STRLCPY/ransomware_notes

add karakurt ransom note
ThreatLabz committed 1 year ago

2941c306

1 parent 376dd469

Total 1 files

■ ■ ■ ■ ■ ■

karakurt/!_karakurt_READ_ME_!.txt

1	+	=====================================================================
2	+	Welcome, this is karakurt team.
3	+	=====================================================================
4	+	Your network has been breached.
5	+
6	+	Internal documents and files were stolen.
7	+	=====================================================================
8	+	PLEASE READ THIS SO YOU CAN CONTACT US!
9	+	=====================================================================
10	+
11	+	Ok, you are reading this - so it means that we have your attention.
12	+	Here's the deal :
13	+	1. We breached your internal network and took control over all of your systems.
14	+	2. We analyzed and located each piece of more-or-less important files while spending weeks inside.
15	+	3. We exfiltrated anything we wanted (the total size of taken data exeeds !200GB!).
16	+
17	+	You can see the full file-tree of downloaded files near to our note. (file-tree.zip)
18	+
19	+	You can choose any two files from file-tree and we will provide them to you in confirmation that we have them.
20	+
21	+	Also, if necessary, we can return your files back after payment.
22	+
23	+	FAQ:
24	+	- Who the hell are you?
25	+	- Pretty skilled hackers I guess.
26	+
27	+	- WHY ARE YOU DOING THIS?!??
28	+	- Our motivation is purely financial.
29	+
30	+	- We are going to report this to law enforcement.
31	+	- You surely can, but be ready that they will confiscate most of your IT infrastructure, and even if you will later change your mind and decide to pay - they will not let you.
32	+
33	+	- Who else already knows about the breach?
34	+	- Me, You, Nobody else. For now.
35	+
36	+	- What if I tell you that I do not care and going to ignore this incident.
37	+	- That's a very bad choice. If you will not contact us in a timely manner we will start notifying your employees, clients, partners, subcontractors and any other persons that should know how you treat your own corporate secrets and theirs.
38	+
39	+	- What if I will not contact you even after it?
40	+	- Than we shall move forward and start contacting your business competitors and list of anonymous inside traders we deal with, to find out if they are going to pay us for your data. When the list of the people who is interested in such data is formed - the closed online auction starts.
41	+
42	+	- Noone will buy what you took! I do not believe you!
43	+	- If the auction fails - we will just leak everything online, making sure that this leak goes straight to the press. We will make sure that your business will bleed by using any power we have in our posession, both social and technical.
44	+
45	+	- What happens if I pay?
46	+	- Nothing bad will happen.
47	+	We will remove everything we took from your network and leave you be.
48	+	We will provide the confirmation that the data is deleted.
49	+	We will help you to close technical vulnerabilities you have and provide some insight on how to avoid such incidents if some other perpetrator is interested in you.
50	+	We will never tell anybody about it.
51	+
52	+	- We understand. We are ready to move forward.
53	+	- You will find the Access Code at the end of this file, you will need this one to get in contact with us for further instructions.
54	+
55	+	To contact us using this ID you should do the following :
56	+	1. Download Tor browser - https://www.torproject.org and install it.
57	+	2. Open link in TOR browser - https://omx5iqrdbsoitf3q4xexrqw5r5tfw7vp3vl3li3lfo7saabxazshnead.onion
58	+	3. Insert Access Code inside the field on the page and click Enter.
59	+	4. The chat window will open and we will be able to communicate through a secured channel.
60	+
61	+	This link is available via "Tor Browser" only!
62	+
63	+	-------ACCESS CODE-------
64	+	[snip]
65	+	-------ACCESS CODE-------
66	+

add karakurt ransom note