Datah 勒索软件
信息安全专家最近发现了一种令人担忧的新勒索软件威胁,称为 Datah 勒索软件。这种有害软件会加密受感染系统上的多种文件类型,使受害者无法访问它们。除了加密文件外,Datah 还会留下一封名为“+README-WARNING+.txt”的勒索信,其中包含联系信息和受害者的进一步说明。
此外,Datah 还更进一步重命名加密文件。它通过在文件名后附加特定标识符来实现此目的,包括受害者的唯一 ID、电子邮件地址“datahelper@onionmail.org”和“.datah”扩展名。例如,最初名为“1.doc”的文件将转换为“1.doc.[2AF30FA3].[datahelper@onionmail.org].datah”,而“2.pdf”将变为“2.pdf.[2AF30FA3].[datahelper@onionmail.org].datah”,依此类推。值得注意的是,Datah 被归类为Makop 勒索软件家族的一个变种。
Datah 勒索软件受害者的数据被劫持
Datah 勒索软件附带的赎金通知向受害者传达了一条明确的信息:他们的文件已被加密,但底层文件结构仍然完好无损。通知强调,恢复文件的唯一途径是向负责加密的网络罪犯付款。为了建立信任感,威胁行为者提供了两个简单且大小有限的文件的测试解密,展示了他们在收到付款后解密文件的能力。
联系信息通过电子邮件地址 (datahelper@onionmail.org) 和 TOX ID 提供,允许受害者与犯罪者进行通信。然而,该说明最后严厉警告不要试图独立更改加密文件。此类操作可能会导致数据和解密所需的私钥丢失,从而可能给受害者带来不可逆转的后果。
对于受害者来说,不要屈服于赎金要求至关重要,因为没有人能保证网络犯罪分子在收到付款后会履行提供解密工具的承诺。此外,迅速从受感染的计算机中删除勒索软件也至关重要。这样做不仅可以降低进一步加密的风险,还有助于防止勒索软件传播到同一网络内的其他计算机,从而减轻攻击的整体影响。
所有设备上均应实施的关键防御措施
在所有设备上实施关键防御措施对于保护数据免受勒索软件威胁至关重要。以下是用户应采取的关键步骤:
- 定期软件更新:确保操作系统、应用程序和安全软件定期更新。更新通常包括修复勒索软件利用的漏洞的补丁。
通过认真实施这些防御措施,用户可以减少成为勒索软件攻击的受害者的机会并保护他们宝贵的数据。
Datah 勒索软件附带的赎金通知全文如下:
'::: Greetings :::
Little FAQ:
.1.
Q: Whats Happen?
A: Your files have been encrypted. The file structure was not damaged, we did everything possible so that this could not happen..2.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay us..3.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc… not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee..4.
Q: How to contact with you?
A: You can write us to our mailbox: datahelper@onionmail.org
Or you can contact us via TOX: B99CB0C13B44E2A1AEBAEB28E70371D6E3DB35DA801721930B53B0E787433270665DA610BAB0
You can download TOX: hxxps://qtox.github.io/.5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files..6.
Q: If I don t want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.:::BEWARE:::
DON'T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.'