Paradise勒索病毒家族详情
本帖最后由 Potato 于 2020-4-28 16:07 编辑相关阅读:Paradise勒索病毒样本分析勒索病毒家族名字:Paradise
是否支持解密:V2版本不能解密。V1能解密
详情:
被加密文件:文件后缀会被修改为NewCore
勒索提示信息:
文件名:-=###_INFO_you_FILE_###=-.txt
文件内容:
---------------------------------------------------------------------------------
All your files have been blocked for more information, please contact us by e-mail.
E-Mail: info_newcore@p-security.liand info_newcore@protonmail.com
You PC id: eBjN5z
The faster you contact us the faster we can help you.
勒索提示弹窗:
窗口名:info_newcore@p-security.li
您好,
我看您的说明中【是否支持解密:否】,这个病毒还有等待解密文件的必要吗?
再次感谢您! 您好我也中了NewCore病毒,请问可以解密了吗
家族:Paradise
黑客邮箱:
被加密文件后缀:b29
勒索提示信息:
---------------------------------------------------------------------------------
Your files are encrypted!
Paradise Ransomware Team!
Your personal ID
vN6YLGIr
Your personal KEY you can find in file %AppData%/DP/DecryptionInfo.dp
WHAT HAPPENED!
•Your important files produced on this computer have been encrypted due a security problem.
•If you want to restore them, write to us by email.
•You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
•After payment we will send you the decryption tool that will decrypt all your files.
FREE DECRYPTION AS GUARANTEE!
•Before payment you can send us 1-3 files for free decryption.
•Please note that files must NOT contain valuable information.
•The file size should not exceed 1MB.
•As evidence, we can decrypt one file
HOW TO OBTAIN BITCOINS!
•The easiest way to buy bitcoin is LocalBitcoins site.
•You have to register, click Buy bitcoins and select the seller by payment method and price
•https://localbitcoins.com/buy_bitcoins/
•Also you can find other places to buy Bitcoins and beginners guide here:
•http://www.coindesk.com/information/how-can-i-buy-bitcoins/
•write to Google how to buy Bitcoin in your country?
Contact!
•e-mail:
•or
•e-mail:
Attention!
•Do not rename encrypted files
•Do not try to decrypt your data using third party software, it may cause permanent data loss
•You are guaranteed to get the decryptor after payment
•As evidence, we can decrypt one file
•Do not attempt to use the antivirus or uninstall the program
•This will lead to your data loss and unrecoverable
•Decoders of other users is not suitable to decrypt your files - encryption key is unique
---------------------------------------------------------------------------------
家族:Paradise勒索病毒家族
黑客邮箱:opensafezona@cock.li
被加密文件后缀:safe
勒索提示信息文件名:_BACK_FILES__.html 家族:Paradise勒索病毒家族
黑客邮箱:rdpunlocker1@cock.li
被加密文件后缀:safe 家族:Paradise勒索病毒家族
黑客邮箱:fiasco911@protonmail.com
被加密文件后缀:{fiasco911@protonmail.com}SDfghjkl 家族:Paradise
被加密文件后缀:{d7516@ya.ru}lock
黑客邮箱/Url:denis_help@inbox.ru 家族:Paradise
被加密文件后缀:{d7516@ya.ru}lock
黑客邮箱/Url:d7516@ya.ru 家族:Paradise
被加密文件后缀:paradise
黑客邮箱/Url:sstorm984@gmail.com 家族:Paradise
被加密文件后缀:Cukiesi
黑客邮箱/Url:agreemaster@tutanota.com 家族:Paradise
被加密文件后缀:Cukiesi
黑客邮箱/Url:agreemaster@protonmail.com 家族:Paradise
被加密文件后缀:honkai
黑客邮箱/Url:main@paradisenewgenshinimpact.top 家族:Paradise
被加密文件后缀:Paradise
黑客邮箱/Url:haymaker@qq.com
页:
[1]