本帖最后由 Potato 于 2020-4-10 17:17 编辑
相关阅读:Nemty勒索病毒样本分析,我是链接请点我!
勒索病毒家族名称:Nemty
是否支持解密:支持解密
详情:
被加密文件:
勒索提示信息:
文件名:NEMTY-DECRYPT.txt
文件内容 :
-------------------------------------------------------------------------------
---=== NEMTY PROJECT ===---
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on you computer has extension .nemty
By the way, everything is possible to restore, but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees? [+]
It's just a business. We absolutely do not care about you and your deals, except getting benefits.
If we do not do our work and liabilities - nobody will not cooperate with us.
It's not in our interests.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key.
In practise - time is much more valuable than money.
[+] How to get access on website? [+]
1) Download and install TOR browser from this site: https://torproject.org/
2) Open our website: zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion/pay
[+] Important [+]
When you open our website, upload configuration file from this folder: C:\Users\admin
-------------------------------------------------------------------------------
解密:
传播渠道:
Nemty勒索病毒最早是在2019年8月首次被发现,最初被发现是伪装自己成paypal网站,诱导用户下载程序;在2019年8月底发现该团队改用RIG漏洞利用工具进行传播,在2019年10月份发现该勒索病毒还通过Trik(又被叫做Phorpiex)垃圾邮箱僵尸网络进行传播。该垃圾邮箱僵尸网络已经存在10多年,被用来传播多种病毒木马。Nemty在1.6版本中新增尝试用硬编码到代码中的账户名和密码暴力破解共享文件夹密码模块,不断的再提高其自身的功能。防护建议:
1.多台机器,不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性,并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制,并进行定期备份
4.定期检测系统和软件中的安全漏洞,及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括:
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件,并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件,如果已经被杀毒软件拦截查杀,不要添加信任继续运行。
|
|
|
|
评论
直达楼层