N3ww4v3勒索软件家族详情

【家族名】
Win32/Ransom.N3ww4v3
[平台]   /   [主类型]  .  [家族名]
平台类型 :  Win32 Win64
威胁类型 : Ransom
【是否支持解密】
360解密大师：暂不支持
在线解密：暂不支持
【被加密文件】
被加密文件会被新增n3ww4v3扩展名


【勒索提示信息】：
文件名：How-to-decrypt.txt
文件内容 ：
-------------------------------------------------------------------------------
|!!!| Hello |!!!|
---> DON'T ignore this and check ALL INFO carefully!!!
*** About situation:
ALL your important files have been encrypted and ALL sensitive information also leaked!
This modification is reversible and data remain safe!
Encrypting your data is only proof , we only interested money, we don't want to damage your reputation , don't want to harm your work, not make a DDOS attack on your infrastructure -  we only check and uploaded your files!
*** IF WE DO NOT FIND A COMMON LANGUAGE:
---> All encrypted data be irretrievably lost.  
---> Leaked data will be published or sold on black-market (or to competitors).
  This will be followed by serious consequences and all your customers\partners and special services will be notified about it!
!!! FOLLOW INSTRUCTIONS TO AVOID IRREVERSIBLE CONSEQUENCES !!!
!!!YOU NEED ASAP CONTACT WITH US TO DEAL THIS!!!
---> You don't have another way.
Our contacts will be provided below!
****************************************
!!! WARNING !!!
DON'T use any third party software for restoring your data or antivirus solutions!
DO NOT MODIFY ENCRYPTED FILES!
DO NOT RENAME ENCRYPTED FILES!
- it's may entail damage of the private key and, as result - you loss all data.
!!!No software and services available on internet can help you!!!
!!! Decryption of your files with the help of third parties may cause increased price (they add their fee to our and they usually fail) or you can become a victim of a scam.
__________________________
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
REMINDING:
It's in your interests to get your files back and safe all lost files,docs,bases.
We have your highly confidential/personal data. These data are currently stored on a private server(cloud)!
--->  After payment this cloud will be deleted and your data stay safe!
We guarantee complete anonymity and can provide you with proof and guaranties from our side and our best specialists make everything for restoring, but please should not interfere without us.
|!!!| IF YOU DON'T CONTACT US WITHIN 48 HOURS FROM LOCK YOUR DATA - PRICE WILL BE HIGHER. |!!!|
_________________________________________________________________
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
*** HOW TO CONTACT US:
Just write us an email to this mail(s):
sendr@onionmail.org
sendr@tutanota.com
* To ANONIMOUS contact with us, create a new free email account on the site: tutanota.com (recommended) , onionmail.org , protonmail.com
* To avoid having your email blocked and get spam filters, send private information (such as your private key) with the private notes service:
privnote.com
If you do not receive a reply within 24 hours or do not receive a response to your following messages, contact us with another email or through qTox!
! add our mails to contacts so as not to lose letters from us !
!!! check your spam sometimes, our emails may get there !!!
Your decrypt ID is: ydSr4J56mcJbJ-ABSUzl31J-EtjTnZIkebzT5_2s9wk*n3ww4v3
----------------------------------------
!!! for a quick contact with us or if you will not receive our letters !!!
download qTox and ADD our TOXID.
our individual key(TOXID):
9E7B8EE126E712BECE1D6A84DD776F25646C13B1E7CDBF00169078EE6EAC653E9B455D7*****
How to download qTOX messenger:
hxxxs://tox.chat/download.html
hxxxs://github.com/qTox/qTox/releases/download/v1.17.3/setup-qtox-x86_64-release.exe
-------------------------------------------------------------------------------
【防护建议】
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括：
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。

家族：N3ww4v3
被加密文件后缀:n3ww4v3 
黑客邮箱/Url：sendr@onionmail.org

家族：N3ww4v3
被加密文件后缀:n3ww4v3 
黑客邮箱/Url：sendr@tutanota.com

家族：N3ww4v3
被加密文件后缀:n3ww4v3 
黑客邮箱/Url：itsupport831@reddithub.com

家族：N3ww4v3
被加密文件后缀:3kfAp
黑客邮箱/Url：support007@mailfence.com

家族：N3ww4v3
被加密文件后缀:3kfAp
黑客邮箱/Url：help@inboxhub.ne

家族：N3ww4v3
被加密文件后缀:9niOpX
黑客邮箱/Url：help@inboxhub.net

家族：N3ww4v3
被加密文件后缀:g0eI9
黑客邮箱/Url：secure5555@msgsafe.io

家族：N3ww4v3
被加密文件后缀:0v3yT8
黑客邮箱/Url：team@yahooweb.co

家族：N3ww4v3
被加密文件后缀:0v3yT8
黑客邮箱/Url：ironsupport@onionmail.org

家族：N3ww4v3
被加密文件后缀:HONESTBITCOIN
黑客邮箱/Url：herkonasladok@onionmail.org

家族：N3ww4v3
被加密文件后缀:r0Qp@3M
黑客邮箱/Url：ironsupport@onionmail.org

家族：N3ww4v3
被加密文件后缀:r0Qp@3M
黑客邮箱/Url：team@yahooweb.co

家族：N3ww4v3
被加密文件后缀:Fora
黑客邮箱/Url：@ONIONHUNTER

家族：N3ww4v3
被加密文件后缀:Fora
黑客邮箱/Url：onionhunter@onionmail.org

家族：N3ww4v3
被加密文件后缀:t4c2ewdqca
黑客邮箱/Url：help5555@msgsafe.io

家族：N3ww4v3
被加密文件后缀:PORTHUB
黑客邮箱/Url：@PORTHUB

家族：N3ww4v3
被加密文件后缀:1cy931cn9v 
黑客邮箱/Url：ironsupport@onionmail.org

家族：N3ww4v3
被加密文件后缀:QUIETPLACE
黑客邮箱/Url：mcdonaldsdebtzhlob@onionmail.org

家族：N3ww4v3
被加密文件后缀:bigspermhorseballs
黑客邮箱/Url：Bigspermhorseballs@onionmail.org

家族：N3ww4v3
被加密文件后缀:w9lq64h4
黑客邮箱/Url：temp515@msgsafe.io

家族：N3ww4v3
被加密文件后缀:h777XRgNVM777xM
黑客邮箱/Url：engines-1@tutanota.com

家族：N3ww4v3
被加密文件后缀:darth
黑客邮箱/Url：aegisbackupz@gmail.com

家族：N3ww4v3
被加密文件后缀:Indianguy
黑客邮箱/Url：indianguy@onionmail.org

家族：N3ww4v3
被加密文件后缀:damarans
黑客邮箱/Url：damarans@mail.ru

家族：N3ww4v3
被加密文件后缀:damarans
黑客邮箱/Url：damarans@outlookpro.net

家族：N3ww4v3
被加密文件后缀:HONEYHORSELIKESMONEY
黑客邮箱/Url：@Hairysquid

家族：N3ww4v3
被加密文件后缀:HONEYHORSELIKESMONEY
黑客邮箱/Url：@SEXYHORSES

家族：N3ww4v3
被加密文件后缀:HONEYHORSELIKESMONEY
黑客邮箱/Url：sexyhorses@onionmail.org

家族：N3ww4v3
被加密文件后缀:dataland
黑客邮箱/Url：newdataland@gmail.com