Escal勒索病毒家族详情
勒索病毒家族名称:Escal勒索病毒家族是否支持解密:否
详情:
被加密文件:
被加密文件后缀格式: 修改文件后缀americanautoshield-uzcn6ds
勒索提示信息:
文件名:!!!americanautoshield!HOW-TO-RESTORE
文件内容 :
-------------------------------------------------------------------------------
Morning!
Good afternoon!
We encrypted all your data on all servers and pc.
Your network has been hacked.
All documents on each pc in the local network have been blocked with a new cryptoalgorithm.
backups were either encoded or removed. Shadow copies also lost.
DO NOT DELETE *.americanautoshield-uzcn6ds files.
DO NOT RENAME the encoded and readme files.
DO NOT RESET OR SHUTDOWN - files may be damaged.
This stuff I'm telling you could get to the impracticability of recovery your files
To get information how to recovery your data, contact us at:
gnidhyg@protonmail.com
clark.rotband@mailfence.com
We have downloaded your essential data. If you will not cooperate with us, your data will be sold on auction
To confirm our honest intentions we will decode few sample files.
You can send one-two data files with extension *.americanautoshield-uzcn6ds. Files must not hold critical data.
Files should be inside ZIP archive and mailed to us (subj : the name of the site or resource that uniquely identifies you).
It can be from different computers on your infrastructure to be sure we restore everything.
The procedure to decrypt the rest is simple:
After receiving the payment We will send you everything you need for decipher.
Don't waste time, send email with files bound ASAP.
If we do not do our business and commitments - nobody will not cooperate with our support. It's not in our interests.
It's just aworks. We absolutely do not care about you and your commitments, except getting money.
If you will not co-operate with our service - it won't make much difference to us. But you will lose your time and data, cause just we have the decoder.
if you exposure with the law, they fully STOP all busyness (mainly financial) of the organization until the end of the proceedings on their part.
-------------------------------------------------------------------------------
防护建议:
1.多台机器,不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性,并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制,并进行定期备份
4.定期检测系统和软件中的安全漏洞,及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括:
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件,并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件,如果已经被杀毒软件拦截查杀,不要添加信任继续运行。
页:
[1]