处理某单位数据被加密成.voyager后缀病毒事件
发表时间: 2020-02-16 09:33:02
浏览:
2月14日,北京某出版社被黑客入侵,业务系统停止,国瑞安全第一时间抵达现场紧急响应服务,经过了解分析:
7台包括服务器、虚拟机及内网PC共享文件夹,mssql数据库、mysql数据库和工作文件全部被加密成.voyager后缀,其中部分主机C盘系统文件都被加密,
勒索病毒在加密文件夹内生成!READ_ME.txt文件,内容如下:
SOMETHING WENT WRONG, PLEASE CONTACT YOUR SYSTEM ADMINISTRATOR!
He can help you to understand whats happened.
If he can't help you, contact us via email:
voyager010@aol.com
voyager@cock.li
HURRY UP! WE HAVE ANTIDOTE FOR YOUR FILES! DISCOUNT 20% FOR CLIENTS, WHO CONTACT US IN THE SAME DAY!
You can attach 2 files (text or picture) to check our honest intentions, we will heal them and send back.
File size not more than 1 Mb and it's should be text or picture, NOT DATABASE.
Fill the following QUESTIONNAIRE and send it in body of your email.
***********************************
QUESTIONNAIRE
Company name: [PUT YOUR COMPANY NAME HERE]
Country: [PUT YOUR COUNTRY HERE]
City: [PUT YOUR CITY HERE]
ID: **********
***********************************
We can help you to avoid same issues in future, after heal we will provide advice how to fix security issues on your network.
通过对软硬件系统的了解,内网环境的了解,以及被加密文件的仔细分析,国瑞安全提供相关事中事后的整体安全解决方案,成功解决了数据解密恢复、安全运维防御、网络安全合规等一系列问题,将数据损失与安全风险降到最低,并与出版社达成长期安全保障合作意向,目前相关工作正在稳步推进中。
点击右上角
分享给朋友吧
长按图片保存/分享
0
——— 联系我们 Contact Us ———
24小时应急响应电话:15021662155 (微信同号)
serve@grit.com.cn
样本提交 2012 - 2020 Copyright © 国瑞IT安全服务中心 沪ICP备09036178号
