Diamond(Duckcryptor)勒索软件
网络安全研究人员最近在调查潜在恶意软件风险时发现了一种名为 Diamond Ransomware 的新威胁。与许多勒索软件一样,这种威胁程序的主要目的是加密其渗透的设备上的数据。随后,Diamond Ransomware 背后的网络犯罪分子将试图向受影响的用户或组织勒索赎金,以换取恢复对加密数据的访问权限。值得注意的是,专家已经发现了一种名为Diamond Ransomware的先前勒索软件威胁。为了区分两者,新变种也可能被称为 Duckcryptor。
在受害者设备上成功执行后,Diamond(Duckcryptor)勒索软件会针对多种文件类型启动加密过程。该威胁通过附加“.[Dyamond@firemail.de].duckryptor”扩展名来修改原始文件名。例如,最初名为“1.png”的文件将被更改为“1.png.[Dyamond@firemail.de].duckryptor”,而“2.pdf”将变为“2.pdf.[Dyamond@firemail.de].duckryptor”,依此类推。
加密后,勒索软件会进一步改变系统,更改桌面壁纸并生成两个勒索字条,标题分别为“Duckryption_info.hta”和“Duckryption_README.txt”。这些字条可能包含支付赎金的说明,并可能提供网络犯罪分子的联系信息。
Diamond(Duckcryptor)勒索软件可能会造成严重破坏
Diamond(Duckcryptor)勒索软件留下的赎金纸条可能包含不同的文本变体,但传达的核心信息相似。它们通知受害者他们的文件已被加密,并强调要恢复对数据的访问需要支付赎金,通常以比特币加密货币支付。在满足赎金要求之前,受害者可以选择对最多两个文件进行解密测试,但须遵守某些规范。
此外,消息警告不要尝试手动解密或使用第三方解密工具,因为这些操作可能会导致不可逆转的数据丢失。随附的文本文件详细说明了寻求第三方帮助的风险。
该领域的安全专家强调,在没有攻击者参与的情况下解密通常是不可行的。此外,受害者即使满足了赎金要求,也经常不会收到承诺的解密工具。因此,他们强烈建议不要支付赎金,因为没有数据恢复的保证,这样做只会为网络犯罪分子的非法活动提供资金。
要阻止 Diamond (Duckcryptor) 勒索软件进一步加密,必须将其从操作系统中彻底删除。但是,删除勒索软件不会恢复已被盗用的文件。
实施全面的安全方法来确保数据和设备的安全
实施全面的安全方法对于保护用户的数据和设备免受各种威胁至关重要。以下是有关用户如何实现此目的的详细指南:
- 强身份验证:实施强身份验证措施,例如复杂密码、生物特征身份验证和多因素身份验证 (MFA),以防止未经授权访问任何设备和帐户。
- 加密:对静态和传输中的私人数据进行加密,以防止未经授权的访问。加密工具和技术可用于保护存储在设备上、通过网络传输和存储在云中的数据。
- 定期更新和修补:始终使用最新的安全补丁和更新来更新所有设备、操作系统和软件。定期检查并安装更新以解决已知漏洞并加强对潜在威胁的防御。
- 防火墙和网络安全:在设备和网络上安装和配置防火墙,以监控和控制传入和传出流量。实施网络安全措施,如入侵检测和预防系统 (IDPS),以检测和阻止不安全活动。
- 反恶意软件:在所有设备上安装信誉良好的反恶意软件,以检测和删除欺诈软件和文件。保持安全程序的威胁定义保持最新,并定期扫描设备以查找恶意软件。
- 安全的 Wi-Fi 网络:使用强加密(例如 WPA2 或 WPA3)和唯一密码来保护 Wi-Fi 网络。不要对 Wi-Fi 路由器和网络使用默认或容易猜到的密码。
- 数据备份和恢复:定期将重要数据和文件备份到安全的离线存储位置,例如云存储服务或外部硬盘。检查备份和恢复程序,确保在发生数据丢失或安全事故时,这些程序有效。
- 用户教育和意识:向用户介绍常见的安全隐患和安全计算的最佳实践,包括如何识别网络钓鱼电子邮件、绕过可疑网站以及安全地处理敏感信息。
通过实施这些全面的安全措施并持续监控和更新它们,用户可以增强其数据和设备的安全性,以抵御各种威胁。
Diamond(Duckcryptor)勒索软件留给受害者的赎金纸条是:
Diamond Ransomware
All your files have been EncryptedWhat Should i Do?If you want to restore them, Write us a E-mail: Dyamond@firemail.de
Include this ID on your Message: {Username}
In case of no answer in 24 hours write us to this e-mail: reopen1824@firemail.deHow can I buy bitcoins?You can buy bitcoins from all reputable sites in the world and send them to us.
Just search how to buy bitcoins on the Inter, sans-serifnet. Our suggestion is these sites.binance.com | localbitcoins.com | bybit.comWhat is your guarantee to restore files?
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us.
Its not in our Inter, sans-serifests. To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc) and low sizes(max 2 mb) we will decrypt them and send back to you. That is our guarantee.Attention!
Do not try to decrypt your data using third party software, it may cause permanent data loss.'
Diamond(Duckcryptor)勒索软件创建的文本文件包含攻击者的以下勒索信:
'Diamond Ransomware
Attention!! (Do not scan the files with antivirus in any case. In case of data loss, the consequences are yours) Attention!!
what happened?
All your files have been stolen and then encrypted. But don't worry, everything is safe and will be returned to you.
How can I get my files back?
You have to pay us to get the files back. We don't have bank or paypal accounts, you only have to pay us via Bitcoin.How can I buy bitcoins?
You can buy bitcoins from all reputable sites in the world and send them to us. Just search how to buy bitcoins on the internet. Our suggestion is these sites.www.binance.com/en
www.coinbase.com
www.localbitcoins.comwww.bybit.com
What is your guarantee to restore files?
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc… not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you.That is our guarantee.
How to contact with you?
If you want to restore them, Write us a E-mail: Dyamond@firemail.de
In case of no answer in 24 hours write us to this E-mail: reopen1824@firemail.de
Make sure that you send the key.txt file (saved in your desktop) in the emailHow will the payment process be after payment?
After payment, we will send you the decryption tool along with the guide and we will be with you until the last file is decrypted.
What happens if I don't pay you?
If you don't pay us, you will never have access to your files because the private key is only in our hands. This transaction is not important to us,
but it is important to you, because not only do you not have access to your files, but you also lose time. And the more time passes, the more you will lose andIf you do not pay the ransom, we will attack your computer/company again in the future.
What are your recommendations?
Never change the name of the files, if you want to manipulate the files, make sure you make a backup of them. If there is a problem with the files, we are not responsible for it.
Never work with intermediary companies, because they charge more money from you. For example, if we ask you for 50,000 dollars, they will tell you 55,000 dollars. Don't be afraid of us, just call us.
We are committed to complete the unlock after your payment.
Our suggested price is based on your ability, so don't worry about the price and send an email to make a deal.
If after sending an email and paying our admin, our admin does not unlock your files, you can share this situation with us so that we can fire the admin and unlock your files for free Telegram ID to contact support 🙁 @MB00200 ).'
