客户文件被添加“.Globeimposter-Alpha865qqz”及“.638-388-C32”后缀

当前位置 :  首页 > 成功案例

客户文件被添加“.Globeimposter-Alpha865qqz”及“.638-388-C32”后缀

近日,鸿萌接到两起勒索病毒加密案例。现分析如下:

 

客户一案例分析

 

该客户两台服务器中数据被添加异常后缀 ".Globeimposter-Alpha865qqz",显示如下:

 

 

勒索信息如下:

 

Your personal ID

略去

 To decrypt, follow theinstructions below.

To recover data you need decrypt tool.
To get the decrypt tool you should:

Send 1 crypted test image or text file or document to China.Helper@aol.comIn the letter include your personal ID (look at thebeginning of this document). Send me this ID in your first email to me.
We will give you free test for decrypt few files (NOT VALUE) and assign theprice for decryption all files.
After we send you instruction how to pay for decrypt tool and after payment youwill receive a decrypt tool and instructions how to use it We can decrypt fewfiles in quality the evidence that we have the decoder.


MOST IMPORTANT!!!

Do not contact other services that promise to decryptyour files, this is fraud on their part! They will buy a decoder from us, andyou will pay more for his services. No one, except China.Helper@aol.com, will decrypt your files.


  • Only China.Helper@aol.com can     decrypt your files

  • Do not trust anyone besides China.Helper@aol.com

  • Antivirus programs can delete this document and     you can not contact us later.

  • Attempts to self-decrypting files will result in     the loss of your data

  • Decoders other users are not compatible with your     data, because each user's unique encryption key 

 

客户二案例分析

 

该客户服务器中文件被添加后缀 ".638-388-C32",显示如下:

 

 

勒索信息如下:

 


勒索软件重装上阵,并且显露出双重的勒索倾向:窃取并威胁泄露企业敏感信息;加密并威胁泄露企业珍贵数据。企业需采取积极应对措施,从两个方面着手,避免遭受勒索病毒攻击:加强网络安全建设;制定并实施完善的灾备策略,保存定期离线备份。

 

保存定期离线备份是防范勒索病毒的终极方案

 

总会有意外的事件发生。防止永久数据丢失的唯一真正保障是离线的备份。企业应定期创建备份,以跟上系统的任何重要更改。并且确保在某个备份受到恶意软件感染时,可以选择一个干净的未被感染的时间段。

 

鸿萌易备数据备份软件提供主动防勒索病毒的备份保护机制。支持系统、数据库、虚拟机以及 Exchange 邮件服务器的备份。支持定期备份以及热备份。支持详尽的备份时间计划。支持多种备份目标位置(本地磁盘、磁带、NAS、云服务等)。

联系我们 了解更多