Sodinokibi勒索病毒变种利用java漏洞进行传播
勒索病毒家族名称:Sodinokibi(小蓝屏)是否支持解密:否
详情:
被加密文件:被加密文件后缀为随机后缀
You are infected! Read 2d8alx03-HOW-TO-DECRYPT.txt
勒索提示信息:
文件名:后缀-HOW-TO-DECRYPT.txt
文件内容:
-------------------------------------------------------------------------------
--=== Welcome. Again. ===---
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on you computer has expansion 2d8alx03.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/3C010C84443C4B74
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decryptor.top/3C010C84443C4B74
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
Key:
w/QwUCRJeqtbkV9ALpT9ch35H40wzqiDTM9QHDI+OJmsQafbuw9g8HqgjkjDDvVW
5NKeI1RfXmla62ED8S9RDiew2j0WVbA7QS6jY5m9D761wmaiZPF61wgeijprOgC6
EqHB8nH9ruJMFlN6RLXF650Kbdc34YonDQxRHnZtIL/PpcMgiWZr5XhtKcH5Zxi+
TcGYZWGv35JDQfSSwQ0xVsgL5IvFxWg2qJBbJKaYVYOxYHi6ODjPJen70CzPoEl4
sDM3JE3h4/PdfB1tIGJjshVR5kB32trUvMEqn8v6LcMpZuZH1QBMWfxy6vkKkN6F
R6ocmoeZNvLuBll86cAcjUwVNoQEeefuyAe26rUQkpewYyEDAgTiWUe9+HEIUqyB
7tpKJPLOsGcun8w+vKhn3k+OOXHy9YW/7goCqw9L7ELszgDX+TMQqFdTrQ4uYxyl
ui1qKrS7Wqst4+shu8Rgtel0BAjc196i5ZRLISHrWkq8ObcqW7W5v/pyrPk24Qs9
IuMLU7Xww9RRrkxTeaYBNakAUZwPtAVX21ul2VacTILwdUagnONmQpdGF/rt2Wdm
InM2SNAPSs8X8yoey6mPV6DHMDNhxsJpwl0MEfJx+ZsZcZJR+Yi1aLI4ldsFWZvw
yUUVcu4bW2FvDuFci0pdSLyL/yQg5juecbtUZzIxlgJB0cuhDlKytAKA/1qSN44/
7TcQYDZVDYygk5ONfS5Xeg6B3f96FsFlesfqU+IfoxIn1TT5vee3SOwUn+POLAO4
zUpJ7gDI77w6fceI2bh5IffrsE2gIozaxyTFtnUk0EjR83Q+km1dpY/ASlhIXwqt
lGzkSswkheo+UoGZ0AnBLeT24frhRCbEKh2PZoAKk9QdUIR56dBJVPCkWaJEgMP+
g6IsUi/4W4skfUjJ2zV2DUUD0LpJYi5xAZ7qD9ef0yPWmSIiL7N+HXsWYPLOX+ex
Wr/A6qLK4X6k/GPq+8iItumrRdogHH/CVOIswynUlXaVebsOS9x8KkDi60R+BQXT
S1tk8oV1RjLKEiIFguXTgu2FGiGkzBljjc5tQ8I2kHOmTrX2rrX9EXQmAQfSCVUg
chVKsmM+vcfcdYk4TfKEuFPX/3a2RJ05aGuRPfVuX65KCSbsWIjfprbEJPZjnyfU
dkDU9Bz0izpg2CxVs2iVqPEkyqCvL95L1F83BAE0ctz/MLSMbuRL9oxzQq1qMwV4
wwlcF4qWgmLBHQHyiGBWxR1CBvRcO74O/kUxZ4Rhc4y1LqofsN+72DUX0wiHzqrY
gCYerMSOKzKsCbfqiSGym5VPsPk64vE6ThTj204/+oNeuZIquy8=
Extension name:
2d8alx03
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
-------------------------------------------------------------------------------
传播途径:
Sokidinokib于2019年4月底开始进行传播,当时主要利用Weblogic漏洞(CVE-2019-2725) CVE-2019-2725))进行传播。传播一段时间后开始通过邮件僵尸网络发布大量的垃圾邮件冒充DHL(声称受害者用户的快递将无限期延迟)或网警(声称用户公司使用过的照片涉及到侵权要求进行赔偿)向用户发送带有勒索病毒的邮件附件,诱导用户运行。同时检测到在2019年8月20号开始通过java漏洞开始进行传播。
防护:
1.漏洞防护 安装360安全卫士,并下载安装官网发布的补丁
2.邮件传播 安装360安全卫士
其他防护建议:
1. 多台机器,不要使用相同的账号和口令
2. 登录口令要有足够的长度和复杂性,并定期更换登录口令
3. 重要资料的共享文件夹应设置访问权限控制,并进行定期备份
4. 定期检测系统和软件中的安全漏洞,及时打上补丁。
5. 定期到服务器检查是否存在异常。查看范围包括:
a) 是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d) 杀毒软件是否存在异常拦截情况
6. 安装安全防护软件,并确保其正常运行。
7. 从正规渠道下载安装软件。
8. 对不熟悉的软件,如果已经被杀毒软件拦截查杀,不要添加信任继续运行。
页:
[1]