torikf

My file encripted by Sodinokibi

Recommended Posts

my pc is infected and deal like this

---=== Welcome. Again. ===---

[+] Whats Happen? [+]

Your files are encrypted, and currently unavailable. You can check it: all files on you computer has expansion ej5squ.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).

[+] What guarantees? [+]

Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.

[+] How to get access on website? [+]

You have two ways:

1) [Recommended] Using a TOR browser!
  a) Download and install TOR browser from this site: https://torproject.org/
  b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/530E0201BC62D444

2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
  a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
  b) Open our secondary website: http://decryptor.top/530E0201BC62D444

Warning: secondary website can be blocked, thats why first variant much better and more available.

When you open our website, put the following data in the input form:
Key:

8hGCuu0sytpE7iQ5AViYihawxDt4t4CojYPRzFT547etAg0FT4GtkR0497o0/uGd
hol6Qu682dW+9Wz51RxunN0P9jXi8qi90wjIJ4ryEz080kjb5Rx/E6e5kl4m416v
HNCAVJ0hEqw//x85niup9ObhzPUR9Iia2jqCsQeXhF/P6p7cvcjYBWl/rgyXfj1A
5jt/X7NHMezT8F75ISUqW7M2SuKGEGJkTc2OZKFQjYEbMNRCZI08SgwWW6nu6rnJ
XJOx3jNFqZBJviULsDXu82J/Yhp+kMwsBQmxTQcsW5uoGysaGOUDDaNjCfOTZzNZ
PwOLsrxdhnGXbWFIY2PPbuz3GLN/w5Ef/gb5k0F5Sa5Zd0OEvwYxCu/KPU6FOkeT
cd6ugPZsdxOppqsV1/wAhuth36BnIBtkocTFhxAmE4cwj40UTLZqrdrQTBLXrW08
edS7tl80jlMjaOwbZAvs15oBnK/LW3KV84DaZcMSO9FNMWiP/FIRzkEI0xkIMHsq
kho3CRtnG24CebPDS3ablgJgzB1qSTFt9G3Qd3no3NlTaN4j0xYDGSAfsgUkI1eo
T+vQ7SvnLnOCj29YoKiixklR/zNZWene7G47tEPYrloqBwBVpWYqel7k1AP3ilPb
BkXLJIkgB8SUgMHsLYZF/Dx9Jh4r7n8c9b2Zb5gpCf66OJmdDmQxgaXRM6okGlWl
Is9z9URNjj6g0vGd/6biezJPYiWY+IsMDQOK/MaNhT2aZ6pkkTfGWnQ0ROJy28wW
rVEudx+n/y6EXQcHiserW6D+mxjNMJuGgsDAUiIeJuWSliJq2h8SJmY9AT1CrchL
gXIlZl0P+xlDyM05+RRQBrOmvbd2LCJpIBlMpTthZXFcAK93SPYviPggvEJzLKva
gbSusPYSL6oaHggpNzHEX7uXKVMFiYz786rkxAfXuhT3ymYELUFDPhQnFNaZ6F56
O+vgE2gHok063FgVTm8qpy2bT9jT83LvpyYXjPbPKqzYaQYq1M+eNM2RlBAKGVjL
o2EHCOXFMVhYChAocPJWVQyIjLrpvI6Wy/NXYjabjXLMyYqkTOON1l1Rm6e7DeeX
jyqmSJDH26yhS+/nc8dGjHZkwOtpBqB8IOU4ae2is1AhaGRcSIHrj6nO4H/eHkM2
WQBaMoRSLtLdHnK2Luoc4UFnvgb5yzYml9w6Q42oMFCiQHBGdKH12BxWFcFfuIOV
2NEEnA==

 

Extension name:

ej5squ

-----------------------------------------------------------------------------------------

!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!

scan_190624-113505.txt

DATA-LAHAN-KERJASAMA.xlsx.ej5squ

Share this post


Link to post
Share on other sites

@torikf

Hello

I have already identified the Sodinokibi Ransomware, who encrypted your files, but I need to confirm this.

Attach also that original file of ransom note from which you copied this text.

Or confirm that the ransom note is called ej5squ-readme.txt

It is correctly?

Share this post


Link to post
Share on other sites
1 hour ago, Amigo-A said:

@torikf

Hello

I have already identified the Sodinokibi Ransomware, who encrypted your files, but I need to confirm this.

Attach also that original file of ransom note from which you copied this text.

Or confirm that the ransom note is called ej5squ-readme.txt

It is correctly?

this is the read me file

ej5squ-readme.txt

Share this post


Link to post
Share on other sites

Yes, now it is known for sure, that your files are encrypted by Sodinokibi Ransomware. My identification is accurate.

So that there is no doubt, I also uploaded the note file and your encrypted file to the service ID Ransomware.
The results of my and automatic identification are the same.
https://id-ransomware.malwarehunterteam.com/identify.php?case=ed59f3576d54aefba856f2a26ecf4567fd4c0db0

 

Share this post


Link to post
Share on other sites
5 hours ago, torikf said:

is there a way to restore the file?

Unfortunately there's not.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.