Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks
CLEARWATER_README_2.txtATTENTION!
Your network has been breached and all data was encrypted. Please contact us at:
TOR: http://b6rgpykvtyqah4q5tii25ouevr5g3u2s7pqc24jdlyhrfms3itljtkqd.onion/index.html?chat=[snip]
qTox: 8C59AA9B590D61DCFB7894A184D92543250A268AC7808D760EDF3E56E16BBC67C1008CA2B901
Telegram:@CLEARWATERRECOVERY
*!* To access .onion websites download and install Tor Browser at:
https://www.torproject.org/ (Tor Browser is not related to us)
*!* To restore all your PCs and get your network working again, follow these instructions:
- Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency.
Please follow these simple rules to avoid data corruption:
- Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption.
- Do not hire a recovery company. They can't decrypt without the key.
They also don't care about your business. They believe that they are
good negotiators, but it is not. They usually fail. So speak for yourself.
Waiting you in a chat.
| Type | IOC |
|---|---|
onion url
|
http://b6rgpykvtyqah4q5tii25ouevr5g3u2s7pqc24jdlyhrfms3itljtkqd.onion/index.html?chat=[snip] |
tox id
|
8C59AA9B590D61DCFB7894A184D92543250A268AC7808D760EDF3E56E16BBC67C1008CA2B901
|
telegram handle
|
@CLEARWATERRECOVERY
|