____ _ _ | _ \ _____ _| |__ (_)_ __ | | | |/ _ \ \/ / '_ \| | '_ \ | |_| | (_) > <| |_) | | | | | |____/ \___/_/\_\_.__/|_|_| |_|
Title:Sheriff the ransomware affiliate
Created:May 21st, 2023
Created by: DARKRABBIT
Views: 743
Comments: 0
Username: Anonymous - (Login)
Please note that all posted information is publicly available and must follow our TOS.
██████ ███████ ████████ ███████ ██ ██ ██████ ██████ ███████ ███████ ██████ ██████ ██ ████████ ██████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ███ █████ ██ █████ ███ ██████ ██ ██ ███████ █████ ██ ██ ██████ ██ ██ ██ ███████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ ███████ ██ ███████ ██ ██ ██ ██████ ███████ ███████ ██████ ██████ ██ ██ ██████ ██ ██ ██ ██ ██ ██████ ██████ █████ ████████ ███████ ███████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ ██ ██ ███████ ██ █████ ███████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ ██ ██████ ██ ██ ██ ███████ ███████ Alex has been quite active for being doxed, Admitting to it and being exposed and before you dick riding skids wanna talk some mad shit and support this piece of shit, You're a fucking idiot. Anyway, Sheriff or Alexander had admitted to joined AVOS after he got kicked my bad "Left" Lockbit following the hack on a Children's hospital in Canada. Know as "Sick Kids" This fucking dickhead Decide to continue the attacks and not even a month he got banned from Lockbit he attacked a Christian Charity Hospital like a little bitch, Like a fucking charity gots uber amounts of money? Following this: he got banned from Breach Forums for Multi-Accounting, and came out of hiding because of me? Strange. To date: Hive, Grand Crab, Lockbit, AVOS, Trickbot, DarkSide, ReVIL and more are groups he's worked for... Behind the scenes we confirmed he worked for lockbit thanks to French Researchers. We also than concluded he works with AVOS Locker via his own words sometime around January 4th, 2023. Alex's attacks are easy to pick out of 100's of Ransomware attacks due to their nature. His data sold for $3,000 and this is just his data. ██ ██ ██████ ██████ ██████ ███████ ████████ ██████ █████ ██ ███████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ █ ██ ██ ██ ██████ ██ ██ ███████ ██ ██ ██ ███████ ██ █████ ███ ██ ███ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ███ ███ ██████ ██ ██ ██████ ███████ ██ ██████ ██ ██ ███████ ███████ ██ ██ The US Government distinguishes me from Mr. Egert and even so you are a gold mine, From being raped by FBI-Dallas to being spanked out of east-new york to the States of Tennessee, Michigan & Florida you got bent over raped and won't recover, Also thanks to Alexsa back home... Really love my friends in the medical field seeing the dump of Medical Records hurt you the most. ██ ██ ██ ████████ ██ ██ ██████ ██ ██ ████████ ███████ ██ ██ ██████ ████████ ██ ██ ███████ ██████ █████ ██████ ██████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ █ ██ ██ ██ ███████ ██ ██ ██ ██ ██ █████ ██ ██ ██████ ██ ███████ █████ ██████ ███████ ██ ██ ██ ██ ██ ███ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ███ ███ ██ ██ ██ ██ ██████ ██████ ██ ██ ██████ ██ ██ ██ ██ ██ ███████ ██ ██ ██ ██ ██████ ██████ This uneducated "threat actor" has been online since 2015. He's been everywhere. From selling malware and spots on xss.is to being connected to GandCrab and REvil. He's now part of the ransomware scene, who has been very effective in its ransomware efforts. Quote Alex: "i work for multiple groups" "i cant tell you which groups but recently 2 of us joined together" Although he has little intelligence, he decided to use it for evil means, such as killing a baby in a hospital - https://threatpost.com/babys-death-linked-ransomware/175232/ Recently this person has engaged in subpoenaing Twitter with Emergency Data Requests for the purpose of obtaining private information of cybersecurity researchers in order to dox them and scare them into hiding, however this dox proves the simple fact that it's not hard to dox someone through legal means. He claimed to a user on telegram that they'd be 'his bitch' but here we are. He's now my bitch and every researchers bitch he got raped by legal OSINT methods. Here's some links to Tracking Sheriff down. https://s3.documentcloud.org/documents/21120139/govuscourts22million-ransom-seizure.pdf https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-follow-the-money/ https://underthebreach.medium.com/tracking-down-revils-lalartu-by-utilizing-multiple-osint-methods-2bf3a6c65a80 https://vk.com/@faketaun-gratsh Full name: Alexander Vitalievich Sikerin / Alexey Safargalievich Nigmatyanov Data Of Birth: 25 June 1998 / 2 July 1999 Address: M. Gorkogo 11a kv2 Moscow, Russia 111395 Phone: +7 952 220-69-04 Former Address: Malaya Bukharestskaya Ulitsa, 10к1, St Peterburg, Russia, 192288 Russian full name: Александр Витальевич Сикерин / Алексей Сафаргалиевич Нигматьянов Fake name: Александр Такер / Alexander Tucker / Zima Taker Other names: Aleksandr Sikerin, Alexander Sikerin, Oleksandr Sikerin Emails: engfog1337@gmail.com (RaidForums, Breached, Discord, Samsung, Adobe, Amazon, Skype) dronmiron@outlook.com (Skype) engfog@g**.*** (Twitter & TikTok) ipheap_user@protonmail.com protokol.xujaschk@yandex.ru (Amazon & Domain) responsible_disclosure11@protonmail.com 9636937495@inbox.ru (Fake Cash, Adobe, Skype) sabnots@yandex.ru (BTC-e, litrpg.ru, Miped, LastFM, Discord, Twitter) sabnots11@mail.ru fvfyvfyv86@mail.ru sabnots1@bk.ru (CFire, Twitter) sabnots12@mail.ru (Twitter) das_sad_2011@bk.ru (CFire) y.yasch@mail.ru (CFire) sabnots1998@mail.ru (CFire) sabnotssteam@yandex.ru (Discord, Gravatar, Amazon) porodaja@mail.ru ale*********@mail.ru (Personal & Backup email) vl*****@mail.ru (Skype) j2*****@trbvm.com (Temp mail) gor************@list.ru (other backup email) gratsh@bk.ru (OLD) nigaleks@mail.ru (seoclerks, Twitter, Amazon) nigaleks@rambler.ru (rambler) a.sikerin@mail.ru gratsh@inbox.ru XMPP: Lalartu@404.city (Old) lalartu@thesecure.biz (Old) lalartu@im.hot-chilli.net gratsh@exploit.im search_password@exploit.im sedsummer@zloy.im protokol@exploit.im protokol@zloy.im protokol@jabbim.cz sedo1@zloy.im jubaje@xmpp.jp sheriff@thesecure.biz (Current) Recovered Passwords: unlim1 989801yzQ qazwsxedc123Q qazwsxedc qazwsxedc1 qazwsxedc123 qazwsxedc123q 123123123 121212 121212aa 6907324 gblfhfc gfcc23 nigaleks nigaleks1 qwaszx zavavule g1b1l1f1h1f1c1 gfcc2323 6hnxdo63n8 Previous nicknames: Protokol ProtocolBHF Protok0l Marka Eng_Fog engfog Lalartu eazyfundz unindicted threat_actor apple Кемал Newbie Amazon gift 1$cpsd4 Erevan GrizzLey Sabnots КриветкА Aleeyt Ivetta Sabnots1 Ulfrie Sed_bard Sedo1 SedUlnoxBard Jubaje sabnots11 Sem GratshOne gra4iwka MrGratsh SSpshworld OP-Moroz xvids nigaleks Alex Tucker Alive IP: ISP: PJSC Vimpelcom / ER-Telecom Last known IPs: (Ukraine) (Ukraine) (Ukraine) (Russia) VPN: Skype: live:dronmiron / live:8b4f5dd5c752357c / dronmiron / dronmiron282 / uramiron2 / ivetta_mavrova / sabnots / ulfrie_bhf / lalartuodens1982 / arhiizverg / live:sabnots / bruteforcepro VK: https://vk.com/engfog (Deleted) / vk.com/id320641925 / vk.com/translatorss / vk.com/id138097380 / https://vk.com/sabnots / https://vk.com/id283974856 / https://vk.com/id166622981 / https://vk.com/id131014603 / https://vk.com/id481425772 MailRU: https://my.mail.ru/mail/nigaleks/ OKRU: https://ok.ru/profile/564805859636 TikTok: https://www.tiktok.com/@engfog Breached.co: @Sheriff / @Deborah / @rabota8311 Twitter: @engfog (Suspended) / @Sabnots Kiwi: 79967874901 WMR: R502407256528 Web Money: 520919600482 ImageStack: https://imageshack.com/user/engfog1337 Telegram: @wallstreet814 / @swiftsupp / @statbillionerom / @b376ded0 / @buyerlogs / @helpmaster228 / @ws88_1 / @Gratsh (OLD) Snapchat: @Protokol1337 Keybase: @pushinppushinp / @rabota_123 Exploit: Lalartu XSS: Lalartu, Newbie, Sheriff WWH-Club: Amazon gift RaidForums: Sheriff, unindicted, threat_actor Avito: https://www.avito.ru/user/3b51da533f08b5e22b24ab1519b75e0f/profile?id=976524648&src=item&page_from=from_item_card_icon&iid=976524648 Pikabu: @Protokol / @Sabnots Gravatar: https://en.gravatar.com/sabnots Minecraft: Sabnots cfire: https://cfire.ru/forums/member.php?username=sabnots YouTube: https://www.youtube.com/channel/UCGTkL3ZqZkkghwFUW6E0JvQ / https://www.youtube.com/channel/UC2fxexjRKYP_fp2-uM99DoQ / https://www.youtube.com/channel/UCaB_sC2R1Hf7tH3MctbZymw BitsMedia: https://forum.bits.media/index.php?/profile/99403-gratsh/ Mental Disorder: Autism Skin Complexion: Pale Shoe Size: US 8.5 Ethnicity: Caucasian Nationality: Ukrainian Habbits & Mannerisms: Nail biting (Fingers are deformed, as if he had been biting his fingers for a long time.) Living Conditions: Lives in a messy room, covered with cables and random shit Keyboard is dirty and covered in scum Old wallet: 1FCaevjmWeQ5EuqZuzbiz6bJSc84YwjacQ (BTC) Old wallet: 19QEC6muLY2FTHZ3JuJnVMCis5DhC9RUAs (BTC) Old Wallet: 1F2EbDu4FrPD95pVPRTcadtaPqNmcgdbsr (BTC) Current wallet: 1BtSE7AXX5RuRRcnbhiM3qBwMhEYwxqBsm (BTC) Coinbase Account: https://z.zz.fo/fFAbe.png (Has attempted logins on it). The Other Number: 89636937495 / +79158734233 SIM provider: Russia mobile (Tele2) / JSC Oblkom Phone type: iPhone Model: iPhone 10 XS Max Color: gray Built-in memory: 512 GB RAM: 4 GB Bluetooth ID: 40:BC:60:46:A5:58 Wi-Fi ID: 40:BC:60:41:E9:57 Computer Type: Desktop Operating System: Windows 10 Keyboard: Mechanical Logitec Desktop name: Alex's URU8000 Monitor: Samsung RU8000 Owned domains: darkluxury.net (Defunct) steamcomuncity.com (Defunct) payget.pro (Alive) Server Hoster: FirstVDS Client ID: 668422 Registration Date: 2018-01-26 Expenses Download: https://anonfiles.com/98SbBcZ0xd/var_expense_csv Previous workplace: MBOU "Secondary School No. 7" of the city of Reutov, Moscow Region Previous workplace site: http://s7reut.ru Previous Work name: Municipal budgetary educational institution "Secondary school No. 7" of the city of Reutov, Moscow Region Previous Work Address: Moscow region, Reutov, Sovetskaya street, 27 Previous Work Date: 2012 Previous Work Email: reutovsch7@mail.ru Current employment status: Unemployed Self-proclaimed work: "I work for my country" Main income: Ransomware & cyber crime (April 2022) Sanctions Bypass method: Payget.pro ownership and usage Convictions: None Arrests: 1 - 2022 / ReEvil connections - Russia Seizures: 1 - https://www.documentcloud.org/documents/21120139-govu Family connection: Grandmother Full name: Olga Krutilina Russian full name: Ольга Крутилина VK: https://vk.com/id141156246 Picture: https://sun9-44.userapi.com/c9511/u141156246/-6/x_aef678c5.jpg (2011) Family connection: Mother Full name: Svetlana Aleksandrovna Nigamatyanova Russian full name: Нигаматьянова Светлана Александровна VK: https://vk.com/id400992784 (Private) Picture: https://prnt.sc/-v9yrTTSU6vF Family connection: Father Full name: Rakhimyanovich Safargali Nigamatyanov Russian full name: Рахимьянович Сафаргали Нигаматьянов Picture: https://prnt.sc/EIkpaIDtx5bi Born: 02/16/1974 Could use a sanity check on this info too: Нигматьянов Алексей Сафаргалиевич 02.07.1999 (Nigmatyanov Alexey Safargalievich - self) Крутилин Михаил Александрович 31.01.1990 (Krutilin Mikhail Alexandrovich - brother) Alexandra Krutilina (Pudovkina) 04.01.1990 (sister in-law) Нигматьянов Светлана Александровна 18.08.1979 (Nigmatyanov Svetlana Alexandrovna / Svetlana Bogatyryova - mother) Крутилин Александр Федорович 13.09.1954 (Krutilin Alexander Fedorovich - grandfather) Крутилин Ольга Альбертовна 10.04.1958 (Krutilin Olga Albertovna - grandmother) Nigmatyanov Safargali Rakhimyanovich 16.02.1974 (father)