The note then lists a number of things the victim should not do, such as contact authorities or recovery organizations. The attackers also claim to have obtained sensitive information. Mails to contact us(Write the decryption ID in the title of your ransom note begins with a decryption ID, which indicates that the victim's systems have been compromised and all files have been encrypted. If you do not pay the ransom, we will attack your company again in the future.In a few weeks, we will simply repeat our attack and delete all your data from your networks, WHICH WILL LEAD TO THEIR UNAVAILABILITY!Īs a guarantee that we can decrypt the files, we suggest that you send several files for free decryption. Here's what you should do right after reading it:ġ) If you are an ordinary employee, send our message to the CEO of the company, as well as to the IT department.Ģ) If you are a CEO, or a specialist in the IT department, or another person who has weight in the company, you should contact us within 24 hours by email. If you approached us directly without intermediaries you would pay 5 times less, that is 1 million dollars.ģ) Do not try to decrypt the files yourself, as well as do not change the file extension yourself !!! This can lead to the impossibility of their decryption. Don't go to recovery companies, they are essentially just middlemen who will make money of you and cheat you.We are well aware of cases where recovery companies tell you that the ransom price is 5 million dollars, but in fact they secretly negotiate with us for 1 million dollars, so they earn 4 million dollars from you. (This can slow down the recovery, and put our communication to naught). In addition to encrypting all your systems, deleting backups, we also downloaded your confidential information.ġ) Contact the police, fbi or other authorities before the end of our deal.Ģ) Contact the recovery company so that they would conduct dialogues with us. Hi, since you are reading this it means you have been hacked. Rorschach ransomware drops a ransom note _r_e_a_d_m_e.txt which reads as follows:
0 Comments
Leave a Reply. |