Potato 发表于 2023-4-24 18:55

RedAlert勒索软件家族详情

【家族名】
Win32/Ransom.
[平台]   /   [主类型].[家族名]
平台类型 :Win32 Win64
威胁类型 : Ransom
【是否支持解密】
360解密大师:暂不支持
在线解密:暂不支持
【被加密文件】
被加密文件后缀格式: 修改文件后缀为.Crypt


【勒索提示信息】:
文件名:readme_for_unlock.txt
文件内容 :
-------------------------------------------------------------------------------
Hello, www.site-name
Your network was penterated
We have encrypted your files and stole large amount of sensitive data, including:
- NDA contracts and data
- Financial documents, payrolls, bank statements
- Employee data, personal documents, SSN, DL, CC
- Customer data, contracts, purchase agreements, etc.
- Credentials to local and remote devices
And more...
Encryption is reverssible process, your data can be easily recovered with our help
We offer you to purchase special decryption software, payment includes decryptor, key for it and erasure of stolen data
If you understand all seriousness of this sutation and ready to cooperate with us, follow the next steps:
1) Download TOR Browser from https://torproject.org
2) Install and launch TOR Browser
3) Visit our webpage: hxxx://gwvueqclwkz3h7u75cks2wmrwymg3qemfyoyqs7vexkx7lhlteagmsyd.onion
On our webpage you will be able to purchase decryptor, chat with our support and decrypt few files for free
If you won't contact us in 72h we will start publishing stolen data in our blog part by part, DDoS site of your company and call employees of your company
We have analyzed financial documentation of your company so we will offer you the appropriate price
To avoid data loss and rising of the additional costs:
1) Don't modify contents of the encrypted files
2) Don't inform local authorities about this incident before the end of our deal
3) Don't hire recovery companies to negotiate with us
We guarantee that our dialogue will remain private and third-parties will never know about our deal
\%\%\%\%\%\%\%\%\%\%\%\%\%\%\% REDALERT UNIQUE IDENTIFIER START \%\%\%\%\%\%\%\%\%\%\%\%\%\%\%
-------------------------------------------------------------------------------
【赎金谈判页面】


【防护建议】
1.多台机器,不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性,并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制,并进行定期备份
4.定期检测系统和软件中的安全漏洞,及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括:
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件,并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件,如果已经被杀毒软件拦截查杀,不要添加信任继续运行。









页: [1]
查看完整版本: RedAlert勒索软件家族详情