Medusa勒索软件家族详情

【家族名】
Win32/Ransom.Medusa
[平台]   /   [主类型]  .  [家族名]
平台类型 :  Win32 Win64
威胁类型 : Ransom
【是否支持解密】
360解密大师：暂不支持
在线解密：暂不支持
【被加密文件】
被加密文件后缀格式： 修改文件后缀为.MEDUSA


【勒索提示信息】：
文件名：!!!READ_ME_MEDUSA!!!.txt
文件内容 ：
-------------------------------------------------------------------------------
$$\      $$\ $$$$$$$$\ $$$$$$$\  $$\   $$\  $$$$$$\   $$$$$$\  
$$$\    $$$ |$$  _____|$$  __$$\ $$ |  $$ |$$  __$$\ $$  __$$\
$$$$\  $$$$ |$$ |      $$ |  $$ |$$ |  $$ |$$ /  \__|$$ /  $$ |
$$\$$\$$ $$ |$$$$$\    $$ |  $$ |$$ |  $$ |\$$$$$$\  $$$$$$$$ |
$$ \$$$  $$ |$$  __|   $$ |  $$ |$$ |  $$ | \____$$\ $$  __$$ |
$$ |\$  /$$ |$$ |      $$ |  $$ |$$ |  $$ |$$\   $$ |$$ |  $$ |
$$ | \_/ $$ |$$$$$$$$\ $$$$$$$  |\$$$$$$  |\$$$$$$  |$$ |  $$ |
\__|     \__|\________|\_______/  \______/  \______/ \__|  \__|
-----------------------------[ Hello, PetroChina  !!! ]--------------------------
WHAT HAPPEND?
------------------------------------------------------------
1. We have PENETRATE your network and COPIED data.
* We have penetrated entire network including backup system and researched all about your data.
* And we have extracted all of your important and valuable data and copied them to private cloud storage.
2. We have ENCRYPTED your files.
While you are reading this message, it means all of your files and data has been ENCRYPTED by world's strongest ransomware.
All files have encrypted with new military-grade encryption algorithm and you can not decrypt your files.
But don't worry, we can decrypt your files.
There is only one possible way to get back your computers and servers - CONTACT us via LIVE CHAT and pay for the special
MEDUSA DECRYPTOR and DECRYPTION KEYs.
This MEDUSA DECRYPTOR will restore your entire network, This will take less than 1 business day.
WHAT GUARANTEES?
---------------------------------------------------------------
We can post your data to the public and send emails to your customers.
We have professional OSINTs and media team for leak data to telegram, facebook, twitter channels and top news websites.
You can suffer significant problems due disastrous consequences, leading to loss of valuable intellectual property and other sensitive information,
costly incident response efforts, information misuse/abuse, loss of customer trust, brand and reputational damage, legal and regulatory issues.
    https://breached.vc/Forum-Leaks
    https://www.nulled.to/#!Leaks
    https://t.me/+yXOcSjVjI9tjM2E0
After paying for the data breach and decryption, we guarantee that your data will never be leaked and this is also for our reputation.
YOU should be AWARE!
---------------------------------------------------------------
We will speak only with an authorized person. It can be the CEO, top management, etc.
In case you ar not such a person - DON'T CONTACT US! Your decisions and action can result in serious harm to your company!
Inform your supervisors and stay calm!
If you do not contact us within 3 days, We will start publish your case to our official blog and everybody will start notice your incident!
--------------------[ Official blog tor address ]--------------------
Using TOR Browser(https://www.torproject.org/download/):
http://medusaxko7jxtrojdkxo66j7c ... ebnxlcbkccyd.onion/
CONTACT US!
----------------------[ Your company live chat address ]---------------------------
Using TOR Browser(https://www.torproject.org/download/):
http://medusacegu2ufmc3kx2kkqicr ... FpWYNh2VT8tLYAkeQ0P
Or Use Tox Chat Program(https://qtox.github.io/)
Add user with our tox ID : 4AE245548F2A225882951FB14E9BF87EE01A0C10AE159B99D1EA62620D91A372205227254A9F
Our support email: ( medusa.serviceteam@protonmail.com )
Company identification hash:
fb74336df24a22672b18f99406fde485af1aa79ad57fa3c92725bfc223f72538
-------------------------------------------------------------------------------
【数据泄露网站】


【防护建议】
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括：
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。