010-84986180(咨询) 13720089039(咨询)
010-84986180(技术) 18911961373(技术)

北京用友北京用友

站内文章搜索: 高级搜索
热门搜索: T3 U8 T+软件 用友软件多少钱一套 用友年结 勒索病毒数据恢复 好会计软件
您所在的位置:首页 -> 常见问题 -> 中了勒索病毒怎么办
Sodinokibi勒索病毒家族详解-转载
浏览:3877次 评论:0条 发表日期:2019-11-24 21:00:50作者:
Tags:Sodinokibi

相关阅读:
Sodinokibi勒索病毒样本分析,我是链接请点我。


勒索病毒家族名称:Sodinokibi
是否支持解密: 
详情:
被加密文件:被加密文件后缀为随机后缀。



被加密后桌面被修改:
Hello daer friend!
Your files are encrypted,and , as result you can’t use it .You must visit our page to get instructions about decryption process.For futher steps y22k2-readme.txt that is located in every encrypted folder.





勒索提示文档内容:
---=== Welcome. Again. ===---

[+] Whats Happen? [+]

Your files are encrypted, and currentlyunavailable. You can check it: all files on you computer has expansion y22k2.
By the way, everything is possible to recover(restore), but you need to follow our instructions. Otherwise, you cant returnyour data (NEVER).

[+] What guarantees? [+]

Its just a business. We absolutely do not careabout you and your deals, except getting benefits. If we do not do our work andliabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, Youshould go to our website. There you can decrypt one file for free. That is ourguarantee.
If you will not cooperate with our service - forus, its does not matter. But you will lose your time and data, cause just wehave the private key. In practise - time is much more valuable than money.

[+] How to get access on website? [+]

You have two ways:

1) [Recommended] Using a TOR browser!
  a)Download and install TOR browser from this site: https://torproject.org/
  b) Openour website:http://aplebzu47wgazapdqks6vrcv6 ... on/665252B5148E707D

2) If TOR blocked in your country, try to useVPN! But you can use our secondary website. For this:
  a) Openyour any browser (Chrome, Firefox, Opera, IE, Edge)
  b) Openour secondary website: http://decryptor.top/665252B5148E707D
Warning: secondary website can be blocked, thatswhy first variant much better and more available.
When you open our website, put the followingdata in the input form:


Key:
NC4tjcMvlDLOWkgUT5BrPyU0344imCBBh6JdrSWFCgiWE+f5B5tDMXtbUT9Zv+Vc
n3wRGx1GiNbg+JhvQfcyC5ZSyP2lMjS6NpHFzh48W5/TLEhFxT6xd/aMyRIsu/qz
Hm9sUgRCE8BQsVx4KP0Wj+dSyy3f+gQQ5yOxzOmjDU1+Mw3QPbv9rV2mUGVJnKlQ
mxqev2qN4TbNXAb962k2lTGA4HA6NgrQJ+Z8rBFqJ+y2o70mktD8ZgOCF77zX6FT
/kDUwF1LeR2Yf1JMo/yMaWT2REkTV7UxVNnFlSQQsBmqZ996QGPukp4WXt/1R/xP
gs01lOirjclOmIsDKxgBR0C3z3x9WaXhnfuDzdY7eu5UQ/8mjF7X1XC7pRkgmFv2
TrYRgku5U89WMIJWy00KD9+FlBmM8uOtHgBRFqfUstzhkzw4OuvaaG1B08LbVyVo
UqOCat8pI64nNVWK3wB73OZhOLFip2ZO7KawqHl0WtRIdpDAAoipy7ljdgRtmyH5
1yiAYxjDhFMRQLHPjACxz5rltGsWxxavtLp216+Dj79aPa/FWHcJ/BlvzfxF1YWT
Op6kEB2ogXq0uGOd/9FjFC1WMi6CTURcxIcIXQCxS44ACkTexr94yepa5uplFK0D
2KL21gnnbFn44UQwRwGP+RhEChThzJt5rkvIsp8Dg2UIaTQF81WSbEDnNvahvK2W
OSMtgGTqExoLl3nLmdnec9aeHUFFADBVE9Tyf0/E/njdBrf1IEj1iCTJkdjWUSvr
8qsGVgktwO6FJDDtJ3GLlgKgtXKn/czrOJG087k8IHYkMlc9TLf3yAqTso7nc2CI
Vvq8HGLaUqTa+kmUV/A1fLOfKzJGAUyt/cGBDocCTcDTkVwc+Af3Zp4qBloeNL9J
qLDJx7lB36Ikdejanhlaayppvrt40r2Uo6i8emFAuhGiEwkiC8+qicfAIs/ji4ec
SNrwS9HZBJzBlpNFyV3FVDtRXYAgZB8cFHiLwV8XHwbEd4yAXV/rbcUTVfwSLKJT
vGzsxtBH751Hn3dESfscVjrsR8ADTiTS3tD9PEEl+kkdrmFPXulnDfi3BY/upHfP
9cy27vbcTmWh2YmlA6POiUf3UWuh5OzP17AJlrsZSTknAbsgAhDfHCP677kTLr71
bLPhDf8SUHkst/hhcI/9e6/ku35ZZyxn0q2kIHdp2zJUwYZYYJSbZ/OAYJlSE3UY
YgJOJQ1kbMrAx8dUxHG8SHQKaWK3EStvgzjET8/o4wREaPtiaOSwaaolrJh+RLoD
jUffDDSpIdIuZZ0wNiW5U7gLUN/Cxqts4rcUH4PS4539xfJoPxBVP+jYiWv3KccL
H1d3SgN48Nc63lApcIyHtOKH

Extension name:
y22k2
-----------------------------------------------------------------------------------------
!!! DANGER !!!
DONT try to change files by yourself, DONT useany third party software for restoring your data or antivirus solutions - itsmay entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get yourfiles back. From our side, we (the best specialists) make everything forrestoring, but please should not interfere.
!!! !!! !!!
---------------------------------------------------------------------------------
传播渠道:
    Sodinokibi勒索病毒,又被称作a.k.a Revil和“小蓝屏”,该勒索病毒于2019年4月底首次出现,从2019年4月份到2019年11月份目前所发现的主要有以下几个渠道:
  • Web漏洞,曾利用 Oracle WebLogic漏洞中编号为CVE-2019-2725的漏洞。
  • 带有链接或附件的恶意垃圾邮件或网络钓鱼活动。
  • 使用RIG 漏洞利用工具包传播。
  • 通过暴力破解获取到远程桌面的密码后手动投毒。并由被攻陷机器作为跳板攻击内网其它机器。

防护建议:
1.        多台机器,不要使用相同的账号和口令
2.        登录口令要有足够的长度和复杂性,并定期更换登录口令
3.        重要资料的共享文件夹应设置访问权限控制,并进行定期备份
4.        定期检测系统和软件中的安全漏洞,及时打上补丁。
5.        定期到服务器检查是否存在异常。查看范围包括:
a)        是否有新增账户
b)        Guest是否被启用
c)        Windows系统日志是否存在异常
d)        杀毒软件是否存在异常拦截情况
6.        安装安全防护软件,并确保其正常运行。
7.        从正规渠道下载安装软件。
8.        对不熟悉的软件,如果已经被杀毒软件拦截查杀,不要添加信任继续运行。


如果需要沟通,可联系我,我的手机号18910108696,微信同号
上一篇服务器中了pig865qqz怎么修复
下一篇服务器中了bigbosshorse勒索病毒..

最新文章

用友U8软件注册不成功的解决方案
登录T3提示【T3标准版已停止工作】
T6销售订单滤设增加表体自定义项增加不上
凭证也有特殊符号显示问题
用友u8软件无法进行模糊匹配查询-用友U8
用友U8销售发货单在后台数据库的表名是什么?
最新图文教程

北京用友远程维护收

登录T3提示【T3标准

T+12.3往来期间对账

用友U8+系统管理初始

服务器中了venolockd

T3运行时错误70,拒

T3软件提示登录失败

进入用友通T3固定资

热门文章

[09-15]
[10-08]
[10-26]
[10-15]
[05-13]
[09-18]

推荐文章

相关文章

在线咨询
售后支持
  • 业务电话:010-84986180
  • 13720089039
  • 夜间值班:18910108696
  • 北京会计QQ群:6388368