黑客的勒索信如下:All your files have been ENCRYPTED!!!
Write to our email - bigbosshorse@ctemplar.com
Or contact us via jabber - bigbosshorse@xmpp.jp
Jabber client installation instructions:
Download the jabber (Pidgin) client from https://pidgin.im/download/windows/
After installation, the Pidgin client will prompt you to create a new account.
Click - Add
In the -Protocol field, select XMPP
In -Username - come up with any name
In the field -domain - enter any jabber-server, there are a lot of them, for example - exploit.im
Create a password
At the bottom, put a tick -Create account
Click add
If you selected -domain - exploit.im, then a new window should appear in which you will need to re-enter your data:
User
password
You will need to follow the link to the captcha (there you will see the characters that you need to enter in the field below)
If you don't understand our Pidgin client installation instructions, you can find many installation tutorials on youtube - https://www.youtube.com/results?search_query=pidgin+jabber+install
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
tell your unique ID
YokPe2ssdsddssddasdFUGFCCQPYip7FV4wIHWu9x/C4Bxb8t+zxS+u4KLOff5Gu9DmNmE/yyAzdk7NvYmCDWWvNwa/8JLhIv7JuhrvU2TH37la65CoKk7X0ljqeX7XNmxODgbJlOCa5/bo09l09J107AMGbNgvKSZBHzBH/PV1OFen2k39q32tdIwqytE+2miQpdCCItnwMLmnU1fcS+zkBaBJjZzAYAzk5qmk4nvy6ldTyiuvE3mGH7lt1KjTwb21CkYLMiWy2o62JyyZoc+JuUEFY4DYgQ9XZxiWXN5fvQjzGIigXu5drculs1zkRDNfDVpON71eykjr8/s7OdsRCtQ7g2/W40++xsTdEd/jIlR3GXQ7ajsU3t33RCuteCDXvmnd9++fBbc8PZPscOjgZDj29/amOwQk0GjYd8MYAOKgOMQoCBblpoCajWXJQo3vSN7cvfYwNnDHmaiUtwzgEzlqnDh/WyfgO46lIzg1hbHv6l85Ys/vgeS33sdo+IZ6YFRRmsF9wjqKPqRYDB7g9BiYu/LXIQOC3y5nqtGc8brWq6HhMOhqdrb1SYw6SqA1TLtqWsumqvATlOgTbrl8160lZy3HK4bjVFjmadvAZs97dHcf+9GJ+vJEYMGZEXjW9L6ZKXOutcH/a5bjREh6LYBTY3ZcOKSDF=
问题解决:该问题是典型的中了勒索病毒的案例,该bigbosshorse后缀的勒索病毒,是本周刚刚出现的新型病毒。客户找寻多家数据恢复和电脑维修的公司,均无法解决。我们先对客户所发的文件进行了底层分析,发现该病毒数据感染程度不深,加密文件不多,经过3天时间的抢修工作,最终完美修复,数据库99%复原。
针对该勒索病毒,如果是数据库文件可以尝试修复,但是其他类型的文档,无法修复,只能尝试解密。如果您的服务器不幸中了勒索病毒,请随时联系我们处理,电话18910108696,微信同号。我们尽最大努力为您挽回数据损失。