Hello, We are REvil Group. We want to inform that your company local network have been hacked and encrypted. We have all your local network data. The Price to unlock is $500,000. Now we're keeping it a secret, but if you do not reply us within 3 days it will be posted on our news-site. Think about the financial damage to your stock price from this publication. In case of successful negotiations we guarantee that you will get decryptors for all your machines, non recoverable removal of downloaded data and security report on how you were hacked to fix your vulnerabilities. We hope that you can correctly assess the risks for your company. You can find more information about REvil group in Google. Posting on our blog and further publications in the media will lead to significant losses for your company: court and government fines, data recovery, loss of reputation, abandonment of clients, drop in limits. But don't panic! We are in business, not in war. We can unblock your data and keep everything secret. All we need is a ransom. In this case, you also get: a security report, a complete tree of compromised data files, permanently deleting downloaded data, support with tips on unlocking and protecting.

Hello , wait for answer

file

file

file

Extract:[redacted] Download: [redacted] https://privatlab.com/s/v/[redacted] https://privatlab.com/s/d/[redacted]#delete

my boss can offer 20% discount for fast payment

Our site will not be disabled, you do not need to worry about it. But your offer is too low, we are ready to take one more small step forward, but 300k is our last offer.

The price below is not interesting to us

okay we agree and confirm

btc enabled , price update

ok

Wait for answer

To use a decryptor run it as administrator and turn off antivirus before. You can use a decryptor as gui application or through cmd. CMD commands: UniversalDecryptor.exe -full UniversalDecryptor.exe -path "C:\folder" UniversalDecryptor.exe -file "C:\folder\file.txt.random_ext" * decryptor with -full option will decrypt all with default params. If you use it as gui application, mI recommend you choose "create backups" option. If you use decryptor without this option, you should not interrupt decryption process, otherwise some files will be irreversibly damaged.

file

file

Full listing was deleted with all your files

Spam attack

1) A spam campaign with a virus file were sent to employees of your domain 2) Once user clicked the file, our virus payload was installed on the computer 3) Using special tools the computer was scanned and all user authorization data 4) This authorization data was used to access to the [redacted] network remotely 5) Next we scanned your network and found a vulnerable server with RCE, we used this RCE to execute our payload and gather full access to the server 6) Next we used special security tools to dump all possible passwords from the server 7) We used those passwords to gather access to other network elements until we accessed your domain controller 8) Specially designed keyloggers were installed to the IT stuff machines, which helped us to gain access to the whole IT infra 9) We modified your antivirus configuration the way, it would not detect our presence on the IT network 10) After gaining all possible IT access data, we also found the way to connect to the remaining branches of the company 11) As soon as we gathered access to all the IT network, we used specially crafted tools to collect all valuable data 12) Upon data fetch completion, we launched our locking software across some on your IT systems, we didn't put much pressure on it, just wanted you to know that your data was leaked.