0APT勒索软件家族详情

【家族名】
Win32/Ransom.0APT
[平台]   /   [主类型]  .  [家族名]
平台类型 :  Win32 Win64
威胁类型 : Ransom
【是否支持解密】
360解密大师：暂不支持
在线解密：暂不支持
【被加密文件】
被加密文件后缀格式：.0apt
修改文件后缀为


【勒索提示信息】：
文件名：README0apt.txt
文件内容
---------------------------------------------------------------------------------------------------------------------------
::: 0APT LOCKER :::
!!! ALL YOUR FILES ARE ENCRYPTED !!!
Hello,
If you are reading this message, it means your company's network has been breached
and all your data has been encrypted by 0apt group.
WHAT HAPPENED?
We have exploited vulnerabilities in your network infrastructure. All your servers,
databases, and backups have been locked with military-grade encryption algorithms
(AES-256 & RSA-2048). You cannot recover your files without our private key.
DATA LEAK WARNING:
Before encryption, we downloaded your confidential data . If you refuse to pay or do not contact us, this
data will be published on our Tor blog for your competitors and regulators to see.
HOW TO GET YOUR FILES BACK?
We are not interested in destroying your business, we only want payment.
You must purchase a unique decryption tool from us.
>>> LEGAL & REPUTATION NOTICE (IMPORTANT):
We have analyzed your files If you do not pay:
1. We will send copies of this incriminating data directly to your GOVERNMENT
   agencies and regulators to trigger an investigation against you.
2. We will email your clients, business partners, and everyone in your CONTACT
   LIST to inform them that you lost their data.
INSTRUCTIONS:
1. Download and install Tor Browser: https://www.torproject.org/
2. Open Tor Browser and navigate to our chat portal:
   http://oaptxiyisljt2kv3we2we34ku ... dad.onion/login.php
3. Enter your Personal ID to start the negotiation
(If the website is down or inaccessible, please try again after some time.)
Your Personal ID:
5B1B-C7AA-26E4-0APT-KEY
DEADLINE:
You have 24 hours to contact us. After this, the price will double.
If we do not hear from you within 48 hours, your data will be leaked permanently.
ATTENTION:
- Do not rename encrypted files.
- Do not try to decrypt using third-party software (you may lose data forever).
- Do not call the police or FBI (we will leak data immediately).
-- 0apt Team --
---------------------------------------------------------------------------------------------------------------------------


【修改桌面显示】：



【防护建议】
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括：
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。