Arai 勒索软件

Arai Ransomware 是一种有害威胁，旨在加密存储在受感染设备上的数据。 Arai Ransomware 能够针对多种文件类型，这些文件类型在经过数据加密后将处于不可用状态。使用的加密算法确保受影响的文件在没有正确的解密密钥的情况下几乎不可能恢复。应该指出的是，Arai Ransomware 似乎专门针对感染企业实体。

Arai Ransomware 通过将“.araicrypt”附加到它们作为新的文件扩展名来修改它锁定的文件的原始名称。 Arai Ransomware 对被入侵设备造成的更改还包括创建一个名为“READ_TO_RESTORE_YOUR_FILES.txt”的新文本文件。该文件将被放置在设备的桌面上，其作用是携带带有网络犯罪分子指示的赎金票据。

赎金票据的详细信息

在要求赎金的信息中，Arai Ransomware 的犯罪运营商透露他们正在进行双重勒索行动。除了阻止受害者访问他们自己的文件外，攻击者还从受感染的系统中收集敏感或机密信息。该说明指出，该恶意软件已删除加密文件的所有备份和卷影副本。

泄露的数据被用作推动受害者支付要求赎金的额外杠杆。否则，黑客威胁要向公众发布私人数据或将其出售给任何相关方。此外，受害者显然只有 48 小时来满足网络犯罪分子的要求。在该期限结束后，黑客将拒绝协助恢复加密文件并发布收集的信息。

赎金记录给受害者留下了两个可以作为沟通渠道的电子邮件地址。主要地址是“AraiHelp@secmail.pro”，而“AraiHelp2@secmail.pro”用作备份。

Arai Ransomware 的消息全文如下：

'===========================================

All Your Files Have Been Encrypted !!

===========================================

All of your backups and shadow copies have also been deleted so forget restoring

them.

===========================================

We also have been able to steal your confidential files (databases, customers data's,

HR etc...) all over your network workstations and servers.

===========================================

If you want to hear your mind instead of our instructions, you will loose stupidly your

files but you will also see your files being published online or sell to tiers (and we'll do it)

In this case, beleive us that you're going to suffer a big financial loss and a big loss

of reputation.

===========================================

We are aware that you don't want this case too happens.

If you want to restore files and want us to delete your confidentials files, contact us right

with a message to the contact address below. Include the KeyID in your message pls.

===========================================

AraiHelp@secmail.pro

If there's no answers from us in the next 15 hours, contact us to :

AraiHelp2@secmail.pro

Note that you have only 48 hours to contact us. After this delay, there will be no data

recovered and your files will be published.

Key Identifier:'