Our company's important files have been hacked by the Ransomware AES-NI.
This is what is detected by ID-RANSOMWARE:
- ransomnote_filename: !!! READ THIS - IMPORTANT !!!.txt
- ransomnote_email: firstname.lastname@example.org
- ransomnote_bitmessage: BM-2cVgoJS8HPMkjzgDMVNAGg5TG3bb1TcfhN
- sample_extension: .aes_ni_0day
We contacted the ransomner by email. We got few response and then he gave us a bitcoin address to send the money to.
I saw you wrote in these forums these last days, so you've been active.
GUY you seemed sincere when you said you would help us decrypt the files. In our email exchanges I felt trust.
Now our entire company depends on getting those files back (encrypted MSSQL databases that are VITAL to our business).
We paid the ransom and haven't heard from you since then.
I've been in contact with you through this email address: email@example.com.
Please do your part of the agreement. I don't believe you're a BLACK HAT, neither a WHITE HAT.
But I do believe you want to make a point with the trade-off the NSA is making when they want to put backdoors and bleep in software and hardware.
I understand. But now point is made. We need the be back on track and live as soon as possible or a lot of people in our little company might lose their job because of this.
Please be a GREY HAT, making a point, a costly point, but being fair with values and giving us the tools to decrypt you said you would give.
In much hope,
A young developer from this company you hacked.
ATTACHMENT file :
===============================# aes-ni ransomware #===============================█████╗ ███████╗███████╗ ███╗ ██╗██╗██╔══██╗██╔════╝██╔════╝ ████╗ ██║██║███████║█████╗ ███████╗█████╗██╔██╗ ██║██║██╔══██║██╔══╝ ╚════██║╚════╝██║╚██╗██║██║██║ ██║███████╗███████║ ██║ ╚████║██║╚═╝ ╚═╝╚══════╝╚══════╝ ╚═╝ ╚═══╝╚═╝SPECIAL VERSION: NSA EXPLOIT EDITIONINTRO: If you are reading it, your server was attacked with NSA exploits.Make World Safe Again.SORRY! Your files are encrypted.File contents are encrypted with random key (AES-256 bit; ECB mode).Random key is encrypted with RSA public key (2048 bit).We STRONGLY RECOMMEND you NOT to use any "decryption tools".These tools can damage your data, making recover IMPOSSIBLE.Also we recommend you not to contact data recovery companies.They will just contact us, buy the key and sell it to you at a higher price.If you want to decrypt your files, you have to get RSA private key.In order to get private key, write here:firstname.lastname@example.org@email@example.comIMPORTANT: In some cases malware researchers can block our e-mails.If you did not receive any answer on e-mail in 48 hours,please do not panic and write to BitMsg (https://bitmsg.me) address:BM-2cVgoJS8HPMkjzgDMVNAGg5TG3bb1TcfhNor create topic on https://www.bleepingcomputer.com/ and we will find you there.If someone else offers you files restoring, ask him for test decryption.Only we can successfully decrypt your files; knowing this can protect you from fraud.You will receive instructions of what to do next.You MUST refer this ID in your message:##REDACTED##Also you MUST send all ".key.aes_ni_0day" files from C:\ProgramData if there are any.===============================# aes-ni ransomware #===============================