

Rtmlocker is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: !!! Your network is infected by the RTM Locker command!!! All your documents, photos, reports, customer and employee data, databases and other important files are encrypted and you cannot decrypt them yourself. They are also on our servers! But don't worry, we will help you recover all your files! The only way to recover your files is to buy our dedicated software. Only we can provide you with this software, and only we can recover your files! You can contact us by downloading and installing the Sample ransom note: !!! Your network is infected by the RTM Locker command!!! All your documents, photos, reports, customer and employee data, databases and other important files are encrypted and you cannot decrypt them yourself. They are also on our servers! But don't worry, we will help you recover all your files! The only way to recover your files is to buy our dedicated software. Only we can provide you with this software, and only we can recover your files! You can contact us by downloading and installing the Sample ransom note: !!! Your network is infected by the RTM Locker command!!! All your documents, photos, reports, customer and employee data, databases and other important files are encrypted and you cannot decrypt them yourself. They are also on our servers! But don't worry, we will help you recover all your files! The only way to recover your files is to buy our dedicated software. Only we can provide you with this software, and only we can recover your files! You can contact us by downloading and installing the

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Ryuk

Low Risk

Ryuk is a sophisticated ransomware that targets large organizations for high-value payments.

View Details

File Extensions

.ryk, .RYK

Indicators

Ransom note named "RyukReadMe.txt" with Bitcoin wallet addresses. Sample ransom note: Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted or deleted or backup disks were formatted. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation No decryption software is available in the public. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME OR MOVE the encrypted and readme fi Sample ransom note: Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted or deleted or backup disks were formatted. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation No decryption software is available in the public. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME OR MOVE the encrypted and readme fi Sample ransom note: Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted or deleted or backup disks were formatted. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation No decryption software is available in the public. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME OR MOVE the encrypted and readme fi

Recovery Options

No free decryptors available. Professional data recovery services highly recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Safepay

High Risk

Safepay is a ransomware variant with 2 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Greetings! Your corporate network was attacked by SafePay team. Your IT specialists made a number of mistakes in setting up the security of your corporate network, so we were able to spend quite a long period of time in it and compromise you. It wa --- Greetings! Your corporate network was attacked by SafePay team. Your IT specialists made a number of mistakes in setting up the security of your corporate network, so we were able to spend quite a long period of time in it and compromise you. It was the misconfiguration of your network that allowed our experts to attack you, so treat this situation as simply as a paid training session for your system administrators. We ve spent the time analyzing your data, including all the sensitive and confid Sample ransom note: Greetings! Your corporate network was attacked by SafePay team. Your IT specialists made a number of mistakes in setting up the security of your corporate network, so we were able to spend quite a long period of time in it and compromise you. It wa --- Greetings! Your corporate network was attacked by SafePay team. Your IT specialists made a number of mistakes in setting up the security of your corporate network, so we were able to spend quite a long period of time in it and compromise you. It was the misconfiguration of your network that allowed our experts to attack you, so treat this situation as simply as a paid training session for your system administrators. We ve spent the time analyzing your data, including all the sensitive and confid Sample ransom note: Greetings! Your corporate network was attacked by SafePay team. Your IT specialists made a number of mistakes in setting up the security of your corporate network, so we were able to spend quite a long period of time in it and compromise you. It wa --- Greetings! Your corporate network was attacked by SafePay team. Your IT specialists made a number of mistakes in setting up the security of your corporate network, so we were able to spend quite a long period of time in it and compromise you. It was the misconfiguration of your network that allowed our experts to attack you, so treat this situation as simply as a paid training session for your system administrators. We ve spent the time analyzing your data, including all the sensitive and confid

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Satancd

High Risk

Satancd is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Your files has been encrypted By SatanCD and you won't be able to decrypt them without our help What can I do to get my files back You can buy our special decryption software, this software will allow you to recover all of your data and remove the ransomware from your computer The price for the software is $5,063 can be made in bitcoin only Please Contact Us At Gmail: [email protected] Or Join us in Private Chat http://mzg4llxp4kaf4qq5s4hlentf45rjda3mzev3j6hlh2endarc2k6z6oyd.onion/satanc Sample ransom note: Your files has been encrypted By SatanCD and you won't be able to decrypt them without our help What can I do to get my files back You can buy our special decryption software, this software will allow you to recover all of your data and remove the ransomware from your computer The price for the software is $5,063 can be made in bitcoin only Please Contact Us At Gmail: [email protected] Or Join us in Private Chat http://mzg4llxp4kaf4qq5s4hlentf45rjda3mzev3j6hlh2endarc2k6z6oyd.onion/satanc Sample ransom note: Your files has been encrypted By SatanCD and you won't be able to decrypt them without our help What can I do to get my files back You can buy our special decryption software, this software will allow you to recover all of your data and remove the ransomware from your computer The price for the software is $5,063 can be made in bitcoin only Please Contact Us At Gmail: [email protected] Or Join us in Private Chat http://mzg4llxp4kaf4qq5s4hlentf45rjda3mzev3j6hlh2endarc2k6z6oyd.onion/satanc

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Schoolboys

High Risk

Schoolboys is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: >>>> Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom Links for Tor Browser: https://pnanlicgxkku2aonwsg2fwid3maycsso7joqnzp66wkfemzdk7ahsdid.onion Your personal password for communication: [snip] >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete you Sample ransom note: >>>> Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom Links for Tor Browser: https://pnanlicgxkku2aonwsg2fwid3maycsso7joqnzp66wkfemzdk7ahsdid.onion Your personal password for communication: [snip] >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete you Sample ransom note: >>>> Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom Links for Tor Browser: https://pnanlicgxkku2aonwsg2fwid3maycsso7joqnzp66wkfemzdk7ahsdid.onion Your personal password for communication: [snip] >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete you

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Sensayq

High Risk

Sensayq is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Dear managment! ---Welcome! Your are locked by SenSayQ!--- If you are reading this message, means that: * Your network infrastructures have been compromized! * Critical data has leaked! * Files are encrypted! ----------------------------------------------------------------------- The best and only thing you can do is to contact us to settle the matter before any losses occurs. ----------------------------------------------------------------------- 1. If you modify files - our de Sample ransom note: Dear managment! ---Welcome! Your are locked by SenSayQ!--- If you are reading this message, means that: * Your network infrastructures have been compromized! * Critical data has leaked! * Files are encrypted! ----------------------------------------------------------------------- The best and only thing you can do is to contact us to settle the matter before any losses occurs. ----------------------------------------------------------------------- 1. If you modify files - our de Sample ransom note: Dear managment! ---Welcome! Your are locked by SenSayQ!--- If you are reading this message, means that: * Your network infrastructures have been compromized! * Critical data has leaked! * Files are encrypted! ----------------------------------------------------------------------- The best and only thing you can do is to contact us to settle the matter before any losses occurs. ----------------------------------------------------------------------- 1. If you modify files - our de

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Shadow

High Risk

Shadow is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ▄▄▄▄▄▄▄ ▄▄ ▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄ ▄ █ █ █ █ █ ██ █ █ ▄ █ █ █ ▄▄▄▄▄█ █▄█ █ ▄ █ ▄ █ ▄ █ ██ ██ █ █ █▄▄▄▄▄█ █ █▄█ █ █ █ █ █ █ █ █ █▄▄▄▄▄ █ ▄ █ █ █▄█ █ █▄█ █ █ ▄▄▄▄▄█ █ █ █ █ ▄ █ █ █ ▄ █ █▄▄▄▄▄▄▄█▄▄█ █▄▄█▄█ █▄▄█▄▄▄▄▄▄██▄▄▄▄▄▄▄█▄▄█ █▄▄█ ⠀⠀⠀⠀⠀⠀⠀⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ Sample ransom note: ▄▄▄▄▄▄▄ ▄▄ ▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄ ▄ █ █ █ █ █ ██ █ █ ▄ █ █ █ ▄▄▄▄▄█ █▄█ █ ▄ █ ▄ █ ▄ █ ██ ██ █ █ █▄▄▄▄▄█ █ █▄█ █ █ █ █ █ █ █ █ █▄▄▄▄▄ █ ▄ █ █ █▄█ █ █▄█ █ █ ▄▄▄▄▄█ █ █ █ █ ▄ █ █ █ ▄ █ █▄▄▄▄▄▄▄█▄▄█ █▄▄█▄█ █▄▄█▄▄▄▄▄▄██▄▄▄▄▄▄▄█▄▄█ █▄▄█ ⠀⠀⠀⠀⠀⠀⠀⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ Sample ransom note: ▄▄▄▄▄▄▄ ▄▄ ▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄ ▄ █ █ █ █ █ ██ █ █ ▄ █ █ █ ▄▄▄▄▄█ █▄█ █ ▄ █ ▄ █ ▄ █ ██ ██ █ █ █▄▄▄▄▄█ █ █▄█ █ █ █ █ █ █ █ █ █▄▄▄▄▄ █ ▄ █ █ █▄█ █ █▄█ █ █ ▄▄▄▄▄█ █ █ █ █ ▄ █ █ █ ▄ █ █▄▄▄▄▄▄▄█▄▄█ █▄▄█▄█ █▄▄█▄▄▄▄▄▄██▄▄▄▄▄▄▄█▄▄█ █▄▄█ ⠀⠀⠀⠀⠀⠀⠀⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Slug

High Risk

Slug is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: All your files were stolen by us We stole a 1T file from this location [snip] Contact us for get price You have 3 days to contact us for negotiation. "If you don't contact within three days, we'll start leaking data." 1) Contact our session. session download address: https://getsession.org/ Our poison ID: 05cb63af9848ae85a0016581a14a9848d516ed2f9fcb4f98a081363c48ee7f570b * Note that this server is available via Tor browser only Follow the instructions to open the link: "1. Type the addres Sample ransom note: All your files were stolen by us We stole a 1T file from this location [snip] Contact us for get price You have 3 days to contact us for negotiation. "If you don't contact within three days, we'll start leaking data." 1) Contact our session. session download address: https://getsession.org/ Our poison ID: 05cb63af9848ae85a0016581a14a9848d516ed2f9fcb4f98a081363c48ee7f570b * Note that this server is available via Tor browser only Follow the instructions to open the link: "1. Type the addres Sample ransom note: All your files were stolen by us We stole a 1T file from this location [snip] Contact us for get price You have 3 days to contact us for negotiation. "If you don't contact within three days, we'll start leaking data." 1) Contact our session. session download address: https://getsession.org/ Our poison ID: 05cb63af9848ae85a0016581a14a9848d516ed2f9fcb4f98a081363c48ee7f570b * Note that this server is available via Tor browser only Follow the instructions to open the link: "1. Type the addres

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Snatch

High Risk

Snatch is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Hello! All your files are encrypted and only we can decrypt them. We have downloaded more that 500GB of sensitive data from your company servers. Contact us: [email protected] or [email protected] Write us if you want to return your files - we can do it very quickly! The header of letter must contain extension of encrypted files. We always reply within 24 hours. If not - check spam folder, resend your letter or try send letter from another email service (like protonmail.com). Sample ransom note: Hello! All your files are encrypted and only we can decrypt them. We have downloaded more that 500GB of sensitive data from your company servers. Contact us: [email protected] or [email protected] Write us if you want to return your files - we can do it very quickly! The header of letter must contain extension of encrypted files. We always reply within 24 hours. If not - check spam folder, resend your letter or try send letter from another email service (like protonmail.com). Sample ransom note: Hello! All your files are encrypted and only we can decrypt them. We have downloaded more that 500GB of sensitive data from your company servers. Contact us: [email protected] or [email protected] Write us if you want to return your files - we can do it very quickly! The header of letter must contain extension of encrypted files. We always reply within 24 hours. If not - check spam folder, resend your letter or try send letter from another email service (like protonmail.com).

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Stop

High Risk

Stop is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain val Sample ransom note: ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain val Sample ransom note: ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain val

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Sugar

High Risk

Sugar is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension .encoded01. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its Sample ransom note: [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension .encoded01. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its Sample ransom note: [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension .encoded01. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Suncrypt

High Risk

Suncrypt is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: <!DOCTYPE html> <html lang="en"> <head> <meta charset='utf-8'> <meta name='viewport' content='width=device-width,initial-scale=1'> <title></title> <style> html, body { background-color: #1a1a1a; } body { padding-top: 3rem !important; } #text h2 { color: white; font-size: 2rem; font-weight: 600; line-height: 1.125; } .tabs { -webkit-overflow-scrolling: touch; align-items: stretch; display: flex; font Sample ransom note: <!DOCTYPE html> <html lang="en"> <head> <meta charset='utf-8'> <meta name='viewport' content='width=device-width,initial-scale=1'> <title></title> <style> html, body { background-color: #1a1a1a; } body { padding-top: 3rem !important; } #text h2 { color: white; font-size: 2rem; font-weight: 600; line-height: 1.125; } .tabs { -webkit-overflow-scrolling: touch; align-items: stretch; display: flex; font Sample ransom note: <!DOCTYPE html> <html lang="en"> <head> <meta charset='utf-8'> <meta name='viewport' content='width=device-width,initial-scale=1'> <title></title> <style> html, body { background-color: #1a1a1a; } body { padding-top: 3rem !important; } #text h2 { color: white; font-size: 2rem; font-weight: 600; line-height: 1.125; } .tabs { -webkit-overflow-scrolling: touch; align-items: stretch; display: flex; font

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Synapse

High Risk

Synapse is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: [[=== Synapse Ransomware ===]] [+] What's happened? All your files are encrypted and stolen, but you need to follow our instructions. otherwise, you cant return your data (NEVER). [+] What guarantees? Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, we decrypt one file for free. That is our guarantee. I Sample ransom note: [[=== Synapse Ransomware ===]] [+] What's happened? All your files are encrypted and stolen, but you need to follow our instructions. otherwise, you cant return your data (NEVER). [+] What guarantees? Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, we decrypt one file for free. That is our guarantee. I Sample ransom note: [[=== Synapse Ransomware ===]] [+] What's happened? All your files are encrypted and stolen, but you need to follow our instructions. otherwise, you cant return your data (NEVER). [+] What guarantees? Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, we decrypt one file for free. That is our guarantee. I

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Targetcompany

High Risk

Targetcompany is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Your personal identifier: [snip] All files on [snip] network have been encrypted due to insufficient security. The only way to quickly and reliably regain access to your files is to contact us. The price depends on how fast you write to us. In other cases, you risk losing your time and access to data. Usually time is much more valuable than money. FAQ Q: How to contact us A: * Download Tor Browser - https://www.torproject.org/ * Open link in Tor Browser http://eghv5cpdsmuj5e6tpyjk5icgq642hq Sample ransom note: Your personal identifier: [snip] All files on [snip] network have been encrypted due to insufficient security. The only way to quickly and reliably regain access to your files is to contact us. The price depends on how fast you write to us. In other cases, you risk losing your time and access to data. Usually time is much more valuable than money. FAQ Q: How to contact us A: * Download Tor Browser - https://www.torproject.org/ * Open link in Tor Browser http://eghv5cpdsmuj5e6tpyjk5icgq642hq Sample ransom note: Your personal identifier: [snip] All files on [snip] network have been encrypted due to insufficient security. The only way to quickly and reliably regain access to your files is to contact us. The price depends on how fast you write to us. In other cases, you risk losing your time and access to data. Usually time is much more valuable than money. FAQ Q: How to contact us A: * Download Tor Browser - https://www.torproject.org/ * Open link in Tor Browser http://eghv5cpdsmuj5e6tpyjk5icgq642hq

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Teslacrypt

High Risk

Teslacrypt is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA4096 More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA4096 KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Inter Sample ransom note: NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA4096 More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA4096 KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Inter Sample ransom note: NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA4096 More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA4096 KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Inter

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Thor

High Risk

Thor is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: We are #======THOR======# -=[ YOUR FILES ARE LOCKED ]=- >>> Your data is ENCRYPTED. Without our key, decryption is IMPOSSIBLE. -=[ DANGER ]=- >>> Don't try to recover, delete, or modify files – this DESTROYS them. Contacting authorities = TOTAL DATA LOSS. -=[ OUR OFFER ]=- >>> We do not want to make this public or spread your confidential information, we are only interested in deal. >>> We’ll decrypt SOME FILES FREE and restore your system. >>> We are open for discussions and additional d Sample ransom note: We are #======THOR======# -=[ YOUR FILES ARE LOCKED ]=- >>> Your data is ENCRYPTED. Without our key, decryption is IMPOSSIBLE. -=[ DANGER ]=- >>> Don't try to recover, delete, or modify files – this DESTROYS them. Contacting authorities = TOTAL DATA LOSS. -=[ OUR OFFER ]=- >>> We do not want to make this public or spread your confidential information, we are only interested in deal. >>> We’ll decrypt SOME FILES FREE and restore your system. >>> We are open for discussions and additional d Sample ransom note: We are #======THOR======# -=[ YOUR FILES ARE LOCKED ]=- >>> Your data is ENCRYPTED. Without our key, decryption is IMPOSSIBLE. -=[ DANGER ]=- >>> Don't try to recover, delete, or modify files – this DESTROYS them. Contacting authorities = TOTAL DATA LOSS. -=[ OUR OFFER ]=- >>> We do not want to make this public or spread your confidential information, we are only interested in deal. >>> We’ll decrypt SOME FILES FREE and restore your system. >>> We are open for discussions and additional d

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Tommyleaks

High Risk

Tommyleaks is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: --- Hi dears! This is TommyLeaks team and it is pleasure for us to inform you that your company network has been breached. We have stolen your files and documents and exfiltrated only the most sensitive and useful information from that. First of all, remain calm and do not undertake any hasty actions at that moment if you want to save your reputation and avoid any bad scenarios: - do not go to the authorities. They will perhaps confiscate your PCs and other IT equipment and will not prevent th Sample ransom note: --- Hi dears! This is TommyLeaks team and it is pleasure for us to inform you that your company network has been breached. We have stolen your files and documents and exfiltrated only the most sensitive and useful information from that. First of all, remain calm and do not undertake any hasty actions at that moment if you want to save your reputation and avoid any bad scenarios: - do not go to the authorities. They will perhaps confiscate your PCs and other IT equipment and will not prevent th Sample ransom note: --- Hi dears! This is TommyLeaks team and it is pleasure for us to inform you that your company network has been breached. We have stolen your files and documents and exfiltrated only the most sensitive and useful information from that. First of all, remain calm and do not undertake any hasty actions at that moment if you want to save your reputation and avoid any bad scenarios: - do not go to the authorities. They will perhaps confiscate your PCs and other IT equipment and will not prevent th

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Trigona

High Risk

Trigona is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <title>ENCRYPTED</title> <hta:application showInTaskBar="no" APPLICATION="yes" ICON='msiexec.exe' SINGLEINSTANCE='yes' SysMenu="no" applicationname="ENCRYPTED" border="thick" contexmenu="no" scroll="no" selection="yes" singleinstance="yes" windowstate="normal" MAXIMIZEBUTTON="NO" BORDER="DIALOG" width="100" height="100" MINIMIZEBUTTON="NO"></hta:application> <script language="JavaScript Sample ransom note: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <title>ENCRYPTED</title> <hta:application showInTaskBar="no" APPLICATION="yes" ICON='msiexec.exe' SINGLEINSTANCE='yes' SysMenu="no" applicationname="ENCRYPTED" border="thick" contexmenu="no" scroll="no" selection="yes" singleinstance="yes" windowstate="normal" MAXIMIZEBUTTON="NO" BORDER="DIALOG" width="100" height="100" MINIMIZEBUTTON="NO"></hta:application> <script language="JavaScript Sample ransom note: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <title>ENCRYPTED</title> <hta:application showInTaskBar="no" APPLICATION="yes" ICON='msiexec.exe' SINGLEINSTANCE='yes' SysMenu="no" applicationname="ENCRYPTED" border="thick" contexmenu="no" scroll="no" selection="yes" singleinstance="yes" windowstate="normal" MAXIMIZEBUTTON="NO" BORDER="DIALOG" width="100" height="100" MINIMIZEBUTTON="NO"></hta:application> <script language="JavaScript

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Trinity

High Risk

Trinity is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: TRINITY LOCKER We downloaded to our servers and encrypted all your databases and personal information! to contact us download TOR https://www.torproject.org/download/ follow this link http://txtggyng5euqkyzl2knbejwpm4rlq575jn2egqldu27osbqytrj6ruyd.onion follow the instructions on the website or e-mail: [email protected] IMPORTANT INFORMATION! If you do not write to us within 24 hours, we will start publishing and selling your data on the darknet on hacker sites and offer the information Sample ransom note: TRINITY LOCKER We downloaded to our servers and encrypted all your databases and personal information! to contact us download TOR https://www.torproject.org/download/ follow this link http://txtggyng5euqkyzl2knbejwpm4rlq575jn2egqldu27osbqytrj6ruyd.onion follow the instructions on the website or e-mail: [email protected] IMPORTANT INFORMATION! If you do not write to us within 24 hours, we will start publishing and selling your data on the darknet on hacker sites and offer the information Sample ransom note: TRINITY LOCKER We downloaded to our servers and encrypted all your databases and personal information! to contact us download TOR https://www.torproject.org/download/ follow this link http://txtggyng5euqkyzl2knbejwpm4rlq575jn2egqldu27osbqytrj6ruyd.onion follow the instructions on the website or e-mail: [email protected] IMPORTANT INFORMATION! If you do not write to us within 24 hours, we will start publishing and selling your data on the darknet on hacker sites and offer the information

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

U-Bomb

High Risk

U-Bomb is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: +++ YOUR COMPANY NETWORK HAS BEEN PENETRATED +++ All your important files have been encrypted! No software available on internet can help you. We are the only ones able to solve your problem. Your sensitive data are currently stored on a private server. This server will be immediately destroyed after your payment. If you decide to not pay, we will release your data to public or re-seller. So you can expect your data to be publicly available in the near future. You will can send us 3 files an Sample ransom note: +++ YOUR COMPANY NETWORK HAS BEEN PENETRATED +++ All your important files have been encrypted! No software available on internet can help you. We are the only ones able to solve your problem. Your sensitive data are currently stored on a private server. This server will be immediately destroyed after your payment. If you decide to not pay, we will release your data to public or re-seller. So you can expect your data to be publicly available in the near future. You will can send us 3 files an Sample ransom note: +++ YOUR COMPANY NETWORK HAS BEEN PENETRATED +++ All your important files have been encrypted! No software available on internet can help you. We are the only ones able to solve your problem. Your sensitive data are currently stored on a private server. This server will be immediately destroyed after your payment. If you decide to not pay, we will release your data to public or re-seller. So you can expect your data to be publicly available in the near future. You will can send us 3 files an

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Underground

High Risk

Underground is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: The Underground team welcomes you! We would like to inform that your network has been tested by us for vulnerabilities. Poor network security could cause your data to be lost forever. Your files are currently encrypted, they can be restored to their original state with a decryptor key that only we have. The key is in a single copy on our server. Attempting to recover data by your own efforts may result in data loss. It is important not to change their current state. Each file additionally h Sample ransom note: The Underground team welcomes you! We would like to inform that your network has been tested by us for vulnerabilities. Poor network security could cause your data to be lost forever. Your files are currently encrypted, they can be restored to their original state with a decryptor key that only we have. The key is in a single copy on our server. Attempting to recover data by your own efforts may result in data loss. It is important not to change their current state. Each file additionally h Sample ransom note: The Underground team welcomes you! We would like to inform that your network has been tested by us for vulnerabilities. Poor network security could cause your data to be lost forever. Your files are currently encrypted, they can be restored to their original state with a decryptor key that only we have. The key is in a single copy on our server. Attempting to recover data by your own efforts may result in data loss. It is important not to change their current state. Each file additionally h

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Vanhelsing

High Risk

Vanhelsing is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: --= No news is a good news ! =-- Your network has been breached and all your files Personal data, financial reports and important documents has been stolen , encrypted and ready to publish to public, if you willing to continue your bussines and make more money and keep bussines secret safe you need to restore your files first, And to restore all your files you have to pay the ransom in Bitcoin. don't bother your self and wast your time or make it more harder on your bussines , we developed Sample ransom note: --= No news is a good news ! =-- Your network has been breached and all your files Personal data, financial reports and important documents has been stolen , encrypted and ready to publish to public, if you willing to continue your bussines and make more money and keep bussines secret safe you need to restore your files first, And to restore all your files you have to pay the ransom in Bitcoin. don't bother your self and wast your time or make it more harder on your bussines , we developed Sample ransom note: --= No news is a good news ! =-- Your network has been breached and all your files Personal data, financial reports and important documents has been stolen , encrypted and ready to publish to public, if you willing to continue your bussines and make more money and keep bussines secret safe you need to restore your files first, And to restore all your files you have to pay the ransom in Bitcoin. don't bother your self and wast your time or make it more harder on your bussines , we developed

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Vicesociety

High Risk

Vicesociety is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: ALL YOUR FILES HAVE BEEN ENCRYPTED BY VICE SOCIETY All your important documents, photos, databases were stolen and encrypted. If you do not contact us in 7 days we will upload your files to darknet! The only method of recovering files is to purchase an unique private key. We are the only who can give you tool to recover your files. To proove that we have the key and it works you can send us 2 files and we decrypt it for free (not more than 2 MB each). This file should be not valuable! W Sample ransom note: ALL YOUR FILES HAVE BEEN ENCRYPTED BY VICE SOCIETY All your important documents, photos, databases were stolen and encrypted. If you do not contact us in 7 days we will upload your files to darknet! The only method of recovering files is to purchase an unique private key. We are the only who can give you tool to recover your files. To proove that we have the key and it works you can send us 2 files and we decrypt it for free (not more than 2 MB each). This file should be not valuable! W Sample ransom note: ALL YOUR FILES HAVE BEEN ENCRYPTED BY VICE SOCIETY All your important documents, photos, databases were stolen and encrypted. If you do not contact us in 7 days we will upload your files to darknet! The only method of recovering files is to purchase an unique private key. We are the only who can give you tool to recover your files. To proove that we have the key and it works you can send us 2 files and we decrypt it for free (not more than 2 MB each). This file should be not valuable! W

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Vohuk

High Risk

Vohuk is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: [~] Vohuk Ransomware V1.51 >>> What's happened? ALL YOUR FILES ARE STOLEN AND ENCRYPTED. To recovery your data and not to allow data leakage, it is possible only through purchase of a private key from us. >>> What guarantees? Before paying you can send us up to 2 files for free decryption. The total size of files must be less than 2MB(non archived). files should not contain valuable information. (databases, backups, large excel sheets, etc.) >>> CONTACT US: Please write an email to both Sample ransom note: [~] Vohuk Ransomware V1.51 >>> What's happened? ALL YOUR FILES ARE STOLEN AND ENCRYPTED. To recovery your data and not to allow data leakage, it is possible only through purchase of a private key from us. >>> What guarantees? Before paying you can send us up to 2 files for free decryption. The total size of files must be less than 2MB(non archived). files should not contain valuable information. (databases, backups, large excel sheets, etc.) >>> CONTACT US: Please write an email to both Sample ransom note: [~] Vohuk Ransomware V1.51 >>> What's happened? ALL YOUR FILES ARE STOLEN AND ENCRYPTED. To recovery your data and not to allow data leakage, it is possible only through purchase of a private key from us. >>> What guarantees? Before paying you can send us up to 2 files for free decryption. The total size of files must be less than 2MB(non archived). files should not contain valuable information. (databases, backups, large excel sheets, etc.) >>> CONTACT US: Please write an email to both

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Wastedlocker

High Risk

Wastedlocker is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: [snip] YOUR NETWORK IS ENCRYPTED NOW USE [email protected] | [email protected] TO GET THE PRICE FOR YOUR DATA DO NOT GIVE THIS EMAIL TO 3RD PARTIES DO NOT RENAME OR MOVE THE FILE THE FILE IS ENCRYPTED WITH THE FOLLOWING KEY: [begin_key]*[end_key] KEEP IT Sample ransom note: [snip] YOUR NETWORK IS ENCRYPTED NOW USE [email protected] | [email protected] TO GET THE PRICE FOR YOUR DATA DO NOT GIVE THIS EMAIL TO 3RD PARTIES DO NOT RENAME OR MOVE THE FILE THE FILE IS ENCRYPTED WITH THE FOLLOWING KEY: [begin_key]*[end_key] KEEP IT Sample ransom note: [snip] YOUR NETWORK IS ENCRYPTED NOW USE [email protected] | [email protected] TO GET THE PRICE FOR YOUR DATA DO NOT GIVE THIS EMAIL TO 3RD PARTIES DO NOT RENAME OR MOVE THE FILE THE FILE IS ENCRYPTED WITH THE FOLLOWING KEY: [begin_key]*[end_key] KEEP IT

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Xorist

High Risk

Xorist is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: All your important files were encrypted on this computer. You can verify this by click on see files an try open them. Encrtyption was produced using unique KEY generated for this computer. To decrypted files, you need to otbtain private key. The single copy of the private key, with will allow you to decrypt the files, is locate on a secret server on the internet; The server will destroy the key within 24 hours after encryption completed. Payment have to be made in maxim 24 hours To retrieve th Sample ransom note: All your important files were encrypted on this computer. You can verify this by click on see files an try open them. Encrtyption was produced using unique KEY generated for this computer. To decrypted files, you need to otbtain private key. The single copy of the private key, with will allow you to decrypt the files, is locate on a secret server on the internet; The server will destroy the key within 24 hours after encryption completed. Payment have to be made in maxim 24 hours To retrieve th Sample ransom note: All your important files were encrypted on this computer. You can verify this by click on see files an try open them. Encrtyption was produced using unique KEY generated for this computer. To decrypted files, you need to otbtain private key. The single copy of the private key, with will allow you to decrypt the files, is locate on a secret server on the internet; The server will destroy the key within 24 hours after encryption completed. Payment have to be made in maxim 24 hours To retrieve th

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Yanluowang

High Risk

Yanluowang is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Hi, since you are reading this it means you have been hacked. In addition to encrypting all your systems, deleting backups, we also downloaded 2 terabytes of confidential information. Here's what you shouldn't do: 1) Contact the police, fbi or other authorities before the end of our deal 2) Contact the recovery company so that they would conduct dialogues with us. (This can slow down the recovery, and generally put our communication to naught) 3) Do not try to decrypt the files yourself, as Sample ransom note: Hi, since you are reading this it means you have been hacked. In addition to encrypting all your systems, deleting backups, we also downloaded 2 terabytes of confidential information. Here's what you shouldn't do: 1) Contact the police, fbi or other authorities before the end of our deal 2) Contact the recovery company so that they would conduct dialogues with us. (This can slow down the recovery, and generally put our communication to naught) 3) Do not try to decrypt the files yourself, as Sample ransom note: Hi, since you are reading this it means you have been hacked. In addition to encrypting all your systems, deleting backups, we also downloaded 2 terabytes of confidential information. Here's what you shouldn't do: 1) Contact the police, fbi or other authorities before the end of our deal 2) Contact the recovery company so that they would conduct dialogues with us. (This can slow down the recovery, and generally put our communication to naught) 3) Do not try to decrypt the files yourself, as

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Zeon

High Risk

Zeon is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: All of your files are currently encrypted by ZEON strain. All of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value. To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of charge. You can contact our team directly for fur Sample ransom note: All of your files are currently encrypted by ZEON strain. All of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value. To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of charge. You can contact our team directly for fur Sample ransom note: All of your files are currently encrypted by ZEON strain. All of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value. To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of charge. You can contact our team directly for fur

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Unknown

Low Risk

Unknown or unidentified ransomware variant

View Details

File Extensions

Indicators

No specific indicators identified

Recovery Options

Contact professional cybersecurity experts for assistance

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Datacarry

High Risk

Datacarry is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Your network has been attacked. All files have been encrypted with a strong encryption algorithm. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation. No decryption software is available in the public. If you wish to try decryption on your own, do it on a file that does not matter. DO NOT RESET OR SHUTDOWN, files may be damaged. DO NOT RENAME OR MOVE the encrypted and readme files. DO NOT DEL

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Embargo

High Risk

Embargo is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Your network has been chosen for Security Audit by EMBARGO Team. We successfully infiltrated your network, downloaded all important and sensitive documents, files, databases, and encrypted your systems. You must contact us before the deadline 2024-05-21 06:25:37 +0000 UTC, to decrypt your systems and prevent your sensitive information from disclosure on our blog: http://embargobe3n5okxyzqphpmk3moinoap2snz5k6765mvtkk7hhi544jid.onion/ Do not modify any files or file extensions. Your data maybe Sample ransom note: Your network has been chosen for Security Audit by EMBARGO Team. We successfully infiltrated your network, downloaded all important and sensitive documents, files, databases, and encrypted your systems. You must contact us before the deadline 2024-05-21 06:25:37 +0000 UTC, to decrypt your systems and prevent your sensitive information from disclosure on our blog: http://embargobe3n5okxyzqphpmk3moinoap2snz5k6765mvtkk7hhi544jid.onion/ Do not modify any files or file extensions. Your data maybe Sample ransom note: Your network has been chosen for Security Audit by EMBARGO Team. We successfully infiltrated your network, downloaded all important and sensitive documents, files, databases, and encrypted your systems. You must contact us before the deadline 2024-05-21 06:25:37 +0000 UTC, to decrypt your systems and prevent your sensitive information from disclosure on our blog: http://embargobe3n5okxyzqphpmk3moinoap2snz5k6765mvtkk7hhi544jid.onion/ Do not modify any files or file extensions. Your data maybe Sample ransom note: Your network has been chosen for Security Audit by EMBARGO Team. We successfully infiltrated your network, downloaded all important and sensitive documents, files, databases, and encrypted your systems. You must contact us before the deadline 2025-05-25 09:37:19 +0000 UTC, to decrypt your systems and prevent your sensitive information from disclosure on our blog: http://embargobe3n5okxyzqphpmk3moinoap2snz5k6765mvtkk7hhi544jid.onion/ Do not modify any files or file extensions. Your data maybe

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Interlock

High Risk

Interlock is a ransomware variant with 3 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: Action Required: Data Breach Notification Your Data Is Now Beyond Your Control We have taken control of your systems, encrypted your critical files, and extracted sensitive data. This is a pivotal moment for your organization—your actions now will determine the outcome. --- What You Need to Understand Your data security was compromised because of insufficient protection. As a result: 1. All access to important files has been restricted through encryption. 2. We possess confidenti --- Final Warning: Your Data Is at Risk To the Leadership of Your Organization We have encrypted your systems and extracted sensitive information from your network. Your organization's failure to prioritize cybersecurity has left critical data vulnerable, and now, the consequences are at hand. --- What You Need to Know: 1. We have seized key documents, customer information, and confidential business data. 2. Access to these files has been locked with advanced encryption. 3. Responsibil --- INTERLOCK - CRITICAL SECURITY ALERT To Whom It May Concern, Your organization has experienced a serious security breach. Immediate action is required to mitigate further risks. Here are the details: THE CURRENT SITUATION - Your systems have been infiltrated by unauthorized entities. - Key files have been encrypted and are now inaccessible to you. - Sensitive data has been extracted and is in our possession. WHAT YOU NEED TO DO NOW 1. Contact us via our secure, anonymous platform l Sample ransom note: Action Required: Data Breach Notification Your Data Is Now Beyond Your Control We have taken control of your systems, encrypted your critical files, and extracted sensitive data. This is a pivotal moment for your organization—your actions now will determine the outcome. --- What You Need to Understand Your data security was compromised because of insufficient protection. As a result: 1. All access to important files has been restricted through encryption. 2. We possess confidenti --- Final Warning: Your Data Is at Risk To the Leadership of Your Organization We have encrypted your systems and extracted sensitive information from your network. Your organization's failure to prioritize cybersecurity has left critical data vulnerable, and now, the consequences are at hand. --- What You Need to Know: 1. We have seized key documents, customer information, and confidential business data. 2. Access to these files has been locked with advanced encryption. 3. Responsibil --- INTERLOCK - CRITICAL SECURITY ALERT To Whom It May Concern, Your organization has experienced a serious security breach. Immediate action is required to mitigate further risks. Here are the details: THE CURRENT SITUATION - Your systems have been infiltrated by unauthorized entities. - Key files have been encrypted and are now inaccessible to you. - Sensitive data has been extracted and is in our possession. WHAT YOU NEED TO DO NOW 1. Contact us via our secure, anonymous platform l Sample ransom note: Action Required: Data Breach Notification Your Data Is Now Beyond Your Control We have taken control of your systems, encrypted your critical files, and extracted sensitive data. This is a pivotal moment for your organization—your actions now will determine the outcome. --- What You Need to Understand Your data security was compromised because of insufficient protection. As a result: 1. All access to important files has been restricted through encryption. 2. We possess confidenti --- Final Warning: Your Data Is at Risk To the Leadership of Your Organization We have encrypted your systems and extracted sensitive information from your network. Your organization's failure to prioritize cybersecurity has left critical data vulnerable, and now, the consequences are at hand. --- What You Need to Know: 1. We have seized key documents, customer information, and confidential business data. 2. Access to these files has been locked with advanced encryption. 3. Responsibil --- INTERLOCK - CRITICAL SECURITY ALERT To Whom It May Concern, Your organization has experienced a serious security breach. Immediate action is required to mitigate further risks. Here are the details: THE CURRENT SITUATION - Your systems have been infiltrated by unauthorized entities. - Key files have been encrypted and are now inaccessible to you. - Sensitive data has been extracted and is in our possession. WHAT YOU NEED TO DO NOW 1. Contact us via our secure, anonymous platform l Sample ransom note: We have successfully breached your network, encrypted your files, and obtained highly sensitive data. This is the result of weak cybersecurity on your part. As of now, your access to critical business information has been revoked. The only way to regain control is through cooperation. If you fail to contact us within 72 hours, we will proceed to publish your data to the public, ensuring severe consequences for your organization. By not addressing this matter, you risk violating major laws such a

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

Nemesis

High Risk

Nemesis is a ransomware variant with 1 sample ransom notes in our database.

View Details

File Extensions

Unknown

Indicators

Sample ransom note: NEMESIS [+][+][+] Your systems are encrypted and sensitive data has been stolen. Do not shut down your systems or attempt to use any other recovery programs - files may be corrupted or lost. [+][+][+] ONLY OUR decryptor can get your files back. To make sure we REALLY CAN get your files back, we give you the opportunity to decrypt multiple files for free during the negotiation process. [+][+][+] We are not a politically motivated group - we are only interested in money. [+][+

Recovery Options

Recovery options will depend on the specific variant and encryption used. Professional data recovery services recommended.

Recommended Actions:

Isolate infected systems immediately
Restore from backups if available
View details for more...

About Our Database

Our ransomware database is completely FREE and continuously updated with information about the latest ransomware variants, their characteristics, and recovery options. The database includes:

Detailed descriptions of ransomware behavior
File extensions used by each variant
Technical indicators to help with identification
Professional recovery recommendations
Risk assessment for business impact

This information is compiled from our experience working with ransomware recovery cases and collaboration with cybersecurity researchers.

Protection Tips

Prevent Ransomware Infections - Free Advice

Keep your operating system and software updated
Use reputable antivirus software and keep it updated
Implement email filtering to prevent phishing attacks
Backup your data regularly using the 3-2-1 backup strategy
Train employees to recognize suspicious emails and links
Use strong passwords and multi-factor authentication
Restrict user permissions and administrative access