|
病毒家族 | Globeimposter3.0、十二生肖、十二主神 |
---|---|---|
病毒别名 | Alpha865qqz | |
影响系统 | Windows | |
出现时间 | 2020年 |
所有文件被加上.Globeimposter-Alpha865qq后缀(扩展名);
数据和文件被加密,恢复扩展名仍然无法使用;
Windows系统核心文件未加密,Windows系统可以运行;
系统安全服务、SQL服务、虚拟机、杀毒软件等被关闭禁用;
Windows系统备份被删除;
病毒文件自销毁;
Windows日志被删除;
文件夹下生成HOW TO BACK YOUR FILES.exe、HOW TO BACK YOUR FILES !!!.TXT;
“TO DECRYPT, FOLLOW THE INSTRUCTIONS:
To recover data you need decrypt tool.
To get the decrypt tool you should:
1.In the letter include your personal ID! Send me this ID in your first email to me!
2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files!
3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool!
4.We can decrypt few files in quality the evidence that we have the decoder.
DO NOT TRY TO DO SOMETHING WITH YOUR FILES BY YOURSELF YOU WILL BRAKE YOUR DATA !!! ONLY WE ARE CAN HELP YOU!CONTACT US:
China.Helper@aol.com
ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER:
Your personal ID: ***-***-***
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our)
or you can become a victim of a scam.
”
被攻击的应用系统主要有:医疗系统、财务系统、OA、进销存系统等。
根据勒索病毒的计算机数据加密原理,国瑞团队修复或者解密被加密数据,不限任何扩展名,但需要针对不同病毒家族、版本,了解病毒的特性和加密率,用来决策采取对应的处理方法手段。 所以,当您寻求国瑞团队救援数据或其他专业数据恢复或安全机构的帮助之前,最好掌握一些信息,提前介绍给专业人员,以便我们更快速准确判断和解决灾难事件。
核心数据服务器上,分区数量、分区空间使用量,被加密文件的总数量(比如几百个、几万个、百万级),核心数据大小(比如:数据库总共20个、总大小1T、最大的库100G等),数据备份损失情况,是否有未被加密文件情况。