torikf Posted June 24, 2019 Report Share Posted June 24, 2019 my pc is infected and deal like this ---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on you computer has expansion ej5squ. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/530E0201BC62D444 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decryptor.top/530E0201BC62D444 Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: 8hGCuu0sytpE7iQ5AViYihawxDt4t4CojYPRzFT547etAg0FT4GtkR0497o0/uGd hol6Qu682dW+9Wz51RxunN0P9jXi8qi90wjIJ4ryEz080kjb5Rx/E6e5kl4m416v HNCAVJ0hEqw//x85niup9ObhzPUR9Iia2jqCsQeXhF/P6p7cvcjYBWl/rgyXfj1A 5jt/X7NHMezT8F75ISUqW7M2SuKGEGJkTc2OZKFQjYEbMNRCZI08SgwWW6nu6rnJ XJOx3jNFqZBJviULsDXu82J/Yhp+kMwsBQmxTQcsW5uoGysaGOUDDaNjCfOTZzNZ PwOLsrxdhnGXbWFIY2PPbuz3GLN/w5Ef/gb5k0F5Sa5Zd0OEvwYxCu/KPU6FOkeT cd6ugPZsdxOppqsV1/wAhuth36BnIBtkocTFhxAmE4cwj40UTLZqrdrQTBLXrW08 edS7tl80jlMjaOwbZAvs15oBnK/LW3KV84DaZcMSO9FNMWiP/FIRzkEI0xkIMHsq kho3CRtnG24CebPDS3ablgJgzB1qSTFt9G3Qd3no3NlTaN4j0xYDGSAfsgUkI1eo T+vQ7SvnLnOCj29YoKiixklR/zNZWene7G47tEPYrloqBwBVpWYqel7k1AP3ilPb BkXLJIkgB8SUgMHsLYZF/Dx9Jh4r7n8c9b2Zb5gpCf66OJmdDmQxgaXRM6okGlWl Is9z9URNjj6g0vGd/6biezJPYiWY+IsMDQOK/MaNhT2aZ6pkkTfGWnQ0ROJy28wW rVEudx+n/y6EXQcHiserW6D+mxjNMJuGgsDAUiIeJuWSliJq2h8SJmY9AT1CrchL gXIlZl0P+xlDyM05+RRQBrOmvbd2LCJpIBlMpTthZXFcAK93SPYviPggvEJzLKva gbSusPYSL6oaHggpNzHEX7uXKVMFiYz786rkxAfXuhT3ymYELUFDPhQnFNaZ6F56 O+vgE2gHok063FgVTm8qpy2bT9jT83LvpyYXjPbPKqzYaQYq1M+eNM2RlBAKGVjL o2EHCOXFMVhYChAocPJWVQyIjLrpvI6Wy/NXYjabjXLMyYqkTOON1l1Rm6e7DeeX jyqmSJDH26yhS+/nc8dGjHZkwOtpBqB8IOU4ae2is1AhaGRcSIHrj6nO4H/eHkM2 WQBaMoRSLtLdHnK2Luoc4UFnvgb5yzYml9w6Q42oMFCiQHBGdKH12BxWFcFfuIOV 2NEEnA== Extension name: ej5squ ----------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!! scan_190624-113505.txt DATA-LAHAN-KERJASAMA.xlsx.ej5squ Link to comment Share on other sites More sharing options...
Amigo-A Posted June 24, 2019 Report Share Posted June 24, 2019 @torikf Hello I have already identified the Sodinokibi Ransomware, who encrypted your files, but I need to confirm this. Attach also that original file of ransom note from which you copied this text. Or confirm that the ransom note is called ej5squ-readme.txt It is correctly? Link to comment Share on other sites More sharing options...
torikf Posted June 24, 2019 Author Report Share Posted June 24, 2019 1 hour ago, Amigo-A said: @torikf Hello I have already identified the Sodinokibi Ransomware, who encrypted your files, but I need to confirm this. Attach also that original file of ransom note from which you copied this text. Or confirm that the ransom note is called ej5squ-readme.txt It is correctly? this is the read me file ej5squ-readme.txt Link to comment Share on other sites More sharing options...
Amigo-A Posted June 24, 2019 Report Share Posted June 24, 2019 Yes, now it is known for sure, that your files are encrypted by Sodinokibi Ransomware. My identification is accurate. So that there is no doubt, I also uploaded the note file and your encrypted file to the service ID Ransomware. The results of my and automatic identification are the same.https://id-ransomware.malwarehunterteam.com/identify.php?case=ed59f3576d54aefba856f2a26ecf4567fd4c0db0 Link to comment Share on other sites More sharing options...
torikf Posted June 24, 2019 Author Report Share Posted June 24, 2019 @Amigo-A thanks for your reply is there a way to restore the file? Link to comment Share on other sites More sharing options...
GT500 Posted June 25, 2019 Report Share Posted June 25, 2019 5 hours ago, torikf said: is there a way to restore the file? Unfortunately there's not. Link to comment Share on other sites More sharing options...
Recommended Posts