Ransom Notes for   Blackbasta

instructions_read_me.txt


    Hello!

If you are reading this, it means we have encrypted your data and took your files.

DO NOT PANIC! Yes, this is bad news, but we will have a good ones as well. 
YES, this is entirely fixable!

Our name is BlackBasta Syndicate, and we are the largest, most advanced, and most prolific organized group currently existing. We are the ultimate cyber tradecraft with a credential record of taking down the most advanced, high-profile, and defended companies one can ever imagine. You can Google us later; what you need to know now is that we are business people just like you. 

We have your data and encrypted your files, but in less than an hour, we can put things back on track: if you pay for our recovery services, you get a decryptor, the data will be deleted from all of our systems and returned to you, and we will give you a security report explaining how we got you.

Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/
Login: [snip]

This is a link to a secure chat. We will talk there. Inside that chat, we will share a second designated link that only your special team will be able to see.

For now, think about the following. 

This incident hits your network and is stopping you from operating properly. The sooner you get back on track, the better it is.

See you in the secure chat.

    

blackbasta3.txt


    ATTENTION!
Your network has been breached and all data was encrypted. Please contact us at:
https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/ 


Login ID: [snip]


*!* To access .onion websites download and install Tor Browser at:

   https://www.torproject.org/ (Tor Browser is not related to us)

*!* To restore all your PCs and get your network working again, follow these instructions:

- Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency.

Please follow these simple rules to avoid data corruption:

- Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. 

- Do not hire a recovery company. They can't decrypt without the key. 
They also don't care about your business. They believe that they are 
good negotiators, but it is not. They usually fail. So speak for yourself.



Waiting you in a chat.


    

blackbasta4.txt


    ATTENTION!
Your network has been breached and all data was encrypted. Please contact us at:
https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/


Login ID: [snip]


*!* To access .onion websites download and install Tor Browser at:

   https://www.torproject.org/ (Tor Browser is not related to us)

*!* To restore all your PCs and get your network working again, follow these instructions:

- Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency.

Please follow these simple rules to avoid data corruption:

- Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. 

- Do not hire a recovery company. They can't decrypt without the key. 
They also don't care about your business. They believe that they are 
good negotiators, but it is not. They usually fail. So speak for yourself.



Waiting you in a chat.


    

blackbasta2.txt


    All of your files are currently encrypted by no_name_software.
 
These files cannot be recovered by any means without contacting our team directly.
 
DON'T TRY TO RECOVER your data by yourselves. Any attempt to recover your data (including the usage of the additional recovery software) can damage your files. However,
if you want to try - we recommend choosing the data of the lowest value.
 
DON'T TRY TO IGNORE us. We've downloaded a pack of your internal data and are ready to publish it on our news website if you do not respond.
So it will be better for both sides if you contact us as soon as possible.
 
DON'T TRY TO CONTACT feds or any recovery companies.
We have our informants in these structures, so any of your complaints will be immediately directed to us.
So if you will hire any recovery company for negotiations or send requests to the police/FBI/investigators, we will consider this as a hostile intent and initiate the publication of whole compromised data immediately.
 
DON'T move or rename your files. These parameters can be used for encryption/decryption process.
 
To prove that we REALLY CAN get your data back - we offer you to decrypt two random files completely free of charge.
 
You can contact our team directly for further instructions through our website :
 
TOR VERSION :
(you should download and install TOR browser first https://torproject.org)
 
https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/
 
Your company id for log in: [snip]
Your company key: 3 of any of your dc through comma. Example: "DC1, DC2, DC3". You can type less if you have no enough
 
YOU SHOULD BE AWARE!
We will speak only with an authorized person. It can be the CEO, top management, etc.
In case you are not such a person - DON'T CONTACT US! Your decisions and action can result in serious harm to your company!
Inform your supervisors and stay calm!

    

blackbasta1.txt


    Your data are stolen and encrypted
The data will be published on TOR website if you do not pay the ransom
You can contact us and decrypt one file for free on this TOR site
(you should download and install TOR browser first https://torproject.org)
https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/

Your company id for log in: [snip]