成功处理一起.voyager后缀勒索病毒解密事件-国瑞安全

2月14日，北京某出版社被黑客入侵，业务系统停止，国瑞安全第一时间抵达现场紧急响应服务，经过了解分析：

7台包括服务器、虚拟机及内网PC共享文件夹，mssql数据库、mysql数据库和工作文件全部被加密成.voyager后缀，其中部分主机C盘系统文件都被加密，

勒索病毒在加密文件夹内生成!READ_ME.txt文件，内容如下：

SOMETHING WENT WRONG, PLEASE CONTACT YOUR SYSTEM ADMINISTRATOR!
He can help you to understand whats happened.
If he can't help you, contact us via email:
voyager010@aol.com
voyager@cock.li
HURRY UP! WE HAVE ANTIDOTE FOR YOUR FILES! DISCOUNT 20% FOR CLIENTS, WHO CONTACT US IN THE SAME DAY!
You can attach 2 files (text or picture) to check our honest intentions, we will heal them and send back.
File size not more than 1 Mb and it's should be text or picture, NOT DATABASE.
Fill the following QUESTIONNAIRE and send it in body of your email.
***********************************
QUESTIONNAIRE
Company name: [PUT YOUR COMPANY NAME HERE]
Country: [PUT YOUR COUNTRY HERE]
City: [PUT YOUR CITY HERE]
ID: **********
***********************************
We can help you to avoid same issues in future, after heal we will provide advice how to fix security issues on your network.

通过对软硬件系统的了解，内网环境的了解，以及被加密文件的仔细分析，国瑞安全提供相关事中事后的整体安全解决方案，成功解决了数据解密恢复、安全运维防御、网络安全合规等一系列问题，将数据损失与安全风险降到最低，并与出版社达成长期安全保障合作意向，目前相关工作正在稳步推进中。

处理某单位数据被加密成.voyager后缀病毒事件

分享至微信分享