发表时间: 2019-07-31 12:52:44
浏览:
.Bacchus666文件是被勒索病毒十二主神/希腊众神加密后的文件后缀。
此病毒属于Globeimposter家族变种,黑客主要通过弱口令扫描/RDP暴力破解/webshell/SQL注入/内网代理扫描等方式入侵,获取计算机权限后将所有文档/数据库/非系统文件加密成.Bacchus666后缀,采用无法反向的RSA+AES加密算法,病毒会在每个文件夹释放HOW TO BACK YOUR FILES.txt文件,内容包括勒索信息及说明。
HOW TO BACK YOUR FILES.txt文件内容:
YOUR FILES ARE ENCRYPTED !!!
TO DECRYPT, FOLLOW THE INSTRUCTIONS:
To recover data you need decrypt tool.
To get the decrypt tool you should:
1.In the letter include your personal ID! Send me this ID in your first email to me!
2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files!
3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool!
4.We can decrypt few files in quality the evidence that we have the decoder.
DO NOT TRY TO DO SOMETHING WITH YOUR FILES BY YOURSELF YOU WILL BRAKE YOUR DATA !!! ONLY WE ARE CAN HELP YOU! CONTACT US:
Sin_Eater.666@aol.com
ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER:
***
从2019年7月国瑞IT观察到.Bacchus666相关变种后,目前此病毒在国内属于高发期,各行业及政企机关都有感染案例,据国瑞IT统计,病毒产生文件加密后缀为.*666的名称已经超出15种以上,目前已知有:
.Ares666/.Athena666/.Aphrodite666/.Apollon666/.Artemis666/.Bacchus666/.Demeter666/.Dionysus666/.Hades666/.Hestia666/.Hephaestus666/.Hermes666/.Hera666/.Zeus666/.Poseidon666/.Persephone666...
目前国瑞IT正对.Bacchus666文件解密方法进行研究,用户在中毒后对文件.Bacchus666文件的处理方法以及如何解密恢复等应急处理,可以联系国瑞IT进行应急事件处理。