公司的文件服务器被黑了，打开SMB共享的文件夹，每个文件夹内都有一个txt格式的威胁信，内容如下

Your files are encrypted and can not be used
We have downloaded your confidential data and are ready to publish it on our blog
To return your files in work condition you need decryption tool
Follow the instructions to decrypt all your data

Do not try to change or restore files yourself, this will break them
If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB

How to get decryption tool:

1) Download and install TOR browser by this link: https://www.torproject.org/download/
2) If TOR blocked in your country and you can\'t access to the link then use any VPN software
3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin
4) Copy your private ID in the input field. Your Private key: 0A189E8A094DC2AF016F5B41
5) You will see payment information and we can make free test decryption here
   6)After payment, you will receive a tool for decrypting files, and we will delete the data that was taken from you

Our blog of leaked companies:
wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion

If you are unable to contact us through the site, then you can email us: mallox@onionmail.org
Waiting for a response via mail can be several days. Do not use it if you have not tried contacting through the site.

也是老套路了，加密所有文件，付款后才能解密，这种方式只对那种没有备份文件的公司才有些用处，我公司大概是有备份的，很快就恢复了

23.08.28补充
今天看见条新闻，赛门铁克披露了黑客团队Carderbee针对中国香港及部分亚洲区域的供应链攻击，此次攻击是通过Cobra DocGuard执行的，而这款软件是由一家名为亿赛通的中国公司开发的，作用是保护和加密文档，很不幸，我公司就使用了这款软件