BalaClava勒索病毒家族详情

相关阅读：BalaClava勒索病毒 样本分析
勒索病毒家族名称：BalaClava勒索病毒家族
是否支持解密：否
详情：
被加密文件：
被加密文件后缀格式：

勒索提示信息：
文件名：HOW_TO_RECOVERY_FILES.txt
文件内容 ：
-------------------------------------------------------------------------------
Hello!
If you see this message - this means your files are now encrypted and are in a non-working state!  
Now only we can help you recover.
If you are ready to restore the work - send us an email to the address jerry_glanville_data@aol.com  
In the letter, specify your personal identifier, which you will see below.  
In the reply letter we will inform you the cost of decrypting your files.


Before payment you can send us 1 files for test decryption.  
We will decrypt the files you requested and send you back.  
This ensures that we own the key to recover your data.  
The total file size should be no more than 2 MB,
the files should not contain valuable information (databases, backups, large Excel spreadsheets ...).



Email to contact us - jerry_glanville_data@aol.com



YOUR PERSONAL ID :
9BAF861F39A31BFA108CFD1E703E17775C2C0251585F6E3E08C9C6E3EB71FF1C
1BDB0E4CD039C2F97493109342B03EE2E3EE87DCEC33F516A3ED47438A061B93
ACE5D8609A669BF92F68E7F41661B750AA4ED6665480B82456B035AED578543B
8A0F9D33890E602497DB2532A5C2DF01D7C85BDC5F6B9D954BED9339AC4311F3
FC69088D9631A12D6D2A72FF826526F008059ACA8CCACF529DA84973EA3A846E
A574AE4E4B82953079ED3881EEF62F6E7CF6EFFF0B44BD3948A08B9215B496CD
16CD28C294196B15DA800AC529B7A6E69ECCFCD44D4955B20708AA2FF6833260
BFE967FD62FF63476CA0537C50382CA77D7A831BA4397AECD09186C815A14848
3EA69C2202266CD9F7808AD5311F727D3F3B0365301C2E9416E8DC02744D3BA5
F957C5419FC93FBDEE8080195344398D8070742999E21D969031339C1A521D39
D7879422F86C7FE75B5E829052CD84F4D5365DEA30F7B4EAC4FF01A33ABDD0A1
C67D7D8AF8BECEEACE1D5729BA6BBF793D7EE9DC149416D4593EB3C2F1AAE807
A0A80C77103F947866DF351CFB16F47074F1F0DCD73CD65F03C82CE5B79DDCE0
A50BDB1B47E57E0894D57657F57F33B52D6263F75BB6204677F21BB2CC100FDB
4E6A7073CC544AFA52589F8B106F46D863859B45F775666D00B9F7FB3F261B80
D8508BA3D60C33AD62E9355E774EFA2530A84D3C5E34845CC018D51ECD1DEF07
41FD4F356E9251C5FB434D8DA473E7A435F4544A01B6BAA6ED0C2107ADA88DCE
4684500C79F00AAF120B8B65807F5A16E578573966BAE18F768B5FB3C8324F43
590E1ACF0AC1CD605A31695F46B347D421D7DDC7FDA9D128A5E9343C32849437
114202036A1A17F833DC3100FEB5713A53EB3E2A57792EE1ECCC3209EA8DC13D
2AE0F973E5C1CF11313D41A0E528409FDF3D9F05C2BD4D2E89601F0D5B7EB49B
86834D815ACC724D9A5DF79C088616CEDB7489D2E31F6614156D401A44D2FB3C
FAB076B467E558B3ADEDFFDF27525AE47566910DC875C92731D6F14128A567BD
62365087F0A5E58C9E24195EA260DDA5495A13FED1B95973FEB87176C566244F
32E3A34E5A0EDCC85E5F3B458FC4EB9DEF0B0DBF1562158B156239AE7A167453
3323FAA8F24331010B
-------------------------------------------------------------------------------
防护建议：
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括：
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。