Notas de rescate — nightspire

Contactos, enlaces de pago y direcciones del atacante redactados ([redactado]).

[NSPIRE_MSG].txt

NightSpire Encryption Notice
Your internal servers and backup & virtual infrastructure have been fully compromised.
All your files encrypted by NIGHTSPIRE Ransomware.
You have 72 hours to respond.
The initial payment for decryption and file deletion is 30000 USD in Bitcoin.
This amount is based on your annual revenue, and this is notably less amount than all of your past hard work and effort to develop all of your products.
However, the amount can be renegotiated depending on the circumstances.
Our Discount Service Includes:
- If you respond within 48 hours, we will provide you 30% discount as service.
- If you respond within 24 hours, we will provide you 50% discount as service.
"The faster you pay, the lower the ransom." That's our motto.
Failure to cooperate will result in public disclosure.
We possess a complete list of files and document samples that serve as proof of the access.
You can see the decryption demo video and the list of copied files on our website.
------------------- About NightSpire – Cooperate: The Win-Win Resolution -------------------
Full Decryption Tool + Instructions: Universal binary decrypts all affected systems in hours.
Data Deletion Proof: Timestamped logs, blockchain-verified wipe certificates—your data erased forever.
Secrecy Assurances: No traces online; we expunge all references post-deal.
Bonus: Security Audit Report: Detailed breach vector analysis + fixes, valued at $50K+ from legit firms.
Payment Flexibility: Crypto (BTC We Offer), staged if needed—processed by our financial team.
NightSpire isn't a lone hacker in a basement. We're a structured syndicate with standard operating procedures, support desks, recruiters, and analysts—like a Fortune 500 but optimized for cyber efficiency. Our reputation demands we deliver: victims who pay get results, building trust for mutual long-term gains. Non-payment erodes that, but cooperation upholds it. Security researchers and reputation confirm, we're a fully fledged cyber group... built to monetize. We honor deals to ensure repeat business across the ecosystem.
--------------------------- WHAT HAPPENS IF YOU DON'T PAY -------------------------------
- The hacked news about your company will be posted on our Onion site.
- Source codes of your all software products will be open source.
- Your clients and partners may be notified about the data breach.
- The data may be shared or sold to third parties.
- You will permanently lose access to your encrypted data.
- We will not provide any decryption tools or support.
----------------------------------------- CAUTION ---------------------------------------------
>>> Important – Do Not
DO NOT modify files.
DO NOT use third-party tools.
Unncessary activities cause permanent loss of your data.
AES-256/RSA-4096 = impossible without our key.
>>> WARNING – NO INTERMEDIARIES
Do NOT use recovery or negotiation companies.
They are middlemen who profit from deception.
For example:
They charged victims $1M
Secretly negotiated with us for $200K
Kept $800K for themselves.
Contacting us directly = 5× lower cost.
Middlemen only steal from you.
Deal direct.
Pay less.
Resolve faster.
>>> IMPORTANT – INSURANCE NOTICE
Do NOT involve your cyber insurance company directly.
They will sabotage negotiations to avoid paying the full policy amount.
If your coverage is $10M, they will offer us $100K.
We will reject it.
They will refuse to increase.
Result: no payment, full data leak, total damage — for you.
If you anonymously inform us of your insurance limits and terms,
we will NOT exceed that amount in negotiations.
This guarantees:
• Fast resolution
• Data deletion
• Full decryption
• No public leak
Silence only benefits the insurer.
Transparency benefits you.
Choose wisely.
>>> CONSEQUENCES OF DATA LEAK
If your data is leaked:
• Government fines (GDPR, compliance, tax authorities)
• Lawsuits from clients and partners
• Criminal abuse of employee and customer identities
• Bank fraud, loan fraud, money laundering
• FBI investigat

nightspire_readme.txt

-Your sensetive data are stolen and encrypted!
If you pay within 3 days, we will decrypt it and also, we will not public your data.
After that we will public this situation and all data.
-DO NOT MODIFY FILES YOURSELF.
-DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA.
-YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS.
-YOUR DATA IS STRONGLY ENCRYPTED, YOU CAN NOT DECRYPT IT WITHOUT OUR HELP.
CONTACT US:
	Onion Mail :   [redactado]
	[redactado] ID:	[redactado]
	[redactado]
	[redactado]
Send this message first "NSPIRE[snip]" when contact with us, so to make sure it's you.

readme.txt

Dear Management,
If you are reading this message, it means that:
- your network infrastructure has been compromised,
- sensetive data was leaked,
- files are encrypted
--------------------------------------------------------------------------
The best and only thing you can do is to contact us
to settle the matter before any losses occurs.
Onion Site:
[redactado]
Proton Mail:
[redactado]
--------------------------------------------------------------------------
1. THE FOLLOWING IS STRICTLY FORBIDDEN
1.1 EDITING FILES.
Renaming files could DAMAGE the
cipher and decryption will be impossible.
1.2 USING THIRD-PARTY SOFTWARE.
Trying to recover with any software
can also break the cipher and
file recovery will become a problem.
--------------------------------------------------------------------------------------------------
2. EXPLANATION OF THE SITUATION
2.1 WHAT HAPPENED
We encrypted your workstations and servers to make the fact of the intrusion visible and to prevent you from hiding sensetive data leaks.
We have already downloaded a huge amount of sensetive data and analyzed it. Now its fate is up to you, it will either be deleted or sold, or shared with the media.
2.2 VALUABLE DATA WE USUALLY STEAL:
- Databases, legal documents, personal information.
- Audit reports.
- Audit SQL database
- Any financial documents (Statements, invoices, accounting, transfers etc.).
- Work files and corporate correspondence.
- Any backups.
- Confidential documents.
2.3 TO DO LIST (best practies)
- Contact us as soon as possible.
- Contact us only in our live chat, otherwise you can run into scammers.
- Purchase our decryption tool and decrypt your files. There is no other way to do this.
- Realize that dealing with us is the shortest way to success and secrecy.
- Give up the idea of using decryption help programs, otherwise you will destroy the system permanently.
- Avoid any third-party negotiators and recovery groups. They can become the source of leaks.
--------------------------------------------------------------------------------------------------
3. POSSIBLE DECISIONS
3.1 NOT MAKING THE DEAL
- After 5 days starting tomorrow your leaked data will be Disclosed or sold.
- We will also send the data to all interested supervisory organizations and the media.
- Decryption key will be deleted permanently and recovery will be impossible.
- Losses from the situation can be measured based on your annual budget.
3.2 MAKING THE WIN-WIN DEAL
- You will get the only working Decryption Tool and the how-to-use Manual.
- You will get our guarantees (with log provided) of non-recovarable deletion of all your leaked data.
- You will get our guarantees of secrecy and removal of all traces related to the deal in the Internet.
- You will get our security report on how to fix your security breaches.
--------------------------------------------------------------------------------------------------
4. HOW TO CONTACT US
4.1 Download and install TOR Browser [redactado]
4.2 Go to our contact form website at [redactado]
4.3 You can request sample files chat

NightSpire Encryption Notice Your internal servers and backup & virtual infrastructure have been fully compromised. All your files encrypted by NIGHTSPIRE Ransomware. You have 72 hours to respond. The initial payment for decryption and file deletion is 30000 USD in Bitcoin. This amount is based on your annual revenue, and this is notably less amount than all of your past hard work and effort to develop all of your products. However, the amount can be renegotiated depending on the circumstances. Our Discount Service Includes: - If you respond within 48 hours, we will provide you 30% discount as service. - If you respond within 24 hours, we will provide you 50% discount as service. "The faster you pay, the lower the ransom." That's our motto. Failure to cooperate will result in public disclosure. We possess a complete list of files and document samples that serve as proof of the access. You can see the decryption demo video and the list of copied files on our website. ------------------- About NightSpire – Cooperate: The Win-Win Resolution ------------------- Full Decryption Tool + Instructions: Universal binary decrypts all affected systems in hours. Data Deletion Proof: Timestamped logs, blockchain-verified wipe certificates—your data erased forever. Secrecy Assurances: No traces online; we expunge all references post-deal. Bonus: Security Audit Report: Detailed breach vector analysis + fixes, valued at $50K+ from legit firms. Payment Flexibility: Crypto (BTC We Offer), staged if needed—processed by our financial team. NightSpire isn't a lone hacker in a basement. We're a structured syndicate with standard operating procedures, support desks, recruiters, and analysts—like a Fortune 500 but optimized for cyber efficiency. Our reputation demands we deliver: victims who pay get results, building trust for mutual long-term gains. Non-payment erodes that, but cooperation upholds it. Security researchers and reputation confirm, we're a fully fledged cyber group... built to monetize. We honor deals to ensure repeat business across the ecosystem. --------------------------- WHAT HAPPENS IF YOU DON'T PAY ------------------------------- - The hacked news about your company will be posted on our Onion site. - Source codes of your all software products will be open source. - Your clients and partners may be notified about the data breach. - The data may be shared or sold to third parties. - You will permanently lose access to your encrypted data. - We will not provide any decryption tools or support. ----------------------------------------- CAUTION --------------------------------------------- >>> Important – Do Not DO NOT modify files. DO NOT use third-party tools. Unncessary activities cause permanent loss of your data. AES-256/RSA-4096 = impossible without our key. >>> WARNING – NO INTERMEDIARIES Do NOT use recovery or negotiation companies. They are middlemen who profit from deception. For example: They charged victims $1M Secretly negotiated with us for $200K Kept $800K for themselves. Contacting us directly = 5× lower cost. Middlemen only steal from you. Deal direct. Pay less. Resolve faster. >>> IMPORTANT – INSURANCE NOTICE Do NOT involve your cyber insurance company directly. They will sabotage negotiations to avoid paying the full policy amount. If your coverage is $10M, they will offer us $100K. We will reject it. They will refuse to increase. Result: no payment, full data leak, total damage — for you. If you anonymously inform us of your insurance limits and terms, we will NOT exceed that amount in negotiations. This guarantees: • Fast resolution • Data deletion • Full decryption • No public leak Silence only benefits the insurer. Transparency benefits you. Choose wisely. >>> CONSEQUENCES OF DATA LEAK If your data is leaked: • Government fines (GDPR, compliance, tax authorities) • Lawsuits from clients and partners • Criminal abuse of employee and customer identities • Bank fraud, loan fraud, money laundering • FBI investigat

-Your sensetive data are stolen and encrypted! If you pay within 3 days, we will decrypt it and also, we will not public your data. After that we will public this situation and all data. -DO NOT MODIFY FILES YOURSELF. -DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. -YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. -YOUR DATA IS STRONGLY ENCRYPTED, YOU CAN NOT DECRYPT IT WITHOUT OUR HELP. CONTACT US: Onion Mail : [redactado] [redactado] ID: [redactado] [redactado] [redactado] Send this message first "NSPIRE[snip]" when contact with us, so to make sure it's you.

Dear Management, If you are reading this message, it means that: - your network infrastructure has been compromised, - sensetive data was leaked, - files are encrypted -------------------------------------------------------------------------- The best and only thing you can do is to contact us to settle the matter before any losses occurs. Onion Site: [redactado] Proton Mail: [redactado] -------------------------------------------------------------------------- 1. THE FOLLOWING IS STRICTLY FORBIDDEN 1.1 EDITING FILES. Renaming files could DAMAGE the cipher and decryption will be impossible. 1.2 USING THIRD-PARTY SOFTWARE. Trying to recover with any software can also break the cipher and file recovery will become a problem. -------------------------------------------------------------------------------------------------- 2. EXPLANATION OF THE SITUATION 2.1 WHAT HAPPENED We encrypted your workstations and servers to make the fact of the intrusion visible and to prevent you from hiding sensetive data leaks. We have already downloaded a huge amount of sensetive data and analyzed it. Now its fate is up to you, it will either be deleted or sold, or shared with the media. 2.2 VALUABLE DATA WE USUALLY STEAL: - Databases, legal documents, personal information. - Audit reports. - Audit SQL database - Any financial documents (Statements, invoices, accounting, transfers etc.). - Work files and corporate correspondence. - Any backups. - Confidential documents. 2.3 TO DO LIST (best practies) - Contact us as soon as possible. - Contact us only in our live chat, otherwise you can run into scammers. - Purchase our decryption tool and decrypt your files. There is no other way to do this. - Realize that dealing with us is the shortest way to success and secrecy. - Give up the idea of using decryption help programs, otherwise you will destroy the system permanently. - Avoid any third-party negotiators and recovery groups. They can become the source of leaks. -------------------------------------------------------------------------------------------------- 3. POSSIBLE DECISIONS 3.1 NOT MAKING THE DEAL - After 5 days starting tomorrow your leaked data will be Disclosed or sold. - We will also send the data to all interested supervisory organizations and the media. - Decryption key will be deleted permanently and recovery will be impossible. - Losses from the situation can be measured based on your annual budget. 3.2 MAKING THE WIN-WIN DEAL - You will get the only working Decryption Tool and the how-to-use Manual. - You will get our guarantees (with log provided) of non-recovarable deletion of all your leaked data. - You will get our guarantees of secrecy and removal of all traces related to the deal in the Internet. - You will get our security report on how to fix your security breaches. -------------------------------------------------------------------------------------------------- 4. HOW TO CONTACT US 4.1 Download and install TOR Browser [redactado] 4.2 Go to our contact form website at [redactado] 4.3 You can request sample files chat