Aware勒索软件家族详情

【家族名】
Win32/Ransom.Aware
[平台]   /   [主类型]  .  [家族名]
平台类型 :  Win32 Win64
威胁类型 : Ransom
【是否支持解密】
360解密大师：暂不支持
在线解密：暂不支持
【被加密文件】
修改文件后缀为


【勒索提示信息】：
文件内容
---------------------------------------------------------------------------------------------------------------------------
Your network has been breached. Data has been encrypted and stolen.
All systems reachable within your environment - servers, workstations, virtual machines, and network attached storage are affected.
Encryption was performed using secure cryptographic methods. Restoration without our assistance is not possible.
Attempts to recover data independently or with third-party tools may result in permanent data loss.
--- RESOLUTION ---
We can provide:
- A decryption tool
- Clear recovery instructions
- Report of how the attack was performed
- Deletion of stolen data
- No further attacks on your company
This offer is time limited.
--- VERIFICATION ---
Upon request, we will decrypt a few non-critical files to
demonstrate our capability.
--- NON-COMPLIANCE ---
Failure to establish contact may result in:
- Permanent loss of encrypted data
- Additional measures, including data disclosure
--- COMMUNICATION ---
All communication must occur through the secure channel provided. Do not contact law enforcement or external response teams, as this will not restore your systems.
1. Download Tor-Browser (www.torproject.org)
2. Visit URL: http://ui2uleaiisccbtcooyi34cy5u ... inusAwKGdp9wWSN2xuM
3. Enter Credentials: hDZX0BBfeZhRUgRq6PFdGboCr0URYyq*
---------------------------------------------------------------------------------------------------------------------------


修改桌面显示：




【防护建议】
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括：
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。