|
病毒家族 | Tellyouthepass变种 |
---|---|---|
病毒别名 | locked | |
影响系统 | Windows、Linux | |
出现时间 | 2021年底 |
病毒会加密数据库,文档,音视频等三百多种文件类型。
加密系统包括windows和linux。
linux加密后如下图:
README.html
“
I am so sorry ! All your files have been encryptd by RSA-1024 and AES-256 due to a computer security problems.
If you think your data is very important .The only way to decrypt your file is to buy my decrytion tool .
else you can delete your encrypted data or reinstall your system.
Your personid :
*******************************************
Decrytion do as follows:
1. if you not own bitcoin,you can buy it online on some websites. like https://localbitcoins.net/ or https://www.coinbase.com/ .
2. send 0.1 btc to my wallet address ******.
3. send your btc transfer screenshots and your persionid to my email service@goodluckday.xyz . i will send you decrytion tool.
Tips:
1.don't rename your file
2.you can try some software to decrytion . but finally you will kown it's vain .
3.if any way can't to contact to me .you can try send me bitcoin and paste your email in the transfer information. i will contact you and send you decrytion tools.
Anything you want to help . please send mail to my email service@goodluckday.xyz.
Have a nice day .”
病毒以GO语言编写,单线程执行,凭PersonID获得唯一RSA私钥.
此类型并非早期lock或locky勒索病毒家族,加密机制及解密方法均与lock或locky不相同。
2022年5月新出现扩展名为._locked
勒索信文件how_to_decrypt.hta 如下:
ENCRYPTED
THE ENTIRE NETWORK IS ENCRYPTED
YOUR BUSINESS IS LOSING MONEY
▲All documents, databases, backups and other critical data were encrypted and leaked
▲The program uses a secure AES algorithm, which makes decryption impossible without contacting us
▲If you refuse to negotiate, the data will be auctioned off
To recover your data, please send your ID to the contact below
#ID ********-****-********
@E-mail maliflynanth@aol.com
The price depends on how soon you will contact us Need help?
●Don't doubt
You can decrypt 3 files for free as a guarantee
●Don't waste time
Decryption price increases every hour
●Don't contact resellers
They resell our services at a premium
●Don't recover files
Additional recovery software will damage your data
网友投稿解密工具截图
根据勒索病毒的计算机数据加密原理,国瑞团队修复或者解密被加密数据,不限任何扩展名,但需要针对不同病毒家族、版本,了解病毒的特性和加密率,用来决策采取对应的处理方法手段。 所以,当您寻求国瑞团队救援数据或其他专业数据恢复或安全机构的帮助之前,最好掌握一些信息,提前介绍给专业人员,以便我们更快速准确判断和解决灾难事件。
核心数据服务器上,分区数量、分区空间使用量,被加密文件的总数量(比如几百个、几万个、百万级),核心数据大小(比如:数据库总共20个、总大小1T、最大的库100G等),数据备份损失情况,是否有未被加密文件情况。