MedusaLocker勒索病毒家族详情
本帖最后由 Potato 于 2020-4-10 17:17 编辑相关阅读:Medusalokcer勒索病毒样本分析,我是链接请点我。
勒索病毒家族名称:MedusaLocker
是否支持解密:否
详情:
被加密文件:
被加密文件后缀格式: encrypted
勒索提示信息:
文件名:HOW_TO_RECOVER_DATA.html
文件内容 :
-------------------------------------------------------------------------------
All your data are encrypted!
What happened?
Your files are encrypted, and currently unavailable.
You can check it: all files on you computer has new expansion.
By the way, everything is possible to recover (restore), but you need to buy a unique decryptor.
Otherwise, you never cant return your data.
For purchasing a decryptor contact us by email:
Folieloi@protonmail.com
If you will get no answer within 24 hours contact us by our alternate emails:
Ctorsenoria@tutanota.com
What guarantees?
Its just a business. If we do not do our work and liabilities - nobody will not cooperate with us.
To verify the possibility of the recovery of your files we can decrypted 1 file for free.
Attach 1 file to the letter (no more than 10Mb). Indicate your personal ID on the letter:
BE8D716B4A90B94D87DE03FEA33DC48A575CB2BCB7C64F43482EA60707AF27A7D4DB73EB6CA9C1B3BA97BAA6EDC95E3BC9D3A95768BEDAD001D1861216928E1C
D9577CBBF4627FB0BE290B17C4D6870DF26EEFF88B0DD8C019464BA8DEB53EB87F33331191B9C5660FF8FD37129E4909D9C39A5CEC3BEF4E6F7A877548F1
618BBF8FC7F226691E246057AA5976E46591FB78E28E8A147C753FF907E670B743C1E2057BB6C1C67C9F4FCE0CFA913A5EF8FCCCD77A6571C0819E5AA9BC
A7F5532F78A452A6FB0C3F13B312BC742D84519C628160D956EBF605565B9189875D52B450E032D51C8EFFC5F43179CCE9F5E14ECB2A2BA3F89C18A82CD7
70833ED81C358C54428BC8F890C6211E961F34F16F2A1170915F3C42EEE90093AE7DD90D0EB4A7BD6904B868D3FF0992ECFC50C2F271CAD300409030FB21
712695574D253847EDB194305F35BB5682C5B49C1000EEA99FC87310174EA6BAFB6A61DA1DE0E72513D72F503D094828E17C4C913974D2AE1A607DDC9E50
9674F78BF4F55745210243FFE5D357E9334176F36045AA486C04568109AE6AC2DBA162B0ECD6E109B34144B99485BDD5E74451E1D438D2C0ED272C44DDE6
144AEF66BB23796CC6DF0F7122BE05BDF78A61B56E1CA065C2C0D95D962D6C3730D7569606DFD394757E682C3610C08900F5873A54C6B82CD5263A93D4F3
9D89DF6C04B89A5E0C2820D9DF7D
Attention!
- Attempts of change files by yourself will result in a loose of data.
- Our e-mail can be blocked over time. Write now, loss of contact with us will result in a loose of data.
- Use any third party software for restoring your data or antivirus solutions will result in a loose of data.
- Decryptors of other users are unique and will not fit your files and use of those will result in a loose of data.
- If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key.
-------------------------------------------------------------------------------
弹窗:
传播途径:
该勒索病毒家族从2019年10月份开始传播,目前主要通过暴破远程桌面口令后手动投毒。
远程桌面防护建议:
1. 建议设置长度为18位大小写加字符加数字最好每三个月更换一次密码
2. 卫士目前已经支持弱口令防护 除xp系统外 都支持
防护建议:
1.多台机器,不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性,并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制,并进行定期备份
4.定期检测系统和软件中的安全漏洞,及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括:
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件,并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件,如果已经被杀毒软件拦截查杀,不要添加信任继续运行。
家族:MedusaLocker
黑客邮箱:willyhill1960@protonmail.com,willyhill1960@tutanota.com
被加密文件后缀:encrypted
家族:MedusaLocker勒索病毒家族
黑客邮箱:sambolero@tutanoa.com,rightcheck@cock.li
被加密文件后缀: encrypted
勒索提示信息:
---------------------------------------------------------------------------------
All your data are encrypted!
What happened?
Your files are encrypted, and currently unavailable.
You can check it: all files on you computer has new expansion.
By the way, everything is possible to recover (restore), but you need to buy a unique decryptor.
Otherwise, you never cant return your data.
For purchasing a decryptor contact us by email:
sambolero@tutanoa.com
If you will get no answer within 24 hours contact us by our alternate emails:
rightcheck@cock.li
What guarantees?
Its just a business. If we do not do our work and liabilities - nobody will not cooperate with us.
To verify the possibility of the recovery of your files we can decrypted 1 file for free.
Attach 1 file to the letter (no more than 10Mb). Indicate your personal ID on the letter:
4736D57E5BF18095F38680466BF6F06F279BA2CFB167E26AAA2F8FA534243D206E8E75AE9328F11846C1E4780DD05111D73A165E1CAF9F626F57EBD799428ADF
6121B0CF0C1D588BEBE2914F7E988657BCC2D709CEF343E5953C7568B5D2E21AC7CCB97C6755F7476DC790F1BA818857B0A21FF2C4951F85BE3BBE5634AA
F4785B0E1B6EDB64F58447942FC7DAC845B20067B15C80C04A494B84FDD550C145C65B072E10963A459D4661FB9E07BE7D2AFC02BDA822B7DFBBAC036C5B
F238EE1A47A6B580E91C6906C1FE1551DD48AD3C89E5795C15470E368AB2AD36E54C5732FA8241993EFB793C7BF2729398C606E192763DC55D1FD915431A
373C4166BDB7B65FDD858644A9299D0DAE37059E6B2AD949A67FAD4F8AFFC49A90F78B88529A5E08530A2F9C58A10C81E741DF8163CBC911863153C4FCDB
3034E816EEF07F204A6A3B9850E4976D95890D988490021EC29AB2A7ADC357DB3F4B2EBF716D11AAF3A69DF205F0CE5EF7966D0A7D1A54EDED488902D39C
95A3B2E6F597794D00801B2F2A01D7BC4682C63F952051F7B269E8C001B63B5EC9834AA2DF347D0D54D7852BFC3D0AB8F7F3061527D97020575D8D40F082
8796E98F3E885103C87DD5A59B032305E296E46DDD7758C3AB9174E4F26A077F95E41788D733A2A58ACAD2B5AEE03091978C687537F25EDE4AA7C1D324FB
2DC27340CA3B61910A4AC7E964AD
Attention!
- Attempts of change files by yourself will result in a loose of data.
- Our e-mail can be blocked over time. Write now, loss of contact with us will result in a loose of data.
- Use any third party software 家族:MedusaLocker勒索病毒家族
黑客邮箱:crypt2020@outlook.com,cryptt2020@protonmail.com
被加密文件后缀:encrypted
本帖最后由 Potato 于 2019-11-11 10:32 编辑
家族:MedusaLocker勒索病毒家族
黑客邮箱:willyhill1960@protonmail.com,willyhill1960@tutanota.com
被加密文件后缀:readtheinstructions
家族:MedusaLocker勒索病毒家族
黑客邮箱:fartcool@protonmail.ch,bestcool@keemail.me
被加密文件后缀:ReadTheInstructions 家族:Medusalocker勒索病毒家族
黑客邮箱:goodmen@countermail.com,goodmen@cock.li
被加密文件后缀:encrypted18
您好 我的主机也中招了这个后缀,目前只有主机感染了,同一条网线内的其他电脑暂时没发现问题,都有装了360卫士,现在比较担心病毒会不会扩散到其他电脑,其他电脑里面的文档需要怎样操作才比较保险,如果有潜伏的病毒,有移动储存设备拷贝会不会把病毒也一起考了。主机中招的时候是突然蓝屏,以为是死机,重启后发现被锁了,后缀也是.ReadTheInstructions,现在打算换新的电脑,原先电脑的文档用什么方式转移到新设备才保险呢 谢谢 家族:Medusalocker勒索病毒家族
勒索提示信息:
All your data are encrypted! What happened?Your files are encrypted, and currently unavailable.You can check it: all files on you computer has new expansion. By the way, everything is possible to recover (restore), but you need to buy a unique decryptor.Otherwise, you never cant return your data.For purchasing a decryptor contact us by email:broccoli007@protonmail.com If you will get no answer within 24 hours contact us by our alternate emails:broccoli007@cock.li What guarantees?Its just a business. If we do not do our work and liabilities - nobody will not cooperate with us. To verify the possibility of the recovery of your files we can decrypted 1 file for free.Attach 1 file to the letter (no more than 10Mb). Indicate your personal ID on the letter: 1F7E2B3C3A3431D7ED370297920F320CBEAA3E543FFF1BF507FAC4A2080D0795E959EDF56AAC2A3D6742F6CE37FF5A548D4FC2834F7D452F81F787BA392AC666 8E82380D98BA8ADD884820FF8E8EC5B31D45E8F67ABD556EC2033061CECC558CBA7EBE44F238C487782C2B334947605922BEAD3C7D2A208F85397EBC6B18 48C38D03CA39DDDDC9361108A59E633F9E23C9F8DCA130353BEA1B8F37FB779A9C49720EAF4D39518CA56B0812EC49C4060DA8E31460862DD16C565FAC5B E8D52961217B06C58641BFF73F0AF7F6D3281820870EA332E132044D9ABC2464906FE819E6CC19D3D7DBC3F124C89E06A7AB05ADE06D0C248D401392C142 CDF59B9F51AFFBC7B4FDA8754DFAD7BBDA1B47A4F4D7EEC5AA6A71A09E722AD2B30806260AD1FA1C34F8085E4C0AFA1F44ADC24FB77101F4E7B392542B15 8AE9CFEDE9B6AAF340D37EC3D77AE3D1803F5E59F34A3AB5A9378615D16D017751CBCC062415F6787780EA47AB22805AF7C09CA0F522E1D2D513E841F292 00AE8C96FB4AE793F7913325C4274BCFD828DCB1D6A80E5A16F81895799A25EE5EF05A82FA6521CDFAB66B122EAE44E2ED9C4AD2FBA7C0E4BA35BD69F719 46170D4246991E90C59976B04E3947F2B58D233B81D8F24A4300F2E720A739D7263E527D122C19E66693E85043A0A098C4C605A09872D78C08BD4850FEB4 29F69F6B78F9F206385EF25CCE75Attention! - Attempts of change files by yourself will result in a loose of data.- Our e-mail can be blocked over time. Write now, loss of contact with us will result in a loose of data. - Use any third party software for restoring your data or antivirus solutions will result in a loose of data.- Decryptors of other users are unique and will not fit your files and use of those will result in a loose of data. - If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. 家族:Medusalocker勒索病毒家族
黑客邮箱:contaktesme@protonmail.com,contaktme@firemail.cc
被加密文件后缀:encrypted
家族:MedusaLocker勒索病毒家族
黑客邮箱AndrewMiller-1974@protonmail.com,BrianSalgado@protonmail.com
被加密文件后缀:ReadInstructions
勒索提示信息
---------------------------------------------------------------------------------
YOUR PERSONAL ID:
A9DF625C1AF9268AB02C78531F31E0849B6D0942F912B8ED1FDBEF4BF3185415C8199DF272B7D84E8541652ABE7503686A50DFC20D76BFFFE79AE3B9DB135584
290FEE65C92523AAB18E22AD558B878AC8907B3E078DAD367B59D3729A5181155A6D0E0834968C1CD962AE74C47E026C78040E0BA7974A450312011B1D97
FAC362EEC098311DF3F2C126A4D41CE2A321DF6A7749B54F3F10834D93CC020200BC6658EF7467AB3F96CDFC4CE457D86DE29366E395908CD65B572C44A2
CDF789122564C8375058F827E9907E729352A235CBA5436BEAB41763739631A0DFEE8BA4C9B1BF88ADD6FE948CDE81DDC121CC22257CF073BEED00CB6457
08785E852E2BFF6934D60AB5F6E901DA80F5B67074A4E691A6E479D26167298E1419B863B9734B949C6FC66EF43911BB8B2C9C7C994DFF8C05D2CBDDD772
6BE5CDBFE42CE1F4BFADEEA2B8C04B9D9F0D4369B4A0A9D89494C7C8EEABFC665007B8A4DE49D56F16716D591C6E179CE01D4D67F0B7196CACD25F882237
7C2F486A8313D2C58B2982C234B9D478E149C2A314E5284DEB292F80A813496A534B3F35D629C09D81B451FA3897606097FAA739D125AEB4935A94C36B13
6BCFDD4D152326964943766F1560679B33EA5956D059592FDD8D6D1E0AB3CDEDDEF92307DA55A8D6D89E50955CFD07DB28CB040A71A12629567AA88BA1CF
4C995796C606C02F84412025CA4F
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
ALL YOUR IMPORTANT FILES HAVE BEEN ENCRYPTED!
YOUR FILES ARE SAFE! JUST MODIFIED ONLY. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMENANTLY DESTROY YOUR FILE.
DO NOT MODIFY ENCRYPTED FILES. DO NOT RENAME ENCRYPTED FILES.
NO SOFTWARE AVAILABLE ON INTERNET CAN HELP YOU. WE ONLY HAVE
SOLUTION TO YOUR PROBLEM.
WE GATHERED HIGHLY CONFIDENTIAL/PERSORNAL DATA. THESE DATA
ARE CURRENTLY STORED ON A PRIVATE SERVER. THIS SERVER WILL BE
IMMEDIATELY DESTROYED AFTER YOUR PAYMENT. WE ONLY SEEK MONEY
AND DO NOT WANT TO DAMAGE YOUR REPUTATION. IF YOU DECIDE TO
NOT PAY, WE WILL RELEASE THIS DATA TO PUBLIC OR RE-SELLER.
YOU WILL CAN SEND US 2-3 NON-IMPORTANT FILES AND WE WILL
DECRYPT IT FOR FREE TO PROVE WE ARE ABLE TO GIVE YOUR FILES
BACK.
CONTACT US FOR PRICE (BITCOIN) AND GET DECRYPTION SOFTWARE.
AndrewMiller-1974@protonmail.com
BrianSalgado@protonmail.com
MAKE CONTACT AS SOON AS POSSIBLE. YOUR DECRYPTION KEY IS ONLY STORED
TEMPORARLY. IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.
---------------------------------------------------------------------------------
弹窗:
---------------------------------------------------------------------------------
家族:MedusaLocker勒索病毒家族
黑客邮箱:berstife@gmail.com
best@desharonline.top
被加密文件后缀:netwoekmaze 家族:MedusaLocker勒索病毒家族
黑客邮箱:panda.in.prada@outlook.com,panda.in.prada@tutanota.com
家族:Medusalocker
黑客邮箱:china2020@tutanota.com
家族:MedusaLocker
黑客邮箱:emergency911service@outlook.com 家族:MedusaLocker
被加密文件后缀:
黑客邮箱:readinstrucions 家族:MedusaLocker
被加密文件后缀:support
黑客邮箱:decrestore@cock.li 家族:MedusaLocker
被加密文件后缀:support
黑客邮箱:dec_restore@protonmail.com 家族:MedusaLocker
被加密文件后缀:deadfiles
黑客邮箱/Url:rescuer@cock.li 家族:MedusaLocker
被加密文件后缀:deadfiles
黑客邮箱/Url:rescuer@protonmail.com 家族:MedusaLocker
被加密文件后缀:deadfiles
黑客邮箱/Url:rescuer@cock.li 家族:MedusaLocker
被加密文件后缀:deadfiles
黑客邮箱/Url:rescuer@protonmail.com 家族:MedusaLocker
被加密文件后缀:deadfiles
黑客邮箱/Url:rescuer@cock.li 家族:MedusaLocker
被加密文件后缀:deadfiles
黑客邮箱/Url:rescuer@protonmail.com 家族:MedusaLocker
被加密文件后缀:diablo
黑客邮箱/Url:dec_helper@excic.com 家族:MedusaLocker
被加密文件后缀:diablo
黑客邮箱/Url:dec_helper@dremno.com
家族:MedusaLocker
被加密文件后缀:skynet
黑客邮箱/Url:dec_helper@dremno.com
有解密方式了吗? 家族:MedusaLocker
被加密文件后缀:ReadInstructions
黑客邮箱/Url:427336@protonmail.com 家族:MedusaLocker
被加密文件后缀:ReadInstructions
黑客邮箱/Url:945353@protonmail.com 家族:MedusaLocker
被加密文件后缀:netcn3
黑客邮箱/Url:dec_helper@dremno.com