高危病毒预警:Buran家族勒索病毒入侵某公司服务器
首页 > 业界动态
时间:2020-12-23 13:01:32
Buran勒索病毒去年8月份左右开始进入我国,该病毒起初是以邮件形式进行传播,且主要于国外活动,故国内感染量不大。后来,该勒索病毒传播形式转为通过RDP爆破拿到远程桌面密码后手动投毒,感染量不断上升,对用户电脑及财产安全造成极大威胁。
近日,鸿萌接到客户求助,工程师发现,客户感染的就是该Buran勒索病毒。中毒后的文件如下图所示:
中毒文件被添加了.14E-DCA-63C的文件后缀,文件无法使用。工程师检查勒索文件信息,内容如下:
!!! ALL YOUR FILES ARE ENCRYPTED !!!
All your files, documents, photos, databases and other important files are encrypted.
You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.
To be sure we have the decryptor and it works you can send an email: helpmebtc@protonmail.com and decrypt one file for free.
But this file should be of not valuable!
Do you really want to restore your files?
Write to email: helpmebtc@protonmail.com
Reserved email: cryptmailhelp@cock.li
Your personal ID: 14E-DCA-63C
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
All your files, documents, photos, databases and other important files are encrypted.
You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.
To be sure we have the decryptor and it works you can send an email: helpmebtc@protonmail.com and decrypt one file for free.
But this file should be of not valuable!
Do you really want to restore your files?
Write to email: helpmebtc@protonmail.com
Reserved email: cryptmailhelp@cock.li
Your personal ID: 14E-DCA-63C
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
针对Buran勒索病毒,鸿萌给出以下几点安全建议:
1、数据安全的最佳选择是备份,备份,备份。
2、服务器及相关密码建议设置长度为18位、加大小写、加字符、加数字的密码,最好每三个月更换一次密码。
3、重要资料的共享文件夹应设置访问权限控制,并进行定期备份。
4、定期检测系统和软件中的安全漏洞,及时打上补丁。
鸿萌针对各种形式的勒索病毒,都有可靠的数据防护解决方案,当您遇到类似问题,可以第一时间联系鸿萌数据安全公司。我们的工程师会为您降低珍贵数据丢失的风险。
鸿萌易备数据备份软件,为您降低数据风险的最佳选择!
鸿萌易备数据备份软件,为您降低数据风险的最佳选择!