请使用手机微信扫码安全登录

切换账号密码登录

绑定手机号

应国家法规对于账号实名的要求,请您在进行下一步操作前,需要先完成手机绑定 (若绑定失败,请重新登录绑定)。了解更多

不绑定绑定手机号

360官网 | 360商城

推荐论坛版块活动360粉丝商城众测粉丝轰趴馆常见问题
本帖最后由 Potato 于 2022-8-9 11:42 编辑
相关阅读:
Lockbit2.0勒索病毒样本分析
LockBit3.0勒索病毒样本分析
勒索病毒家族名称:LockBit勒索病毒家族
是否支持解密:否
详情:
被加密文件:
被加密文件后缀格式: 后缀被修改为.lockbit

360社区

360社区

勒索提示信息:
文件名:Restore-My-Files.txt
文件内容 :
-------------------------------------------------------------------------------
All your important files are encrypted!
Any attempts to restore your files with the thrid-party software will be fatal for your files!
RESTORE YOU DATA POSIBLE ONLY BUYING private key from us.
There is only one way to get your files back:

| 1. Download Tor browser - https://www.torproject.org/ and install it.
| 2. Open link in TOR browser - http://lockbitks2tvnmwk.onion/?D0407AC9D97C78CB877AF2CD7347934A
This link only works in Tor Browser!
| 3. Follow the instructions on this page


###  Attention! ###
# Do not rename encrypted files.
# Do not try to decrypt using third party software, it may cause permanent data loss.
# Decryption of your files with the help of third parties may cause increased price(they add their fee to our)
# Tor Browser may be blocked in your country or corporate network. Use https://bridges.torproject.org
# Tor Browser user manual https://tb-manual.torproject.org/about
-------------------------------------------------------------------------------
防护建议:
1.多台机器,不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性,并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制,并进行定期备份
4.定期检测系统和软件中的安全漏洞,及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括:
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件,并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件,如果已经被杀毒软件拦截查杀,不要添加信任继续运行。

共 44 个关于Lockbit勒索病毒家族详情的回复 最后回复于 2024-5-20 11:10

评论

直达楼层

Potato 产品答疑师 楼主 发表于 2020-8-4 16:16 | 显示全部楼层 | 私信
lockbit支付页面

360社区

360社区



Potato 产品答疑师 楼主 发表于 2021-6-17 16:35 | 显示全部楼层 | 私信

360社区

360社区

Potato 产品答疑师 楼主 发表于 2022-8-4 15:23 | 显示全部楼层 | 私信
~~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~

>>>>> Your data is stolen and encrypted.
If you don't pay the ransom, the data will be published on our TOR darknet sites. Keep in mind that once your data appears on our leak site, it could be bought by your competitors at any second, so don't hesitate for a long time. The sooner you pay the ransom, the sooner your company will be safe.

Tor Browser Links:
http://lockbitapt2d73krlbewgv27t ... yieto7u4ncead.onion
http://lockbitapt2yfbt7lchxejug4 ... 4l3azl3gy6pyd.onion
http://lockbitapt34kvrip6xojyloh ... bsywnzsbdguqd.onion
http://lockbitapt5x4zkjbcqmz6frd ... sspnlidyvd7qd.onion
http://lockbitapt6vx57t3eeqjofwg ... a5uuccip4ykyd.onion
http://lockbitapt72iw55njgnqpymg ... 4m7i42artsbqd.onion
http://lockbitaptawjl6udhpd323ue ... sezs4fqgpjpid.onion
http://lockbitaptbdiajqtplcrigzg ... d5r4w2agyekqd.onion
http://lockbitaptc2iq4atewz2ise6 ... qax262kgtzjqd.onion

Links for normal browser:
http://lockbitapt2d73krlbewgv27t ... to7u4ncead.onion.ly
http://lockbitapt2yfbt7lchxejug4 ... azl3gy6pyd.onion.ly
http://lockbitapt34kvrip6xojyloh ... wnzsbdguqd.onion.ly
http://lockbitapt5x4zkjbcqmz6frd ... nlidyvd7qd.onion.ly
http://lockbitapt6vx57t3eeqjofwg ... uccip4ykyd.onion.ly
http://lockbitapt72iw55njgnqpymg ... i42artsbqd.onion.ly
http://lockbitaptawjl6udhpd323ue ... s4fqgpjpid.onion.ly
http://lockbitaptbdiajqtplcrigzg ... 4w2agyekqd.onion.ly
http://lockbitaptc2iq4atewz2ise6 ... 262kgtzjqd.onion.ly

>>>>> What guarantee is there that we won't cheat you?
We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will provide you with decryption software and destroy the stolen data. After you pay the ransom, you will quickly make even more money. Treat this situation simply as a paid training for your system administrators, because it is due to your corporate network not being properly configured that we were able to attack you. Our pentest services should be paid just like you pay the salaries of your system administrators. Get over it and pay for it. If we don't give you a decryptor or delete your data after you pay, no one will pay us in the future. You can get more information about us on Ilon Musk's Twitter https://twitter.com/hashtag/lockbit?f=live

>>>>> You need to contact us and decrypt one file for free on TOR darknet sites with your personal ID

Download and install Tor Browser https://www.torproject.org/
Write to the chat room and wait for an answer, we'll guarantee a response from you. If you need a unique ID for correspondence with us that no one will know about, tell it in the chat, we will generate a secret chat for you and give you his ID via private one-time memos service, no one can find out this ID but you. Sometimes you will have to wait some time for our reply, this is because we have a lot of work and we attack hundreds of companies around the world.

Tor Browser Links for chat:
http://lockbitsupa7e3b4pkn4mgkgo ... 7i6jeetsia3qd.onion
http://lockbitsupdwon76nzykzblcp ... xabtapqvmzqqd.onion
http://lockbitsupn2h6be2cnqpvncy ... mtxdvjoqlp7yd.onion
http://lockbitsupo7vv5vcl3jxpsdv ... hh6oze7c6xjad.onion
http://lockbitsupq3g62dni2f36snr ... fw3draxk6gwqd.onion
http://lockbitsupqfyacidr6upt6nh ... 6xy3frthvr3yd.onion
http://lockbitsupt7nr3fa6e7xyb73 ... iabj4uwvzapqd.onion
http://lockbitsupuhswh4izvoucoxs ... g6u33zfvq3oyd.onion
http://lockbitsupxcjntihbmat4rrh ... 5r3xafhviyhqd.onion

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>> Your personal ID: CD95FDEBA4FE69C2B3FDB61F4059C990 <<<<<
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

>>>>> Warning! Do not delete or modify encrypted files, it will lead to problems with decryption of files!

>>>>> Don't go to the police or the FBI for help and don't tell anyone that we attacked you.
They won't help and will only make things worse for you. In 3 years not a single member of our group has been caught by the police, we are top notch hackers and we never leave a trail of crime. The police will try to prohibit you from paying the ransom in any way. The first thing they will tell you is that there is no guarantee to decrypt your files and remove stolen files, this is not true, we can do a test decryption before paying and your data will be guaranteed to be removed because it is a matter of our reputation, we make hundreds of millions of dollars and are not going to lose our revenue because of your files. It is very beneficial for the police and FBI to let everyone on the planet know about your data leak because then your state will get the fines budgeted for you due to GDPR and other similar laws. The fines will be used to fund the police and the FBI, they will eat more sweet coffee donuts and get fatter and fatter. The police and the FBI don't care what losses you suffer as a result of our attack, and we will help you get rid of all your problems for a modest sum of money. Along with this you should know that it is not necessarily your company that has to pay the ransom and not necessarily from your bank account, it can be done by an unidentified person, such as any philanthropist who loves your company, for example, Elon Musk, so the police will not do anything to you if someone pays the ransom for you. If you're worried that someone will trace your bank transfers, you can easily buy cryptocurrency for cash, thus leaving no digital trail that someone from your company paid our ransom. The police and FBI will not be able to stop lawsuits from your customers for leaking personal and private information. The police and FBI will not protect you from repeated attacks. Paying the ransom to us is much cheaper and more profitable than paying fines and legal fees.

>>>>> What are the dangers of leaking your company's data.
First of all, you will receive fines from the government such as the GDRP and many others, you can be sued by customers of your firm for leaking information that was confidential. Your leaked data will be used by all the hackers on the planet for various unpleasant things. For example, social engineering, your employees' personal data can be used to re-infiltrate your company. Bank details and passports can be used to create bank accounts and online wallets through which criminal money will be laundered. On another vacation trip, you will have to explain to the FBI where you got millions of dollars worth of stolen cryptocurrency transferred through your accounts on cryptocurrency exchanges. Your personal information could be used to make loans or buy appliances. You would later have to prove in court that it wasn't you who took out the loan and pay off someone else's loan. Your competitors may use the stolen information to steal technology or to improve their processes, your working methods, suppliers, investors, sponsors, employees, it will all be in the public domain. You won't be happy if your competitors lure your employees to other firms offering better wages, will you? Your competitors will use your information against you. For example, look for tax violations in the financial documents or any other violations, so you have to close your firm. According to statistics, two thirds of small and medium-sized companies close within half a year after a data breach. You will have to find and fix the vulnerabilities in your network, work with the customers affected by data leaks. All of these are very costly procedures that can exceed the cost of a ransomware buyout by a factor of hundreds. It's much easier, cheaper and faster to pay us the ransom. Well and most importantly, you will suffer a reputational loss, you have been building your company for many years, and now your reputation will be destroyed.

Read more about the GDRP legislation::
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
https://gdpr.eu/what-is-gdpr/
https://gdpr-info.eu/

>>>>> Don't go to recovery companies, they are essentially just middlemen who will make money off you and cheat you.
We are well aware of cases where recovery companies tell you that the ransom price is 5 million dollars, but in fact they secretly negotiate with us for 1 million dollars, so they earn 4 million dollars from you. If you approached us directly without intermediaries you would pay 5 times less, that is 1 million dollars.

>>>> Very important! For those who have cyber insurance against ransomware attacks.
Insurance companies require you to keep your insurance information secret, this is to never pay the maximum amount specified in the contract or to pay nothing at all, disrupting negotiations. The insurance company will try to derail negotiations in any way they can so that they can later argue that you will be denied coverage because your insurance does not cover the ransom amount. For example your company is insured for 10 million dollars, while negotiating with your insurance agent about the ransom he will offer us the lowest possible amount, for example 100 thousand dollars, we will refuse the paltry amount and ask for example the amount of 15 million dollars, the insurance agent will never offer us the top threshold of your insurance of 10 million dollars. He will do anything to derail negotiations and refuse to pay us out completely and leave you alone with your problem. If you told us anonymously that your company was insured for $10 million and other important details regarding insurance coverage, we would not demand more than $10 million in correspondence with the insurance agent. That way you would have avoided a leak and decrypted your information. But since the sneaky insurance agent purposely negotiates so as not to pay for the insurance claim, only the insurance company wins in this situation. To avoid all this and get the money on the insurance, be sure to inform us anonymously about the availability and terms of insurance coverage, it benefits both you and us, but it does not benefit the insurance company. Poor multimillionaire insurers will not starve and will not become poorer from the payment of the maximum amount specified in the contract, because everyone knows that the contract is more expensive than money, so let them fulfill the conditions prescribed in your insurance contract, thanks to our interaction.

>>>>> If you do not pay the ransom, we will attack your company again in the future.
Potato 产品答疑师 楼主 发表于 2023-12-13 11:18 | 显示全部楼层 | 私信

IP属地: 北京市


            ~~~ computer has been compromised ~~~

>>>> Your data are stolen and encrypted

        The data will be published on TOR website if you do not pay the ransom

        my contact information:
        Telegram: https://t.me/AMPLEADIN
        MAIL: TAXASFSHWKASJFBUWBSJA@protonmail.com
        You need to pay 1000000 usdt



>>>> What guarantees that we will not deceive you?

        We are not a politically motivated group and we do not need anything other than your money.
   
        If you pay, we will provide you the programs for decryption and we will delete your data.
        Life is too short to be sad. Be not sad, money, it is only paper.
   
        If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future.
        Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment.
   
       

>>>> The ransom you need to pay

        You need to pay 1000000 usdt

       
>>>> I hope you will contact as soon as possible

>>>> He will be deleted the next day

>>>> Warning! If you do not pay the ransom we will attack your company repeatedly again!


>>>> comminicate
        Please contact me as soon as possible:
       
        https://t.me/AMPLEADIN  
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
        http://lockbitaptoofrpignlz6dt2w ... ntxad5lmyd.onion.ly
Potato 产品答疑师 楼主 发表于 2023-12-13 11:18 | 显示全部楼层 | 私信

IP属地: 北京市


############## YOUR FILES WERE ENCRYPTED  ##############
--
YOUR FILES ARE SAFE! ONLY MODIFIED :: AES
WE STRONGLY RECOMMEND you NOT to use any Decryption Tools.
These tools can damage your data, making recover IMPOSSIBLE.
Also we recommend you not to contact data recovery companies.
They will just contact us, buy the key and sell it to you at a higher price.
If you want to decrypt your files, you have to get RSA private key.
--
The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files.
We guarantee that you can recover all your files safely and easily. All you.
need to do is submit the payment and purchase the decryption software.
--
OUR EMAIL ADDRESS
  Q6uBdWWuu4@proton.me
  quvn5llxkk@mailfence.com
  JnSeYvZw34@onionmail.org
  Hw2k0SZdxa@msgsafe.io

And send us your id: FDAB251EED112FD1B3B3B3B4B4B4B4B4
--
HOW to understand that we are NOT scammers?
Before paying you can send us up to 2 files for free decryption.
The total size of files must be less than 5MB(non archived).
Files should not contain valuable information. (databases, backups, large excel sheets, etc.)
--
Please contact us within 3 days to purchase the decryption software, otherwise the price of the decryption software will be doubled.
########################################################
Potato 产品答疑师 楼主 发表于 2023-12-13 11:19 | 显示全部楼层 | 私信

IP属地: 北京市


Your ID: D15622D73ACBA26F8D0EF1EF93002A4C

[en | English]
Your files has been encrypted!

>>> What's happened?
  ALL YOUR FILES ARE STOLEN AND ENCRYPTED.
  To recovery your data and not to allow data leakage, it is possible only through purchase of a private key from us.

>>> What guarantees?
  Before paying you can send us up to 2 files for free decryption.
  The total size of files must be less than 2MB(non archived).
  files should not contain valuable information. (databases, backups, large excel sheets, etc.)

>>> CONTACT US:
  Please write an email to all: Hw2k0SZdxa@msgsafe.io & JnSeYvZw34@onionmail.org & pGU2NJ4TQk@mail2tor.com
  Write your ID in the title of your message

>>> ATTENTION!
  Do not rename or modify encrypted files.
  Do not try to decrypt using third party software, it may cause permanent data loss.
  Decryption of your files with the help of third parties may cause increased price(they add their fee to our).
  We use strong encryption, nobody can restore your files except us.
  The price depends on how fast you contact with us.
  remember to hurry up, within 24 hours the private key is worth $2000 USD in bitcoins (BTC), after 24 hours send an email inquiry.
  All your stolen data will be loaded into cybercriminal forums/blogs if you do not pay ransom.
  If you do not pay the ransom we will attack your company repeatedly again.

[cn | Chinese]
你的文件已经被加密了!

>> 发生了什么事?
  你的所有文件都被盗并被加密。
  为了恢复你的数据,不允许数据泄漏,只有通过向我们购买私人密钥才能实现。

>> 什么保证?
  在付款之前,你可以向我们发送最多2个文件,以便免费解密。
  文件的总大小必须小于2MB(非归档)。
  文件不应包含有价值的信息。(数据库、备份、大的EXCEL表等)

>> 联系我们:
  请写一封邮件给所有:Hw2k0SZdxa@msgsafe.io & JnSeYvZw34@onionmail.org & pGU2NJ4TQk@mail2tor.com
  在信息的标题中写上你的ID

>> 注意!
  不要重命名或修改加密的文件。
  不要尝试使用第三方软件解密,这可能会导致永久性数据丢失。
  在第三方的帮助下解密您的文件可能会导致价格上涨(他们在我们的基础上增加他们的费用)。
  我们使用强大的加密技术,除了我们,没有人可以恢复你的文件。
  价格取决于你与我们联系的速度。
  记得抓紧时间,在24小时内,私人密钥价值2000美元的比特币(BTC),24小时后发送电子邮件查询。
  如果你不支付赎金,你所有被盗的数据将被加载到网络犯罪的论坛/博客。
  如果你不支付赎金,我们将再次反复攻击你的公司。
Potato 产品答疑师 楼主 发表于 2023-12-13 11:25 | 显示全部楼层 | 私信

IP属地: 北京市


Hello Leedarson!
Your files have been stolen from your network and encrypted with a strong algorithm. We work for money and are not associated with politics. We are not associated with LockBit although we use their reliable locker.
All you need to do is contact us and pay.


Our communication process:
1. You contact us via email or Tox.
2. We send you a list of files that were stolen
3. We decrypt 3 files to confirm that our decryptor works.
4. We agree on the amount, which must be paid using BTC.
5. We delete your files, we give you a decryptor.
6. We give you a detailed report on how we compromised your company, and recommendations on how to avoid such situations in the future.
   
Recommendations:
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.

Contacts:
Email: unrasolo1970@proton.me
Tox:   1C054B722BCBF41A918EF3C485712742088F5C3E81B2FDD91ADEA6BA55F4A856D90A65E99D20
  
* If you want to contact us via Tox you need to download it from this link: https://github.com/qTox/qTox/rel ... -x86_64-release.exe

YOUR ID: E309B6BED9024A514442A832128CF4A7

If you refuse to pay or do not get in touch with us, we start publishing your files.
After 7 days the email will no longer be available, and the opportunity to receive the decryptor will also no longer be available.
Potato 产品答疑师 楼主 发表于 2023-12-13 11:28 | 显示全部楼层 | 私信

IP属地: 北京市


            
                                                  YOUR FILES ARE ENCRYPTED!!!

For data recovery contact us you will need to pay us:
gameovercreation@cock.li
caypishijistor29@gmx.com
1. In the first letter, indicate your personal ID!
2. In response, we will send you instructions.



       
>>>> Your personal DECRYPTION ID: 8FAB6E0C0F8970F7E02F65A6975F787A
Potato 产品答疑师 楼主 发表于 2023-12-13 16:52 | 显示全部楼层 | 私信

IP属地: 未知


Hello Leedarson!
Your files have been stolen from your network and encrypted with a strong algorithm. We work for money and are not associated with politics. We are not associated with LockBit although we use their reliable locker.
All you need to do is contact us and pay.


Our communication process:
1. You contact us via email or Tox.
2. We send you a list of files that were stolen
3. We decrypt 3 files to confirm that our decryptor works.
4. We agree on the amount, which must be paid using BTC.
5. We delete your files, we give you a decryptor.
6. We give you a detailed report on how we compromised your company, and recommendations on how to avoid such situations in the future.
   
Recommendations:
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.

Contacts:
Email: unrasolo1970@proton.me
Tox:   1C054B722BCBF41A918EF3C485712742088F5C3E81B2FDD91ADEA6BA55F4A856D90A65E99D20
  
* If you want to contact us via Tox you need to download it from this link: https://github.com/qTox/qTox/rel ... -x86_64-release.exe

YOUR ID: E309B6BED9024A5144944A84B40B7B10

If you refuse to pay or do not get in touch with us, we start publishing your files.
After 7 days the email will no longer be available, and the opportunity to receive the decryptor will also no longer be available.
Potato 产品答疑师 楼主 发表于 2023-12-13 16:53 | 显示全部楼层 | 私信

IP属地: 北京市


YOUR NETWORK IS ENCRYPTED NOW

USE VEGtpN4krwJgWeeJ@proton.me | QSKhVaBPFv@onionmail.org TO GET THE PRICE FOR YOUR DATA

DO NOT GIVE THIS EMAIL TO 3RD PARTIES

DO NOT RENAME OR MOVE THE FILE
Potato 产品答疑师 楼主 发表于 2023-12-13 16:54 | 显示全部楼层 | 私信

IP属地: 北京市


!!! ALL YOUR FILES ARE ENCRYPTED!!!

All your files, documents, photos, databases and other important files are encrypted.
The only way to recover your files is to get a decryptor.
To get the decryptor, write to us by mail or telegram, specify the ID of the encrypted files in the letter:

Email: decryptor@cyberfear.com
Telegram: https://t.me/decrypt_help
@decrypt_help

Warning.
* Do not rename encrypted files.
* Do not attempt to decrypt data using third party software, as this may result in permanent data loss.
* Do not contact other people, only we can help you and recover your data.

Your personal DECRYPTION ID: E5CA27CF740D121C565A398A08057B0C

360fans766484257 LV1.上等兵 我也是刚中招了 有解决办法了吗 
2024-1-9 10:38回复

IP属地: 北京市

Potato 产品答疑师 楼主 发表于 2023-12-13 16:56 | 显示全部楼层 | 私信

IP属地: 北京市


############## YOUR FILES WERE ENCRYPTED  ##############
--
YOUR FILES ARE SAFE! ONLY MODIFIED :: AES
WE STRONGLY RECOMMEND you NOT to use any Decryption Tools.
These tools can damage your data, making recover IMPOSSIBLE.
Also we recommend you not to contact data recovery companies.
They will just contact us, buy the key and sell it to you at a higher price.
If you want to decrypt your files, you have to get RSA private key.
--
The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files.
We guarantee that you can recover all your files safely and easily. All you.
need to do is submit the payment and purchase the decryption software.
--
OUR EMAIL ADDRESS
  Q6uBdWWuu4@proton.me
  quvn5llxkk@mailfence.com
  JnSeYvZw34@onionmail.org
  Hw2k0SZdxa@msgsafe.io

And send us your id: 31B965AB90A9B1709CD0DCA11DC488B2
--
HOW to understand that we are NOT scammers?
Before paying you can send us up to 2 files for free decryption.
The total size of files must be less than 5MB(non archived).
Files should not contain valuable information. (databases, backups, large excel sheets, etc.)
--
Please contact us within 3 days to purchase the decryption software, otherwise the price of the decryption software will be doubled.
########################################################
Potato 产品答疑师 楼主 发表于 2023-12-13 16:56 | 显示全部楼层 | 私信

IP属地: 未知


Your ID: D15622D73ACBA26F8D0EF1EF93002A4C

[en | English]
Your files has been encrypted!

>>> What's happened?
  ALL YOUR FILES ARE STOLEN AND ENCRYPTED.
  To recovery your data and not to allow data leakage, it is possible only through purchase of a private key from us.

>>> What guarantees?
  Before paying you can send us up to 2 files for free decryption.
  The total size of files must be less than 2MB(non archived).
  files should not contain valuable information. (databases, backups, large excel sheets, etc.)

>>> CONTACT US:
  Please write an email to all: Hw2k0SZdxa@msgsafe.io & JnSeYvZw34@onionmail.org & pGU2NJ4TQk@mail2tor.com
  Write your ID in the title of your message

>>> ATTENTION!
  Do not rename or modify encrypted files.
  Do not try to decrypt using third party software, it may cause permanent data loss.
  Decryption of your files with the help of third parties may cause increased price(they add their fee to our).
  We use strong encryption, nobody can restore your files except us.
  The price depends on how fast you contact with us.
  remember to hurry up, within 24 hours the private key is worth $2000 USD in bitcoins (BTC), after 24 hours send an email inquiry.
  All your stolen data will be loaded into cybercriminal forums/blogs if you do not pay ransom.
  If you do not pay the ransom we will attack your company repeatedly again.

[cn | Chinese]
你的文件已经被加密了!

>> 发生了什么事?
  你的所有文件都被盗并被加密。
  为了恢复你的数据,不允许数据泄漏,只有通过向我们购买私人密钥才能实现。

>> 什么保证?
  在付款之前,你可以向我们发送最多2个文件,以便免费解密。
  文件的总大小必须小于2MB(非归档)。
  文件不应包含有价值的信息。(数据库、备份、大的EXCEL表等)

>> 联系我们:
  请写一封邮件给所有:Hw2k0SZdxa@msgsafe.io & JnSeYvZw34@onionmail.org & pGU2NJ4TQk@mail2tor.com
  在信息的标题中写上你的ID

>> 注意!
  不要重命名或修改加密的文件。
  不要尝试使用第三方软件解密,这可能会导致永久性数据丢失。
  在第三方的帮助下解密您的文件可能会导致价格上涨(他们在我们的基础上增加他们的费用)。
  我们使用强大的加密技术,除了我们,没有人可以恢复你的文件。
  价格取决于你与我们联系的速度。
  记得抓紧时间,在24小时内,私人密钥价值2000美元的比特币(BTC),24小时后发送电子邮件查询。
  如果你不支付赎金,你所有被盗的数据将被加载到网络犯罪的论坛/博客。
  如果你不支付赎金,我们将再次反复攻击你的公司。
Potato 产品答疑师 楼主 发表于 2023-12-13 16:58 | 显示全部楼层 | 私信

IP属地: 北京市


            
                                                  YOUR FILES ARE ENCRYPTED!!!

For data recovery contact us you will need to pay us:
gameovercreation@cock.li
caypishijistor29@gmx.com
1. In the first letter, indicate your personal ID!
2. In response, we will send you instructions.



       
>>>> Your personal DECRYPTION ID: 8FAB6E0C0F8970F7E02F65A6975F787A
Potato 产品答疑师 楼主 发表于 2023-12-13 16:59 | 显示全部楼层 | 私信

IP属地: 北京市


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>Your personal ID: 5FF4A2AD12339428FE4A99A08B536670
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

[en | English]
Your files has been encrypted!

>>> What's happened?
  ALL YOUR FILES ARE STOLEN AND ENCRYPTED.
  To recovery your data and not to allow data leakage, it is possible only through purchase of a private key from us.

>>> What guarantees?
  Before paying you can send us up to 2 files for free decryption.
  The total size of files must be less than 2MB(non archived).
  files should not contain valuable information. (databases, backups, large excel sheets, etc.)

>>> CONTACT US:
  Please write an email to all:  quvn5llxkk@mailfence.com & JnSeYvZw34@onionmail.org & Q6uBdWWuu4@proton.me & Hw2k0SZdxa@msgsafe.io
  Write your ID in the title of your message

>>> ATTENTION!
  Do not rename or modify encrypted files.
  Do not try to decrypt using third party software, it may cause permanent data loss.
  Decryption of your files with the help of third parties may cause increased price(they add their fee to our).
  We use strong encryption, nobody can restore your files except us.
  The price depends on how fast you contact with us.
  remember to hurry up, within 24 hours the private key is worth $10000 USD in bitcoins (BTC), after 24 hours send an email inquiry.
  All your stolen data will be loaded into cybercriminal forums/blogs if you do not pay ransom.
  If you do not pay the ransom we will attack your company repeatedly again.

[cn | Chinese]
你的文件已经被加密了!

>> 发生了什么事?
  你的所有文件都被盗并被加密。
  为了恢复你的数据,不让数据泄露,只有通过向我们购买私人密钥才能实现。

>> 什么保证?
  在付款之前,你可以向我们发送最多2个文件,以便免费解密。
  文件的总大小必须小于2MB(非归档)。
  文件不应包含有价值的信息。(数据库、备份、大的EXCEL表等)

>> 联系我们:
  请写一封邮件给所有:  quvn5llxkk@mailfence.com & JnSeYvZw34@onionmail.org & Q6uBdWWuu4@proton.me & Hw2k0SZdxa@msgsafe.io
  在信息的标题中写上你的ID

>> 注意!
  不要重命名或修改加密的文件。
  不要尝试使用第三方软件解密,这可能会导致永久性数据丢失。
  在第三方的帮助下解密您的文件可能会导致价格上涨(他们在我们的基础上增加他们的费用)。
  我们使用强大的加密技术,除了我们,没有人可以恢复你的文件。
  价格取决于你与我们联系的速度。
  记得抓紧时间,在24小时内,私人密钥价值10000美元的比特币(BTC),24小时后发送电子邮件查询。
  如果你不支付赎金,你所有被盗的数据将被加载到网络犯罪的论坛/博客。
  如果你不支付赎金,我们将再次反复攻击你的公司。

>> Data Leaks 133.89GB in total

Potato 产品答疑师 楼主 发表于 2023-12-13 17:00 | 显示全部楼层 | 私信

IP属地: 北京市


嘿,我的朋友

如果你正在阅读这条信息,这意味着
       - 你的网络基础设施已被破坏
       - 文件被加密了
      
为什么会发生这种情况以及如何解决:
       - 这意味着你的系统是脆弱的
       - 所有加密的文件都可以被解密和恢复
       - 联系我们是你解决现在问题最快的方法

有什么保证?
       为了证明我们的诚意和实力,我们提供两种测试方法
       1. 向我们发送电子邮件,获得解密程序,这个程序只能免费解密桌面文件
       2. 你可以给我们发送2个文件(文件总大小必须小于2MB,不能是存档文件,文件中不能包含有价值的信息,如数据库、备份文件、大型EXCEL表格等),我们将免费为你解密。

联系我们:
   请写一封邮件给所有:
        quvn5llxkk@mailfence.com
        JnSeYvZw34@onionmail.org
        Q6uBdWWuu4@proton.me
        Hw2k0SZdxa@msgsafe.io
  
  在信息的标题中写上你的ID: 71DF20DAD066B54DBA12C35713BF373F
Potato 产品答疑师 楼主 发表于 2024-3-28 18:02 | 显示全部楼层 | 私信

IP属地: 北京市

!! ALL YOUR FILES HAS BEEN ENCRYPTED !!!
                       
                        You can't restore them without our encryptor.
                       
                        Don't try to use any public tools, you could damage the encrypted files and lose them forever.
                       
                        To make sure our encryptor works, contact us and encrypt one file for free.
                       
                        Download TOX messenger: https://tox.chat/
                       
                        Add friend in TOX, ID: BA7B15B33163FAA2C87040438AF6D232FC6EA3740033F2AE3EB2181C1454BD4AAE983BAF03FE
Potato 产品答疑师 楼主 发表于 2024-3-28 18:19 | 显示全部楼层 | 私信

IP属地: 北京市

All your files have been encrypted!
If you want to restore them, write us to the e-mail : ea7rt3nu0k@onionmail.org
Write this ID in the title of your message DECRYPT-ID-91EB9C54CA8850A6482AE1E3816618A8 number number In case of no answer in 48 hours write us to theese e-mails : ea7rt3nu0k@onionmail.org

You have to pay for decryption in Bitcoins.
The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee Before paying you can send us up to 1 files for free decryption.
The total size of files must be less than 2 Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
https://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beg
Potato 产品答疑师 楼主 发表于 2024-5-6 16:43 | 显示全部楼层 | 私信

IP属地: 北京市


>>>> YOUR PC HAS BEEN LOCKED BY FLAMINGO


>>>> UNLOCK PC INSTRUCTIONS:
        1. Message flamingo on telegram: @Flamingo_unlock
        2. Transfer $90 in bitcoin to the given address
        3. Flamingo will send the file decrypter
        4. Enjoy access back to your PC


>>>> WARNING
        We do NOT answer to negotiations
        Any attempt to bargain will be ignored and put on block
        To get your PC back you will have to pay the fee
Potato 产品答疑师 楼主 发表于 2024-5-20 11:10 | 显示全部楼层 | 私信

IP属地: 北京市

        Ni hao, XXXX
        
        Your data are stolen and encrypted.

        In case of nonpayment - all information will be sold or made publicly accessible, and we will also continue to attack your servers.
        
        Compared to other ransomware we charge a lot less, so don't be stingy!
        
        If you pay - we will provide you with decryption software and remove your data from our servers.
        
        We will also let you know about the vulnerability in your servers that we used to infiltrate your network.  
        
        WARNING! Do not delete or modify any files, it can lead to recovery problems!
        
        You can contact us using Session messenger without registration and sms https://getsession.org/download
        
        My Session ID:  05839c6cce78c3f3043e7a65c27e881cbb9efbda3bab942d273a496876340b254f
        
        You can send us any 1 file for free decryption.
        
        Zhu ni haoyun!
        
        
        你好,XXXX
        
        您的数据已被窃取并加密。

        如果不付款,所有信息都将被出售或公开,我们还会继续攻击您的服务器。
        
        与其他勒索软件相比,我们的收费要低很多,所以不要小气!
        
        如果您支付了赎金,我们将为您提供解密软件,并从服务器上删除您的数据。
        
        我们还会让您知道我们利用您服务器上的漏洞来渗透您的网络。
        
        警告!请勿删除或修改任何文件,否则会导致恢复问题!
        
        您可以使用无需注册的会话信使和短信 https://getsession.org/download 与我们联系
        
        我的会话 ID:05839c6cce78c3f3043e7a65c27e881cbb9efbda3bab942d273a496876340b254f
        
        您可以将任意 1 个文件发送给我们进行免费解密。
        
        祝您好运

        
        
简简单单chao 产品答疑师 发表于 2020-2-10 11:22 | 显示全部楼层 | 私信

安全第一,就用360!
360fans_u33357001 LV2.下士 发表于 2020-4-12 23:43 | 显示全部楼层 | 私信
我的服务器中毒了,已经上传样本,有没有解决方法啊,我有源文件和加密后的文件
360fans281720198 LV2.下士 你 解决了吗 ?我上周五中招了。还好有备份文件。 
2023-9-27 10:44回复

IP属地: 北京市

360fans_0syY2S LV1.上等兵 发表于 2020-4-13 10:26 | 显示全部楼层 | 私信
有解决方案吗?
360fans2885590516 LV4.上士 发表于 2020-4-13 14:48 | 显示全部楼层 | 私信
中这个招的人这么少吗?我可真惨,唉。一晚上挂着360杀毒,在不断的查杀过程中也能中毒?
半夜硬盘狂响,以为等下就查毒查完了,谁知后面完蛋。桌面显示“mouse lokc",鼠标被锁定了,屏幕也乱七八杂了。文件全被加密了。
Potato 产品答疑师 方便留个联系方式吗? 
2020-4-14 10:57回复
Potato 产品答疑师 楼主 发表于 2020-4-13 19:14 | 显示全部楼层 | 私信
家族:Lockbit
被加密文件后缀:
黑客邮箱:Restore-My-Files.txt
泡菜大坛子 LV2.下士 我已上传加密文件和未加密文件 
2020-4-15 16:03回复
Potato 产品答疑师 楼主 发表于 2020-4-13 19:14 | 显示全部楼层 | 私信
家族:Lockbit
被加密文件后缀:
黑客邮箱:lockbitks2tvnmwk.onion
360fans_u33357001 LV2.下士 发表于 2020-4-14 14:56 | 显示全部楼层 | 私信
有源文件和被加密后的文件,能找出加密算法吗?
360fans_u33357001 LV2.下士 发表于 2020-4-15 16:02 | 显示全部楼层 | 私信
请技术人员查看未加密文件和加密后文件,看能不能找出解密方法,谢谢
Potato 产品答疑师 能的话早出解密工具了。 
2020-5-6 18:46回复
yongfqpdeep LV3.中士 发表于 2020-4-15 16:38 | 显示全部楼层 | 私信
.lb3czi这个加密后缀的病毒有点傻,电脑重启就不能启动了,原因是把启动文件也给加密(你说傻猪不傻猪),但技术是有的,火绒的启动程序还能被他给加密(服服服。。。),360和某管家就在那里看着,看到电脑死机他也不管。
Potato 产品答疑师 开启卫士不可能出现这种情况的。说话讲证据。可以私信我我直接查看一下具体情况。这些东西看日志就一眼明了 
2020-5-6 18:46回复
360fans_u33357001 LV2.下士 发表于 2020-5-9 13:19 | 显示全部楼层 | 私信
啥时能出解密工具啊
泡菜大坛子 LV2.下士 回复Potato:好的,理解了,谢谢 
2020-5-11 14:00回复
Potato 产品答疑师 解密时间无法估计。若勒索病毒已知,而我们当前又无法给出技术破解方案,说明该勒索病毒的加密算法是不存在技术漏洞的。那只能等待黑客的私钥被公开或泄露,或是有其他的技术性突破。而这些都是无法做出时间上的预期的。 
2020-5-11 10:32回复
360fans_uid42942847 LV1.上等兵 发表于 2020-5-18 01:41 | 显示全部楼层 | 私信
你好,亲,我这里今天发现中了这个病毒,而且是公司的服务器,我改怎么解决呢,亲
你有办法么??
真的很着急
360fans281720198 LV2.下士 我上周五晚上中招的,最后你怎么解决的 ? 
2023-9-27 10:47回复

IP属地: 北京市

Potato 产品答疑师 关于勒索病毒的一些常见问题和防护方案,这个帖子做了很好的总结,可以看看:https://bbs.360.cn/thread-15858154-1-1.html 
2020-5-25 11:35回复
360fans_uid42942847 LV1.上等兵 发表于 2020-5-18 16:47 | 显示全部楼层 | 私信
亲,你好,大师,你能帮我么,我的公司服务起中了这个病毒,里面一些有用的文件都打不开了,而是服务器上的
360fans_oEqg09 LV2.下士 回复Potato:您好,解密工具出来了吗? 
2020-7-15 08:58回复
Potato 产品答疑师 关于勒索病毒的一些常见问题和防护方案,这个帖子做了很好的总结,可以看看:https://bbs.360.cn/thread-15858154-1-1.html 
2020-5-25 11:35回复
360fans_u43810252 LV1.上等兵 发表于 2020-8-10 16:00 | 显示全部楼层 | 私信
你好,大师,我的个人电脑中了这个病毒,里面一些有用的文件都打不开了,现在有什么处理办法吗?
Potato 产品答疑师 关于勒索病毒的一些常见问题、防护方案、支付细节等,这个帖子做了很好的总结,可以看看:https://bbs.360.cn/thread-15858154-1-1.html 
2020-8-10 16:59回复
360fans_u44538859 LV1.上等兵 发表于 2020-12-13 17:08 | 显示全部楼层 | 私信
我个人也中了LOCKBIT,电脑一直在办公室放着的,没关机。双12晚上三点多下班回家 ,白天8:30到公司发现开机密码被改,自行破解密码后发现所有文件都被改成LOCKBIT,想尽一切办法进入他们提供的网站联系,说要4000刀。求能快点出来破解软件!
软件开发定制 LV4.上士 回复360fans_wap2889297358:拖久了就打不开勒索链接网址了,暗网也打不开,可能是域名到期或网站主机空间商关闭了。 
2020-12-25 21:25回复
360fans_XCVjba LV1.上等兵 回复孙磊_230:现在看来只能找第三方修复数据了。。。。 
2020-12-18 14:18回复
孙磊_230 LV1.上等兵 回复360fans_wap2889297358:没办法解决! 
2020-12-14 20:15回复
360fans_wap2889297358 LV1.上等兵 你好,请问你最后怎么解决的,我昨天也被勒索了 
2020-12-14 06:32回复
360fans2885590516 LV4.上士 发表于 2020-12-25 21:15 | 显示全部楼层 | 私信
如果支付的网址打不开了,想恢复数扰也找不到“人”了。相当于限期3个月不交钱就撕票并且公开泄露你的数据。
一般情况下付款估计是有用的,找第三方估计只会加钱,他也联系不上黑客本人的。否则早就抓完了
360fans2885590516 LV4.上士 发表于 2020-12-25 21:37 | 显示全部楼层 | 私信
以后建议大家弄个网盘自动备份+硬盘备份,光盘备份,三者齐下,不能偷懒
360fans_u33357001 LV2.下士 发表于 2021-4-8 12:10 | 显示全部楼层 | 私信
一年了,还解密不了,这位也真是挺厉害的
360fans_p52lfI LV1.上等兵 发表于 2021-7-20 15:03 | 显示全部楼层 | 私信
今天我也中招了,有解决办法了吗?
360fans_wap3379618694 LV1.上等兵 发表于 2022-7-10 19:44 | 显示全部楼层 | 私信
这个还没有解密出来么?
360fans2885590516 LV4.上士 发表于 2023-7-24 08:02 | 显示全部楼层 | 私信

IP属地: 浙江省

有人解密成功的吗,付钱的,解密情况如何?
360fans_lfOmTD LV1.上等兵 发表于 2023-11-13 13:06 | 显示全部楼层 | 私信

IP属地: 江苏省

今天中了,服务器都加密了,自己电脑上的文件全打不开了都lockbit2.0。求问啥时候能解密,文件还比较重要都。
Potato 产品答疑师 如果您想随时关注解密情况可以直接到lesuobingdu.360.cn查询,或者填写登记表,后续如果出解密我们会通过登记进行通知:https://wenjuan.lap.360.cn/sv/59abea7ae8912 
2023-11-27 10:41回复

IP属地: 未知

您需要登录后才可以回帖 登录 | 注册

本版积分规则

Potato 产品答疑师

粉丝:9 关注:0 积分:11429

精华:0 金币:12156 经验:7116

最后登录时间:2024-6-18

私信 加好友

最新活动

【360AI浏览器&360AI搜索】公测开启

排行榜

热度排行 查看排行
今日 本周 本月 全部
    今日 本周 本月 全部

      内容推荐 热门推荐最新主帖

      扫码添加360客服号,涨知识的同时还有超多福利等你哦

      快速回复 返回顶部 返回列表