Grn21 Ransomware

THE Grn21 Ransomware is a severe malware threat that can cause its victims to lose access to their private or work-related information. The threat operates as typical ransomware - it targets numerous file types and then locks them using a strong encryption algorithm. As part of its threatening operations, Grn21 also will modify the original names of all affected files. The threat will assign a lengthy randomly-generated string of characters to the victim and then append it to the name of every locked file. Then, '.grn21' will be added as a new file extension. When all suitable files have been encrypted, Grn21 will proceed to deliver a note with instructions for its victims. The random-demanding message will be placed inside a text file named '59FJ_HOW_TO_DECRYPT.txt.'

Ransom Note's Details

If the ransom note can be trusted, apart from locking the user's files, the attackers also have managed to obtain sensitive private information from the breached computers, such as personal data, financial reports or other important documents. If their demands are not met, the hackers threaten to start releasing the stolen data on a dedicated leak site. To receive further information on how to pay the ransom, victims are instructed to visit another site, also hosted on the .onion network. The TOR web browser is necessary to open the two sites.

The full text of the note is:

'Your network has been breached and all data were encrypted.
Personal data, financial reports and important documents are ready to disclose.

To decrypt all the data and to prevent exfiltrated files to be disclosed at
hxxp://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
you will need to purchase our decryption software.

Please contact our sales department at:

hxxp://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/

To get an access to .onion websites download and install Tor Browser at:
hxxps://www.torproject.org/ (Tor Browser is not related to us)

Follow the guidelines below to avoid losing your data:

Do not modify, rename or delete *.key.grn21 files. Your data will be
undecryptable.

Do not modify or rename encrypted files. You will lose them.

Do not report to the Police, FBI, etc. They don't care about your business.
They simply won't allow you to pay. As a result you will lose everything.

Do not hire a recovery company. They can't decrypt without the key.
They also don't care about your business. They believe that they are
good negotiators, but it is not. They usually fail. So speak for yourself.

Do not reject to purchase. Exfiltrated files will be publicly disclosed.'