Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorythm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
DO NOT use any recovery software with restoring files overwriting encrypted.
This may lead to the impossibility of recovery of the certain files.
To get info (decrypt your files) contact us at your personal page:
1. Download and install Tor Browser: https://www.torproject.org/download/
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar:
http://q7wp5u55lhtuafjtsl6lkt24z4wvon2jexfzhzqqfrt3bqnpqboyqoid.onion/order/[snip]
4. Follow the instructions on the site
5. You should get in contact in 48 HOURS since your systems been infected.
6. The link above is valid for 7 days.
After that period if you not get in contact
your local data would be lost completely.
7. Questions? e-mail: btpsupport@protonmail.com
If email not working - new one you can find on a tor page.
The faster you get in contact - the lower price you can expect.
DATA
[snip]
doppelpaymer1.txt
[snip]
Your network has been hacked.
Your ID: 106
Your files, backups and shadow copies are unavailable until you pay for a decryption tool.
Otherwise your sensitive data will be shared to public at
http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion
and all the rest will remain unreachable to you.
TO SAVE YOUR DATA FROM DESTRUCTION:
DO NOT RESET OR SHUTDOWN your PC or server.
DO NOT RENAME/ MOVE/ DELETE the encrypted and readme files.
DO NOT USE ANY RECOVERY TOOLS that is aimed to restore encrypted files.
TO GET YOUR DATA BACK contact us:
SmutnyKobimtochukwu@protonmail.com
OR
KobieBoho@protonmail.com
Contact us within 48 HOURS from the date your network have been infected.
After the period expires and no contact is made, the link and keys for your data will be erased completely.
doppelpaymer3.txt
Your network has been hacked.
Your ID: 191
Your files, backups and shadow copies are unavailable until you pay for a decryption tool.
If no contact made in 3 business days after the infection
first portion of data will be shared to public at
http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion
and all the rest will remain unreachable to you.
TO SAVE YOUR DATA FROM DESTRUCTION:
DO NOT RESET OR SHUTDOWN your PC or server.
DO NOT RENAME/ MOVE/ DELETE the encrypted and readme files.
DO NOT USE ANY RECOVERY TOOLS that is aimed to restore encrypted files.
TO GET YOUR DATA BACK contact us on your personal page:
1. Download and install Tor Browser: https://www.torproject.org/download/
2. Run the browser and wait for initialization.
3. Copy to the address bar:
http://thw73ky2jphtcfrwoze5ddk3wbkc2t24r55guu3agwjchn3g6p755kyd.onion/order/[snip]
4. Follow the instructions on the site.
5. Contact us via email reltypade1977@protonmail.com OR live chat on your personal page.
7. The link above is valid for 21 days.
8. If you ask about proof of data exfiltrated before payment -
we will share proofs at our data leaks portal.
doppelpaymer2.txt
Your network was hacked. Your ID: 269
DO NOT RESET OR SHUTDOWN your PC or server.
DO NOT RENAME/ MOVE/ DELETE the encrypted and readme files.
Info:
http://fcjam663uvgid2xbar24kab2vt4hjzsn6o77glh35jscuo567b2mnyqd.onion/order/[snip]
btpsupport@protonmail.com
If you decide not to cooperate your sensitive data will be shared to public at
http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion
and all the rest will remain unreachable to you.