Mortar勒索软件家族详情

【家族名】
Win32/Ransom.Mortar
[平台]   /   [主类型]  .  [家族名]
平台类型 :  Win32 Win64
威胁类型 : Ransom
【是否支持解密】
360解密大师：暂不支持
在线解密：暂不支持
【被加密文件】
被加密文件后缀格式：.15位随机组合
修改文件后缀为


【勒索提示信息】：
文件名：README-15位随机组合.txt
文件内容
---------------------------------------------------------------------------------------------------------------------------
--------------------------------------------
| What happened to your files?
--------------------------------------------
We breached your corporate network and encrypted the data on your computers. The encrypted data includes documents, databases, photos and more -
all were encrypted using a military grade encryption algorithms (AES-256 and RSA-2048). You cannot access those files right now. But don't worry!
You can still get those files back and be up and running again in no time.
---------------------------------------------
| How to contact us to get your files back?
---------------------------------------------
The only way to restore your files is by purchasing a decryption tool loaded with a private key we created specifically for your network.
Once run on an effected computer, the tool will decrypt all encrypted files - and you can resume day-to-day operations, preferably with
better cyber security in mind. If you are interested in purchasing the decryption tool contact us at http://hpo7htcpddfanilknttsymttz ... nvry5bngszyd.onion.
!IMPORTANT!
TO RESTORE YOUR FILES CONTACT US VIA TOR BROWSER
WEBSITE: http://hpo7htcpddfanilknttsymttz ... gnvry5bngszyd.onion
USERNAME: sid
PASSWORD: 4RcrXfvVksS5ACA
BACKUP LINK TO SUPPORT TEAM: http://hpo7htcpddfanilknttsymttz ... gnvry5bngszyd.onion
!!!!!!!!!!!
---------------------------------------------------------------------------------------------------------------------------


【防护建议】
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括：
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。