Good Day All,
A server at a client has been infected by Ransomware which cannot be identified. The SHA1 is as follows:
What is the extension added to files? You didn't upload any encrypted files for me to confirm, but this looks like YYTO. See this topic for an m6m6 variant where Amigo-A compares the notes.
This is the note that was uploaded.
Help.txtHello. Your files have been encrypted. For help, write to this e-mail: email@example.com Attach to the letter 1-2 files (no more than 3 MB) and your personal key. If within 24 hours you have not received a response, you need to follow the following instructions: a) Download and install TOR browser: https://www.torproject.org/download/download-easy.html.en b) From the TOR browser, follow the link: torbox3uiot6wchz.onion c) Register your e-mail (Sign Up) d) Write us on e-mail: firstname.lastname@example.org ATTENTION: e-mail (email@example.com) accepts emails, only with e-mail registered in the TOR browser at torbox3uiot6wchz.onion Your personal key: [redacted hex]
Hi, Everytime I tried to upload the file, I received an error. Not sure if it is because the file is too large maybe. The file name is as follows: Document1.firstname.lastname@example.org