Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Ransom Note: !!!README!!!.txt

Group: Valencia

- - - - - - - - | Valencia Ransomware | - - - - - - - -

Hello dear victim,

All your files have been STOLEN and encrypted. You cannot recover them on your own.
Your backups, servers, and devices are also compromised, and critical files have been stolen.
In conclusion, you are facing a very grave situation.

* How to get them back?
To recover your files you can contact us at the following link
using Tor Browser @ https://www.torproject.org/download/

(ALL .ONION LINKS WILL REQUIRE YOU TO INSTALL TOR BROWSER)

http://4tpksbx73v5bewqr7kanwmkegyldfq6deir6cpv5zeaxg3mrnsk35eyd.onion/c/[snip]

Or you can go to the following link and enter the following chat id manually: [snip]

http://4tpksbx73v5bewqr7kanwmkegyldfq6deir6cpv5zeaxg3mrnsk35eyd.onion

* What if I don't pay?
If you choose not to pay, your files will remain permanently encrypted.
The decryptor will be destroyed, and your stolen files will be publicly exposed at:

http://6doyqxqqj36vnedtt2zwxmngx52mgyp7brbrtwkyd75jgiolocoybgid.onion/

* How much will I pay?
The ransom amount will be determined during our conversation.
You have 30 days to comply.

* What if I don't message you?
Failure to contact us within 72 hours will signal your refusal to cooperate.
This will result in the immediate publication of your stolen files.

* What to say when you contact us?
When you contact us, include the BID for your company: 620F367E6D2345E49CCE93747259A1C0
and the contents of the IDKEY.txt file located at C:\Users\Public\IDKEY.txt.
The BID is the same for each computer but the IDKEY is unique for
each computer.

* How can we prove that we can decrypt the files?
To demonstrate our capability, we offer to decrypt up to 3 sample
files (each less than 5MB and not containing crucial information) for free.

> > > > > Important things to take into account < < < < <

* Do not try to remove any files.
Any attempts to remove or tamper with the encrypted files may lead to irreversible corruption.

* Do not attempt to use third-party decryptors.
Third-party decryption tools are futile. The decryption key is protected
by advanced AES encryption, making it impossible to decrypt without our specific key.

* What if you don't pay?
Refusing to pay will have devastating consequences. All your company's sensitive
information will be released for free on our website. This will result in irreparable
damage to your company's reputation, loss of confidential documents, customer data exposure,
and a significant loss of clients and investors.
Reference:
https://wikipedia.org/wiki/GDPR_fines_and_notices
https://gdpr-info.eu/issues/fines-penalties
https://gdpr.eu/fines/

* What happens after you pay?
Upon receiving your payment, we will provide you with the decryption program
and detailed instructions on how to restore your files. Also, your company
files will be removed from our servers.

This is a critical juncture. Your company's future hangs in the balance. Delays and defiance
will only escalate your troubles. Act now, secure your data, and avert a crisis.

Thanks and see you soon!

Indicators of Compromise
Type IOC
onion url http://4tpksbx73v5bewqr7kanwmkegyldfq6deir6cpv5zeaxg3mrnsk35eyd.onion
onion url http://4tpksbx73v5bewqr7kanwmkegyldfq6deir6cpv5zeaxg3mrnsk35eyd.onion/c/[snip]
onion url http://6doyqxqqj36vnedtt2zwxmngx52mgyp7brbrtwkyd75jgiolocoybgid.onion/