Ranson Note: doppelpaymer2.txt

Buy Me a Coffee

Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Ransom Notes: `doppelpaymer2.txt`

Your network was hacked. Your ID: 269

DO NOT RESET OR SHUTDOWN your PC or server.
DO NOT RENAME/ MOVE/ DELETE the encrypted and readme files.

Info:
http://fcjam663uvgid2xbar24kab2vt4hjzsn6o77glh35jscuo567b2mnyqd.onion/order/[snip]

btpsupport@protonmail.com

If you decide not to cooperate your sensitive data will be shared to public at 
http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion 
and all the rest will remain unreachable to you.

Indicators of Compromise

Type	IOC
`email`	`btpsupport@protonmail.com`
`onion url`	http://fcjam663uvgid2xbar24kab2vt4hjzsn6o77glh35jscuo567b2mnyqd.onion/order/[snip]
`onion url`	http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion

Ransom Notes: doppelpaymer2.txt

Indicators of Compromise

Ransom Notes: `doppelpaymer2.txt`