[email protected] hacked me and stole my database. Help please!


Nov 15, 2023
Hi everyone,

Let me tell you the story of my last thursday from today:

I woke up and I checked that the site that I had: was down, I went to the backoffice and I see this message:

"All your data is backed up. You must pay 0.022 BTC to 14PYVptPexgRpHRm7SSrFMAyBKYymkRA55 In 48 hours, your data will be publicly disclosed and deleted. (more information: go to http://iplis.ru/data2)

After paying send mail to us: [email protected] and we will provide a link for you to download your data. Your DBCODE is: 2ODUE".

We have an EC2 instance running a web server with a MariaDB instance. The server was recently hit with a ransomware attack, and my production database is gone. There is no backup or snapshot configured, so no ability on my end and with my knowledge of linux servers to restore the database.

So our option was to trust on his note and make the payment. After that, this guy sent us another privnote (https://privnote.com/hidden#w8nHsUTPa) asking for the double of BTC for downloaded the database (the thing that was really important for us), we made the payment and we finally we downloaded the database but was encrypted (we aren't sure that is the real file) so then he sent us another privnote asking a little more of BTC for give us the password for open the file, that was our last chance for recover the data thru him, so we took the risk and we made this finally payment but nothing happened, then he asked us for a payment like x4 of everything we had already paid but we don't believed him.

Please, we need help in this. If anyone knows who can help us or have you ever had a similar experience, let me know! Or if someone can help me decrypt this file, I will really appreciate!

The site that we have provides an important and vital service for local NGOs who help disabled and vulnerable people, people who lives on streets, old people, among other.

Any help will be really appreciate.

