|
病毒家族 | Phobos勒索病毒家族 |
---|---|---|
病毒别名 | Devos | |
影响系统 | Windows | |
出现时间 | 2019 |
局域网内设备批量被感染;所有文件被加密成原文件名.id[8位字符-四位数字].[邮件].Devos扩展名;
系统部分服务、安全软件、进程被中止运行;日志被删除;病毒自销毁;
桌面上会显示勒索要求消息。网络犯罪分子要求支付赎金后解锁文件。
“ 病毒生成info.hta、info.txt”
All your files have been encrypted...
RDP的弱口令攻击为主;有多种攻击手段。
局域网共享服务传播。
qq1935@mail.fr, time2relax@firemail.cc, pushhuck@email.tg, ifirsthelperforunlockyourfiles@privatemail.com, paid-files@email.tg, bryan1984jackson@pressmail.ch, martin1993douglas@pressmail.ch, bryan1984jackson@tutanota.com, steven1973parker@libertymail.net, steven1973parker@tutanota.com, backupfiles01@protonmail.com, william_jefferson1@protonmail.com, yourbackup@email.tg, helpbackup@email.tg, Decryption24h@pm.me, dessert_guimauve@aol.com, HelpforFiles@tutanota.com, squadhack@email.tg, decryptfiles@countermail.com, kabennalzly@aol.com, decryptioner@airmail.cc, savemyfiles@protonmail.com, hjelp.main@protonmail.com, 2183313275@qq.com, ambulance@keemail.me, saveyourfiles@qq.com, flopored@protonmail.com, villiamsscorj_rembly@protonmail.com, howtodecrypt@elude.in, support_2020_locker@protonmail.com, lucky_top@protonmail.com, filemaster777@protonmail.com, file-cloud@email.tg, support.devos777@snugmail.net, filemaster777@tutanota.com, support_devos@protonmail.com, devos_devos@tutanota.com, @devos_support (Telegram), cris_nickson@xmpp.jp (Jabber), devos@countermail.com, geerban@email.tg, devosapp@aaathats3as.com, dawhack@email.tg, star-new@email.tg, hunterducker@cumallover.me, hunterducker@tutanota.com, devos@eml.cc, devos@cock.li, deerho@email.tg, return@email.tg, reset@email.tg, bob_marley1991@libertymail.net, bob_marley2021@libertymail.net, bob_marley1991@tutanota.com, keyforfiles@mailfence.com, keyforfiles@airmail.cc