服务器中了bigbosshorse勒索病毒成功修复

分享到:

2019-11-24 14:51:03

问题现象:2019年11月24日,接到湖南客户电话紧急求助,他们的一台应用服务器,所有文件被篡改后缀bigbosshorse,客户尝试直接修改后缀,发现文件全部乱码。应用系统无法打开,严重影响了公司的业务系统。中毒后服务器的文件变成了如下图:
黑客的勒索信如下:All your files have been ENCRYPTED!!!
Write to our email - bigbosshorse@ctemplar.com
Or contact us via jabber - bigbosshorse@xmpp.jp
Jabber client installation instructions:
Download the jabber (Pidgin) client from https://pidgin.im/download/windows/ 
 
After installation, the Pidgin client will prompt you to create a new account. 
Click - Add
In the -Protocol field, select XMPP 
In -Username - come up with any name 
In the field -domain - enter any jabber-server, there are a lot of them, for example - exploit.im 
Create a password
At the bottom, put a tick -Create account 
Click add 
If you selected -domain - exploit.im, then a new window should appear in which you will need to re-enter your data: 
User 
password 
You will need to follow the link to the captcha (there you will see the characters that you need to enter in the field below) 
If you don't understand our Pidgin client installation instructions, you can find many installation tutorials on youtube - https://www.youtube.com/results?search_query=pidgin+jabber+install 
Attention!
Do not rename encrypted files. 
Do not try to decrypt your data using third party software, it may cause permanent data loss. 
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. 
tell your unique ID
YokPe2ssdsddssddasdFUGFCCQPYip7FV4wIHWu9x/C4Bxb8t+zxS+u4KLOff5Gu9DmNmE/yyAzdk7NvYmCDWWvNwa/8JLhIv7JuhrvU2TH37la65CoKk7X0ljqeX7XNmxODgbJlOCa5/bo09l09J107AMGbNgvKSZBHzBH/PV1OFen2k39q32tdIwqytE+2miQpdCCItnwMLmnU1fcS+zkBaBJjZzAYAzk5qmk4nvy6ldTyiuvE3mGH7lt1KjTwb21CkYLMiWy2o62JyyZoc+JuUEFY4DYgQ9XZxiWXN5fvQjzGIigXu5drculs1zkRDNfDVpON71eykjr8/s7OdsRCtQ7g2/W40++xsTdEd/jIlR3GXQ7ajsU3t33RCuteCDXvmnd9++fBbc8PZPscOjgZDj29/amOwQk0GjYd8MYAOKgOMQoCBblpoCajWXJQo3vSN7cvfYwNnDHmaiUtwzgEzlqnDh/WyfgO46lIzg1hbHv6l85Ys/vgeS33sdo+IZ6YFRRmsF9wjqKPqRYDB7g9BiYu/LXIQOC3y5nqtGc8brWq6HhMOhqdrb1SYw6SqA1TLtqWsumqvATlOgTbrl8160lZy3HK4bjVFjmadvAZs97dHcf+9GJ+vJEYMGZEXjW9L6ZKXOutcH/a5bjREh6LYBTY3ZcOKSDF=

问题解决:该问题是典型的中了勒索病毒的案例,该bigbosshorse后缀的勒索病毒,是本周刚刚出现的新型病毒。客户找寻多家数据恢复和电脑维修的公司,均无法解决。我们先对客户所发的文件进行了底层分析,发现该病毒数据感染程度不深,加密文件不多,经过3天时间的抢修工作,最终完美修复,数据库99%复原。

针对该勒索病毒,如果是数据库文件可以尝试修复,但是其他类型的文档,无法修复,只能尝试解密。如果您的服务器不幸中了勒索病毒,请随时联系我们处理,电话18910108696,微信同号。我们尽最大努力为您挽回数据损失。


声明:此篇为用友服务中心文章,转载请标明出处链接:
  • 相关文章
  • 热门下载
  • 数据修复
  • 热门标签
合作伙伴