成功处理.locked勒索病毒解密

注意：本篇为早期locked介绍，

2022年8月28日后爆发的.locked勒索病毒问题，请移步这里了解详情：https://www.grit.com.cn/Ransomware/locked

近日深圳一家科技公司服务器感染.locked勒索病毒，服务器上部署的OA系统，除C盘外所有文件被加密成.locked扩展名。

提取到READ_ME.html文档，内容如下：

I am so sorry ! All your files have been encryptd by RSA-1024 and AES-256 due to a computer security problems.

If you think your data is very important .The only way to decrypt your file is to buy my decrytion tool .

else you can delete your encrypted data or reinstall your system.

Your personid :

***********************************************************************************************=

Decrytion do as follows:

1. if you not own bitcoin,you can buy it online on some websites. like https://localbitcoins.net/ or https://www.coinbase.com/ .

2. send 0.1 btc to my wallet address **************************

3. send your btc transfer screenshots and your persionid to my email service@goodluckday.xyz . i will send you decrytion tool.

Tips:

1.don't rename your file

2.you can try some software to decrytion . but finally you will kown it's vain .

3.if any way can't to contact to me .you can try send me bitcoin and paste your email in the transfer information. i will contact you and send you decrytion tools.

Anything you want to help . please send mail to my email service@goodluckday.xyz.

Have a nice day .

经过国瑞安全紧急处理，成功解密被加密文件和数据库，客户及时恢复了生产工作，将损失降到最低程度。

需注意的是，此类型并非早期lock或locky勒索病毒家族，加密机制及解密方法均与lock或locky不相同。

24小时应急响应热线：15021662155 / 15611033457