Mark Smith Wrote:
-------------------------------------------------------
> Two attack versions
> We logged two versions of the ransom message:
>
> INSERT INTO PLEASE_READ.`WARNING`(id, warning,
> Bitcoin_Address, Email) VALUES(‘1′,’Send 0.2 BTC
> to this address and contact this email with your
> ip or db_name of your server to recover your
> database! Your DB is Backed up to our servers!’,
> ‘1ET9NHZEXXQ34qSP46vKg8mrWgT89cfZoY’,
> ‘backupservice@mail2tor.com’)
>
https://mcdvoice.me/
>
>
> INSERT INTO `WARNING`(id, warning)
> VALUES(1, ‘SEND 0.2 BTC TO THIS ADDRESS
> 1Kg9nGFdAoZWmrn1qPMZstam3CXLgcxPA9 AND GO TO THIS
> SITE
http://sognd75g4isasu2v.onion/ TO RECOVER
> YOUR DATABASE! SQL DUMP WILL BE AVAILABLE AFTER
> PAYMENT! To access this site you have use the tor
> browser
>
https://www.torproject.org/projects/torbrowser.html.en’)
>
> One version offers the victim to restore their
> data by contacting the following email address –
> ‘backupservice@mail2tor.com’. The second version
> offers the owner to visit the following darknet
> web site ‘
http://sognd75g4isasu2v.onion/’ to
> recover the lost data.
It was a great help ! Thank you very much for sharing this !