勒索病毒样本分析导航帖

    本帖汇总了在本论坛发布的勒索病毒样本分析帖，每个帖都对对应勒索并病毒的行为，加密算法进行了详细分析。
本帖将持续更新。
2022年8月发布

• LockBit3.0勒索病毒样本分析
• SafeSound勒索病毒样本分析
  

2022年5月发布

• TargetCompany(Mallox)勒索病毒样本分析
  

2022年4月发布

• Hive勒索病毒样本分析
  

2022年3月发布

• BlackCat勒索病毒样本分析
  

2021年11月发布

• Magniber勒索病毒样本分析
  

2021年8月发布

• Lockbit2.0勒索病毒样本分析
  

2021年7月发布

• CryLock勒索病毒样本分析
  

2021年5月发布

• DarkSide勒索病毒样本分析
• BeiJingCrypt勒索病毒样本分析
• Hakbit勒索病毒样本分析
• GandCrab勒索病毒样本分析
• CrysisV2勒索病毒样本分析
  

2020年11月发布

• VoidCrypt勒索病毒样本分析
  

2020年06月发布

• Avaddon勒索病毒样本分析
  

2020年05月发布

• BalaClava勒索病毒样本分析
  

2020年04月发布

• Snatch勒索病毒样本分析
• Snatch勒索病毒最新变种样本分析
• WannaRen勒索病毒样本 分析
  

2020年03月发布

• Teslarvng勒索病毒样本分析
• One-OAPlugins勒索病毒样本分析
• Ako勒索病毒样本分析
• Makop勒索病毒样本分析
• Shiva勒索病毒样本分析
  

2020年01月发布

• TellYouThePass勒索病毒样本分析
• SaveTheQuees勒索病毒样本分析
• Cl0P勒索病毒样本分析
• Cl0p最新变种样本分析
  

2019年12月发布

• Satan勒索病毒样本分析
• Nemty勒索病毒样本分析
• MZRevenge勒索病毒样本分析
• Maze勒索病毒样本分析
• Buran勒索病毒样本分析
  

2019年11月发布

• Sodinokibi勒索病毒样本分析
• chchbuy勒索病毒样本分析
• MedusaLocker勒索病毒样本分析
• Ouroboros勒索病毒样本分析
• FakeParadise勒索病毒样本分析
• Paradise勒索病毒样本分析
  

2019年10月发布

• Nemesis勒索病毒样本分析
• Stop勒索病毒样本分析
• phobos勒索病毒样本分析
• Crysis勒索病毒样本分析
  

2019年09月发布

• GlobeImposter勒索病毒样本分析
  

能不能解密的，请移步lesuobingdu.360.cn查询。上面展示能解密的就是能解密，不能的就是暂时无法解密。

赞！！！！

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:


Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
helpdatarestore@firemail.cc

Reserve e-mail address to contact us:
helpmanager@mail.ch

Your personal ID:
0215Asd4a7d6hUXAwb063FVSvpduAJzpx56TxR20n4gIgc3qYBVc

怎么没有这个GoGoogle的？？有大神分析一下啊，里面指向的邮件是newneo1312@protonmail.com这个叼毛

willettamoffat@yahoo.com
.Hermes666

CRYSIS2呢。有解决方案么？

这个是我电脑中的勒索病毒，请求大神帮忙支招，跪谢

.34c1u1lnf
指向网站 torproject.org

360社区

该死的rejg病毒，什么时候能解密啊

我有520病毒的exe文件，是否需要？可以提供给你

文件后缀vuujkwt这个是那种勒索病毒？查不到相关信息

.afvgkqvk这个后缀的病毒有解吗

后缀名.zftmlqg的病毒能解码吗》？？？

test

后缀lcoked病毒属于哪一种，能解码吗

后缀.ofoq病毒能解吗？

IMG_20190502_110926.jpg.yjbkjidck

这样的能解吗？

刚刚中招，diamond后缀，那个大神能破，悬赏2000

请问
后缀.360的勒索病毒能怎么恢复？

有没有能解密恢复后缀milovski-Q-b81d7c5a的大神在

后缀名 .INDIANGUY
---------------------------
Congratulations!
All your files have been encrypted with Our virus!
Your unique ID: LNPD6JDoyQW5aV3HQS7NOO2Yl3PdYIffkg62feU-LTM*Indianguy
You can buy fully decryption of your files
But before you pay, you can make sure that we can really decrypt any of your files.
The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files.
To do this:
1) Send your unique id LNPD6JDoyQW5aV3HQS7NOO2Yl3PdYIffkg62feU-LTM*Indianguy and max 3 files for test decryption
OUR CONTACTS
1.1)TOX messenger (fast and anonimous)
https://tox.chat/download.html
Install qtox
press sing up
create your own name
Press plus
Put there my tox ID
95CC6600931403C55E64134375095128F18EDA09B4A74B9F1906C1A4124FE82E4428D42A6C65
And add me/write message
1.2)Mail (write only in critical situations bcs your email may not be delivered or get in spam)
* indianguy@onionmail.org
In subject line please write your decryption ID: LNPD6JDoyQW5aV3HQS7NOO2Yl3PdYIffkg62feU-LTM*Indianguy
2) After decryption, we will send you the decrypted files and a unique bitcoin wallet for payment.
3) After payment ransom for Bitcoin, we will send you a decryption program and instructions.ALSO WE WILL GIVE YOU ADVICES TO DO SERVERS SAFE AND WHERE WAS YOUR MISTAKE
If we can decrypt your files, we have no reason to deceive you after payment.
FAQ:
Can I get a discount?
No. The ransom amount is calculated based on the number of encrypted office files and discounts are not provided. All such messages will be automatically ignored. If you really only want some of the files, zip them and upload them somewhere. We will decode them for free as proof.
What is Bitcoin?
read bitcoin.org
Where to buy bitcoins?
           https://www.alfa.cash/buy-crypto-with-credit-card (fastest way)
     binance.com  (harder but lower fees)
           buy.coingate.com
https://bitcoin.org/en/buy
https://buy.moonpay.io
or use google.com to find information where to buy it
Where is the guarantee that I will receive my files back?
The very fact that we can decrypt your random files is a guarantee. It makes no sense for us to deceive you.
How quickly will I receive the key and decryption program after payment?
As a rule, during 15 min
How does the decryption program work?
It's simple. You need to run our software. The program will automatically decrypt all encrypted files on your HDD.

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:

Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
support@freshmail.top

Reserve e-mail address to contact us:
datarestorehelp@airmail.cc

Your personal ID:
0681SUjhw5vYPkZSYhbZmKIE6eldMkoswGWwYBHPV1ErsuVGS

WARNING! YOUR FILES ARE ENCRYPTED!
Don’t worry, your files are safe, provided that you are willing to pay the ransom.
Any forced shutdown or attempts to restore your files with the thrid-party software will be damage your files permanently!
Do not rename your files. It will damage it.

The only way to decrypt your files safely is to buy the special decryption software from us.

Before paying you can send us up to 2 files for free decryption as guarantee. No database files for test.
Send pictures, text, doc files. (files no more than 1mb)

You can contact us with the following email

360recover@gmail.com
360support@cock.li

Send us this ID or this file in first email

ID: bkq4dzNgwDbMbytqO1tLrUizSEkl2NFyisnvSg+LcTM=:eabe2ccc05b64380968f75d35d3ab1f4f3f251239e03fbfda851cf24579bcd32