The Green Blood Group

Original ransom notes collected for this group.

HOW_TO_RECOVER_FILES.txt 2414

Content	Action
##################### TH3 GR33N BL00D GR0UP #################### ----------------- SYSTEM INTRUSION & DATA EXFILTRATION CONFIRMED ------------------- All primary servers, workstations, and backup links within your network have been encrypted and penetrated by THE-GREEN-BLOOD-GROUP. A full copy of TERABYTES of sensitive data has been extracted from your systems. IRREVERSIBLE without our unique decryption key. ################# YOUR DATA IS NOW HELD FOR RANSOM. DO NOT ATTEMPT: ####################### Restarting systems or disconnecting from network. Using third-party decryption or "recovery" tools. Involving external cyber-security firms. Modifying encrypted files or system registry. ANY ATTEMPT WILL CORRUPT DATA PERMANENTLY AND TRIGGER IMMEDIATE DATA LEAK. ####################### DEMAND & RECOVERY PROCESS ########################### To receive the decryption tool and secure the deletion of the stolen dataset, you MUST contact us at the address below within 14 DAYS. To prove the legitimacy of our decryption tool, we decrypt 5-10 non-critical files (each under 20MB). ######################### OUR CONTACTS ####################### SUPPORT EMAIL: thegreenblood@proton.me / thegreenblood@onionmail.org SUPPORT TOX ID: F97A512AA18917444315510B107AB8B46166CAC4E79DB76B849FFE48A67A4B621AB7CC9A1EFB If Mail Communication channels lost or slow , use TOX EMAIL SUBJECT LINE: [SNIP] - PAYMENT INQUIRY ######################### CONSEQUENCES OF NON-COMPLIANCE ######################### Failure to contact us within 7 DAYS will result in: 14 DAYS : 1% DATASET will be published every next day publicly on multiple dark web leak sites and sent to major media outlets .This includes all client data. You can use the Tor Browser and visit the following link: URL: http://scbrksw5fgjtujc2ah42roo6bij2unr2tggfcynpbql5a7yp3s22taid.onion:8000/ 21 DAYS: If you choose not to contact us, your sensitive data will be published or sold to interested third parties . The dataset will be AUCTIONED to the highest bidder among cybercriminal syndicates and hostile entities. Your clients' financial futures will be sold. ######################## TIME DECREASES WITH EVERY HOUR. ACT NOW. ############################## ------------------------------ END OF COMMUNICATION ------------------------------------------------- - TH3 GR33N BL00D GR0UP

Content

Action

##################### TH3 GR33N BL00D GR0UP ####################

----------------- SYSTEM INTRUSION & DATA EXFILTRATION CONFIRMED -------------------

All primary servers, workstations, and backup links within your network have been encrypted and penetrated by THE-GREEN-BLOOD-GROUP.
A full copy of TERABYTES of sensitive data has been extracted from your systems.

IRREVERSIBLE without our unique decryption key.

################# YOUR DATA IS NOW HELD FOR RANSOM. DO NOT ATTEMPT: #######################

Restarting systems or disconnecting from network.

Using third-party decryption or "recovery" tools.

Involving external cyber-security firms.

Modifying encrypted files or system registry.

ANY ATTEMPT WILL CORRUPT DATA PERMANENTLY AND TRIGGER IMMEDIATE DATA LEAK.

####################### DEMAND & RECOVERY PROCESS ###########################

To receive the decryption tool and secure the deletion of the stolen dataset, you MUST contact us at the address below within 14 DAYS.
To prove the legitimacy of our decryption tool, we decrypt 5-10 non-critical files (each under 20MB).

######################### OUR CONTACTS #######################
SUPPORT EMAIL: thegreenblood@proton.me / thegreenblood@onionmail.org
SUPPORT TOX ID: F97A512AA18917444315510B107AB8B46166CAC4E79DB76B849FFE48A67A4B621AB7CC9A1EFB

If Mail Communication channels lost or slow , use TOX

EMAIL SUBJECT LINE:
[SNIP] - PAYMENT INQUIRY

######################### CONSEQUENCES OF NON-COMPLIANCE #########################

Failure to contact us within 7 DAYS will result in:

14 DAYS :
1% DATASET will be published every next day publicly on multiple dark web leak sites and sent to major media outlets .This includes all client data.
You can use the Tor Browser and visit the following link:
URL: http://scbrksw5fgjtujc2ah42roo6bij2unr2tggfcynpbql5a7yp3s22taid.onion:8000/

21 DAYS:
If you choose not to contact us, your sensitive data will be published or sold to interested third parties .
The dataset will be AUCTIONED to the highest bidder among cybercriminal syndicates and hostile entities.
Your clients' financial futures will be sold.

######################## TIME DECREASES WITH EVERY HOUR. ACT NOW. ##############################

------------------------------ END OF COMMUNICATION -------------------------------------------------

- TH3 GR33N BL00D GR0UP

READ_ME_TO_RECOVER_FILES.txt 2075

Content	Action
╔══════════════════════════════════════════════════════════════════════════════╗ ║ YOUR FILES HAVE BEEN ENCRYPTED! ║ ╚══════════════════════════════════════════════════════════════════════════════╝ ##################### TH3 GR33N BL00D GR0UP #################### What happened? --------------- All your important files (documents, photos, databases, etc.) have been encrypted 'enc++' using military-grade AES-256 encryption. Your files are now inaccessible and cannot be recovered without our decryption service. Your unique identifiers: • Recovery ID: GREEN-BLOOD-[SNIP] • Machine ID: [SNIP] • Date/Time: YYYY-MM-DD hh:mm:ss • Files encrypted: .tgbg extension How to recover your files: -------------------------- 1. Contact Us 2. Provide your Recovery ID and Machine ID 3. Follow the payment instructions (Bitcoin only) 4. After payment confirmation, you will receive the decryption tool DO NOT: -------- • Try to decrypt files yourself (you will lose them permanently) • Rename or modify encrypted files • Delete encrypted files • Reinstall Windows or format drives • Use data recovery software Important: ---------- • Payment must be made within 7 days • Price increases every 24 hours • After 21 days, your decryption key will be destroyed • We keep 139 GB of files as proof of decryption capability WARNING: -------- Any attempt to remove this software or recover files without our tool will result in PERMANENT DATA LOSS. This is your only chance to recover your files. Contact Us. ######################### OUR CONTACTS ####################### SUPPORT EMAIL: thegreenblood@proton.me / thegreenblood@onionmail.org SUPPORT TOX ID: F97A512AA18917444315510B107AB8B46166CAC4E79DB76B849FFE48A67A4B62 1AB7CC9A1EFB If Mail Communication channels lost or slow , use TOX EMAIL SUBJECT LINE: [SNIP] - PAYMENT INQUIRY You can use the Tor Browser and visit the following link: URL: http://scbrksw5fgjtujc2ah42roo6bij2unr2tggfcynpbql5a7yp3s22taid.onion:8000/

Content

Action


╔══════════════════════════════════════════════════════════════════════════════╗
║                        YOUR FILES HAVE BEEN ENCRYPTED!                       ║
╚══════════════════════════════════════════════════════════════════════════════╝
##################### TH3 GR33N BL00D GR0UP  ####################

What happened?
---------------
All your important files (documents, photos, databases, etc.) have been encrypted 'enc++'
using military-grade AES-256 encryption. Your files are now inaccessible and 
cannot be recovered without our decryption service.

Your unique identifiers:
• Recovery ID: GREEN-BLOOD-[SNIP]
• Machine ID: [SNIP]
• Date/Time: YYYY-MM-DD hh:mm:ss
• Files encrypted: .tgbg extension

How to recover your files:
--------------------------
1. Contact Us
2. Provide your Recovery ID and Machine ID
3. Follow the payment instructions (Bitcoin only)
4. After payment confirmation, you will receive the decryption tool

DO NOT:
--------
• Try to decrypt files yourself (you will lose them permanently)
• Rename or modify encrypted files
• Delete encrypted files
• Reinstall Windows or format drives
• Use data recovery software

Important:
----------
• Payment must be made within 7 days
• Price increases every 24 hours
• After 21 days, your decryption key will be destroyed
• We keep 139 GB of files as proof of decryption capability

WARNING:
--------
Any attempt to remove this software or recover files without our tool 
will result in PERMANENT DATA LOSS.

This is your only chance to recover your files.
Contact Us.

######################### OUR CONTACTS #######################
SUPPORT EMAIL: thegreenblood@proton.me / thegreenblood@onionmail.org
SUPPORT TOX ID: F97A512AA18917444315510B107AB8B46166CAC4E79DB76B849FFE48A67A4B62
1AB7CC9A1EFB

If Mail Communication channels lost or slow , use TOX

EMAIL SUBJECT LINE:
[SNIP] - PAYMENT INQUIRY

You can use the Tor Browser and visit the following link:
URL: http://scbrksw5fgjtujc2ah42roo6bij2unr2tggfcynpbql5a7yp3s22taid.onion:8000/