首页 > 业界动态

时间:2020-12-22 11:24:28
  近日,鸿萌接到客户求助,客户服务器感染了一种后缀为.cnnet的勒索者病毒。数据中毒后,无法使用,我们来看一下中毒文件的情况,如下图:



中毒后文件情况
服务器中留下如下信息:
YOUR PERSONAL ID:
DAA4(略去)
/! YOUR COMPANY NETWORK HAS BEEN PENETRATED /!
ALL YOUR IMPORTANT FILES HAVE BEEN ENCRYPTED!

YOUR FILES ARE SAFE! JUST MODIFIED ONLY. (RSA+AES) 

ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMENANTLY DESTROY YOUR FILE.
DO NOT MODIFY ENCRYPTED FILES. DO NOT RENAME ENCRYPTED FILES.

NO SOFTWARE AVAILABLE ON INTERNET CAN HELP YOU. WE ONLY HAVE
SOLUTION TO YOUR PROBLEM.

WE GATHERED HIGHLY CONFIDENTIAL/PERSORNAL DATA. THESE DATA
ARE CURRENTLY STORED ON A PRIVATE SERVER. THIS SERVER WILL BE
IMMEDIATELY DESTROYED AFTER YOUR PAYMENT. WE ONLY SEEK MONEY
AND DO NOT WANT TO DAMAGE YOUR REPUTATION. IF YOU DECIDE TO
NOT PAY, WE WILL RELEASE THIS DATA TO PUBLIC OR RE-SELLER.

YOU WILL CAN SEND US 2-3 NON-IMPORTANT FILES AND WE WILL
DECRYPT IT FOR FREE TO PROVE WE ARE ABLE TO GIVE YOUR FILES
BACK.
 
Contact us for price and get decryption software.

http://gvlay6u4g53rxdi5.onion/21-4e3JXUSUy2NXAdEXLi1fWVjlBMtGfT9U-N0Ttab0lkpYqvRC3QvUXMlRDkQAtFIPb
* Note that this server is available via Tor browser only

Follow the instructions to open the link:
1. Type the addres "https://www.torproject.org" in your Internet browser. It opens the Tor site.
2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.
3. Now you have Tor browser. In the Tor Browser open "{{URL}}". 
4. Start a chat and follow the further instructions. 

If you can't use the above link, use the email:
dec_helper@dremno.com
dec_helper@excic.com
MAKE CONTACT AS SOON AS POSSIBLE. YOUR DECRYPTION KEY IS ONLY STORED 
TEMPORARLY. IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.
这次有些与众不同,客户一共17台服务器中毒,但留下的信息内容有两台与其他不同:
里面信息如下:
Your files are encrypted!
What happened?
Your files are encrypted, and currently unavailable.
You can check it: all files on you computer has new expansion.
By the way, everything is possible to recover (restore), but you need to buy a unique decryptor.
Otherwise, you never cant return your data.

For purchasing a decryptor contact us by email:
dec_helper@dremno.com
If you will get no answer within 24 hours contact us by our alternate emails:
dec_helper@dremno.com

What guarantees?
Its just a business. If we do not do our work and liabilities - nobody will not cooperate with us.
To verify the possibility of the recovery of your files we can decrypted 1 file for free.
Attach 1 file to the letter (no more than 10Mb). Indicate your personal ID on the letter:
75 3B 69 4C 2F 65 6F EC 61 8F 4A F1 8B 56 0C E3 1E 6C 6F CB 69 59 E1 51 EC 04 6D 36 9B FD 49 13 17 5E 5A 1B CD 19 F4 70 93 02 60 21 5D 82 40 26 B6 81 21 C4 55 E1 97 F0 72 1A F4 F9 CC 90 A1 4E 98 DC 1C 49 06 56 08 02 D2 3B D2 9B 00 14 AF FC E4 C5 E8 39 B8 4B 01 A1 23 18 BD A7 2E 7E 66 09 08 57 4F 4D 04 0C 2C BF DE 40 C7 C9 D8 70 89 F4 ED A2 0F AF 0C FA 7A 27 D6 0B 86 44 5F 98 17 43 C1 C4 E4 D5 AA 9B E9 0A 3C FF 55 BC 06 2A 52 13 9E F7 86 B8 F7 83 44 43 0F 9E 00 6E EC DF 5A F6 19 D8 77 05 6A EA 59 8D 29 35 EB BB 0B 79 13 5E 14 BA 44 EE 62 12 0F 0E 70 E3 63 0D D4 2F 37 78 16 0C 38 58 6B C6 42 10 9E 4D 0C 77 F5 89 A8 DF 93 E5 A7 5B 99 88 CC BE 4B 3E 87 E4 9B 3F 66 A2 F2 C2 E8 FD 9A 06 4B 44 8D B5 D9 6D A5 8D B1 29 28 06 38 36 66 39 26 12 1E 1E 0F 08 73 4A F6 06 .
Attention!
? Attempts of change files by yourself will result in a loose of data.
? Our e-mail can be blocked over time. Write now, loss of contact with us will result in a loose of data.
? Use any third party software for restoring your data or antivirus solutions will result in a loose of data.
? Decryptors of other users are unique and will not fit your files and use of those will result in a loose of data.
? If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key.
      该病毒属于“美杜莎”家族系列,发作后导致服务器全盘有效数据被加密。
      请大家加强安全措施,有效保护数据安全,鸿萌针对勒索者病毒可以提供有效防护方案,该方案已经经过不少客户实测检验,可以有效防护勒索者病毒侵袭。