【家族名】
Win32/Ransom.NOOSE
[平台] / [主类型] . [家族名]
平台类型 : Win32 Win64
威胁类型 : Ransom
【是否支持解密】
360解密大师:暂不支持
在线解密:暂不支持
【被加密文件】
被加密文件后缀格式:.noose
修改文件后缀为
360社区
【勒索提示信息】:
文件名:OPEN_ME.txt、OPEN_THIS.txt
文件内容 :
-------------------------------------------------------------------------------
--------National Office of Security Enforcement [N.O.O.S.E]--------
*Introduction;
Sir / Madam / dear company,
Whoever you are, we know you won't freak out if you read this carefully.
Your data is safe. Don't worry and listen to me.
*What happened to my files?;
Your files are encrypted.
You are infected with the N.O.O.S.E ransomware.
*Proof that we can decrypt it;
We have ethics.
We guarantee you get your files back.
We can and will prove that we're able to decrypt your data.
Send us a file that is less than 1MB and that isn't important and we will send it decrypted.
One of our public relations group will surely respond to you.
Email: server.ransomext@tutanota.de
*24 hours response discount;
Contacting us within 24 hours will get you your sample file decrypted AND a DISCOUNT.
*Okay I trust you, how do I pay?;
We only accept XMR.
Amount: 9.7 XMR (Without discount)
Monero address: 476cVjnoiK2Ghv1Knu5Xyn2EDmKiscsQ9Hf4LPWKtcPjpxQzc26CxTDuNN5vGcXnSSehgS2qhkbFqbURhC8V5fBs3yBBJ32
*I paid, now what?;
Send us the transaction ID and your unique ID.
In this case, your unique ID is: NSERansVariant1-627148652001
We send you a folder with the decryption software along with its private and public keys.
(Simplified: Decryption software to remove the ransomware)
NOTE: Paid negotiators will only take your money and do nothing.
Talk to us, we'll listen to you for free. Save your money.
-------------------------------------------------------------------------------
【防护建议】
1.多台机器,不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性,并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制,并进行定期备份
4.定期检测系统和软件中的安全漏洞,及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括:
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件,并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件,如果已经被杀毒软件拦截查杀,不要添加信任继续运行。
|
|
|
|
评论
直达楼层