Potato 发表于 2020-2-28 18:57

Xorist勒索病毒家族详情

本帖最后由 Potato 于 2020-4-10 17:20 编辑

勒索病毒家族名称:Xorist勒索病毒家族
是否支持解密:否
详情:
被加密文件:
被加密文件后缀格式:

勒索提示信息:
文件名:HOW TO DECRYPT FILES.txt
文件内容 :
-------------------------------------------------------------------------------
YOUR SYSTEM IS LOCKED AND ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.
DON'T WORRY YOUR FILES ARE SAFE.
TO RETURN ALL TO NORMALLY YOU MUST BUY THE CERBER DECRYPTOR PROGRAM.
PAYMENTS ARE ACCEPTED ONLY THROUGH THE BITCOIN NETWORK.
YOU CAN GET THEM VIA ATM MACHINE OR ONLINE
https://coinatmradar.com/   (find a ATM)
https://www.localbitcoins.com/(buy instantly online any country)
THE PRICE FOR DECRYPTOR SOFTWARE IS 1.5 BTC
BTC ADRESS : 18Tymv8EpXorQgEtP5L6x1x93ZT9a8eSPw (where you need to make the payment)
VERRY IMPORTANT !
DO NOT TRY TO SCAN WITH ANTIVIRUS YOU RISK LOSING YOUR DATA .
ANTIVIRUSES ONLY DESTROY THE ENCRYPTED DATA , THEY DO NOT KNOW THE ALGORITH WITH WICH THE ENTIRE SYSTEM WAS ENCRYPTED.
THE ONLY WAY TO DECRYPT YOUR SYSTEM AND RETURN TO NORMAL IS TO BUY THE ORIGINAL DECRYPTOR SOFTWARE.
For more information : system_stop2020@tutanota.com   (24/7)
Subject : SYSTEM-LOCKED-ID: OSX1032020
-------------------------------------------------------------------------------
防护建议:
1.多台机器,不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性,并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制,并进行定期备份
4.定期检测系统和软件中的安全漏洞,及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括:
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件,并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件,如果已经被杀毒软件拦截查杀,不要添加信任继续运行。

Potato 发表于 2023-12-13 10:32

Hello

All your files have been encrypted
if you want to decrypt them you have to pay me 0.045 bitcoin.

Make sure you send the 0.045 bitcoins to this address:
bc1qygn239pmpswtge00x60ultpp6wymht64ggf5mk

If you don't own bitcoin, you can easily buy it from these sites:
www.coinmama.com
www.bitpanda.com
www.localbitcoins.com
www.paxful.com

You can find a larger list here:
https://bitcoin.org/en/exchanges

After sending the bitcoin, contact me at this email address:
protonis2023@tuta.io with this subject: PROTONIS0045-ID-PC8391923
After the payment has been confirmed,
you will get decryptor and decryption keys!

You will also receive information on how to defend against another ransomware attack
and the most important thing is your security hole through which we entered.

Attention!
Do not try other cheaper decryption options because nobody and nothing can
decrypt your files without the keys generated for your server,
you will lose time, money and your files forever!

Potato 发表于 2023-12-13 14:02

Hello

All your files have been encrypted
if you want to decrypt them you have to pay me 0.04 bitcoin.

Make sure you send the 0.04 bitcoins to this address:
bc1q8k2z7u5s9mx0jzcvtfmawg33drhuev5dj6uds7

If you do not own bitcoin, you can easily buy it from this sites:
www.coinmama.com
www.bitpanda.com
www.localbitcoins.com
www.paxful.com

You can find a larger list here:
https://bitcoin.org/en/exchanges

After you have sent the bitcoin contact me at one of these email addresses:
protix@tuta.io or protix@skiff.com with this subject: ID-PRo04-TiXKey777301022

After the payment has been confirmed,
you will receive the decryptor and the keys for decryption!

You will also receive information on how to defend yourself against another ransomware attack
and the most important thing that is your security hole through which i entered.

简简单单chao 发表于 2020-2-28 20:32

安全第一,就用360!

Potato 发表于 2020-4-22 18:08

家族:Xorist
特征数据:gula

Potato 发表于 2020-5-18 19:22

家族:Xorist
特征数据:Fast_Decrypt_and_Protect@Tutanota.com

Potato 发表于 2020-6-8 19:06

家族:Xorist
特征数据:hex911

Potato 发表于 2020-6-8 19:06

家族:Xorist
特征数据:bot

Potato 发表于 2020-6-11 19:04

家族:Xorist
特征数据:CrYo

Potato 发表于 2020-6-11 19:04

家族:Xorist
被加密文件后缀:CrYo
黑客邮箱:Cryoteons@protonmail.com

Potato 发表于 2020-6-11 19:04

家族:Xorist
特征数据:1Cc6m6b6mgks7e9cQBknNWQJj69x2y3U1

Potato 发表于 2020-6-24 14:49

家族:Xorist
被加密文件后缀:HEX911
黑客邮箱:H911X@yahoo.com

Potato 发表于 2020-6-24 14:49

家族:Xorist
特征数据:https://t.me/HEX911

Potato 发表于 2020-6-24 14:49

家族:Xorist
特征数据:1AxiJAhH3BnLg4ht6SfcH21BZzzoA5mXWX

Potato 发表于 2020-6-30 15:07

家族:Xorist
邮箱:tinxony@protonmail.com

Potato 发表于 2020-6-30 19:08

家族:Xorist
特征数据:tinxony@protonmail.com

Potato 发表于 2020-7-10 10:57

家族:Xorist
特征数据:16hQHgAjJTR7purjyJazdEmup8GRWEGhUV

Potato 发表于 2020-7-22 10:39

In your attention!!!

Hello, your server is very vulnerable, that's why you became a victim of ransomware
All your files are currently encrypted
However, there is also good news, the files can be decrypted if you pay 0.1 bitcoin.
All you have to do is follow the steps below.

Buy 0.1 bitcoin, you can easily buy bitcoin from this sites:
www.localbitcoins.com
www.paxful.com

Send the amount to this wallet: 1LTG4TiX9NyLSzyXQPFm6ANGRRAZH7D45R
After submitting, contact me at this email address: yakomoko@protonmail.com
With this subject: YAKOMOKO-391029301

Immediately after this you will receive an email with the keys and a small tutorial for decrypting the files.

Here's another list of where to buy bitcoin:
https://bitcoin.org/en/exchanges

Potato 发表于 2020-7-22 15:47

家族:Xorist
被加密文件后缀:YaKo.MoKo
黑客邮箱:yakomoko@protonmail.com

Potato 发表于 2020-7-22 15:47

家族:Xorist
特征数据:moko

Potato 发表于 2020-7-22 15:47

家族:Xorist
特征数据:YaKo.MoKo

Potato 发表于 2020-7-22 19:06

家族:Xorist
被加密文件后缀:YaKo.MoKo
黑客邮箱:yakomoko@protonmail.com

Potato 发表于 2020-7-22 19:06

家族:Xorist
特征数据:moko

Potato 发表于 2020-7-22 19:06

家族:Xorist
特征数据:YaKo.MoKo

Potato 发表于 2020-7-22 19:07

家族:Xorist
被加密文件后缀:YaKo.MoKo
黑客邮箱:yakomoko@protonmail.com

Potato 发表于 2020-7-22 19:07

家族:Xorist
特征数据:moko

Potato 发表于 2020-7-22 19:07

家族:Xorist
特征数据:YaKo.MoKo

Potato 发表于 2020-7-22 19:08

家族:Xorist
被加密文件后缀:YaKo.MoKo
黑客邮箱:yakomoko@protonmail.com

Potato 发表于 2020-7-22 19:08

家族:Xorist
特征数据:moko

Potato 发表于 2020-7-22 19:08

家族:Xorist
特征数据:YaKo.MoKo

Potato 发表于 2020-8-4 19:10

家族:Xorist
特征数据:ZaCaPa

Potato 发表于 2020-8-4 19:10

家族:Xorist
被加密文件后缀:ZaCaPa
黑客邮箱/Url:zacapa@cock.li
页: [1] 2 3 4 5
查看完整版本: Xorist勒索病毒家族详情