RADAR 勒索软件
在当今的数字时代,保护您的设备免受恶意软件威胁至关重要。一种特别有害的恶意软件,勒索软件,通过加密文件并要求付费解密,带来重大风险。了解和防范此类威胁对于个人和组织都至关重要。
目录
RADAR 勒索软件:概述
研究人员发现了一种名为 RADAR 的新勒索软件威胁。这种威胁软件专门用于加密受感染设备上的文件,然后索要赎金以解密。RADAR 勒索软件的作案手法包括加密文件并在文件名后附加随机字符串,例如将“1.png”转换为“1.png.W8M8ePNp”。
执行后行为
一旦勒索软件在受感染的设备上执行,它就会进行一系列有害操作:
- 文件加密:RADAR 加密受害者的文件,并通过附加随机字符串来更改其文件名。
- 桌面更改:勒索软件会修改桌面壁纸来表明感染。
- 勒索信创建:生成一份标题为“README_FOR_DECRYPT.txt”的勒索信,告知受害者加密和数据被盗。
赎金票据详细信息
勒索信中明确表达了其要求和威胁。它首先告知受害者他们的文件已被加密,然后警告说如果不支付赎金,收集的数据将被泄露。为了强调其要求的严重性,该信还详细介绍了网络犯罪分子之前的攻击和数据泄露情况。受害者可以在支付赎金之前对 5-10 个文件进行解密测试。此外,该信还警告受害者不要重命名、修改或删除锁定的文件,因为这些操作可能会导致解密无法进行。它进一步威胁说,联系当局将导致被窃取的数据自动泄露。最后,该信建议不要寻求第三方恢复公司的帮助,声称这会增加经济损失。
解密中的挑战
研究人员强调,在没有网络犯罪分子帮助的情况下解密文件非常困难。大多数勒索软件(包括 RADAR)的设计都具有很强的抗解密能力,除非攻击者提供必要的密钥。即使支付赎金也是有风险的,因为攻击者很少会履行发送解密工具的承诺。
为了防止进一步的数据加密,必须从操作系统中删除 RADAR 勒索软件。但是,删除不会恢复已加密的文件。
防范勒索软件的安全措施
为了保护您的设备免受 RADAR 等勒索软件的攻击,实施以下安全措施至关重要:
- 定期备份:定期将所有重要数据备份到外部驱动器或云服务,以确保您无需支付赎金即可恢复文件。
- 更新软件:保留使用最新安全补丁升级的操作系统和应用程序。
- 反恶意软件工具:使用信誉良好的反恶意软件程序在勒索软件造成危害之前揭露并冻结它。
- 电子邮件警惕:谨慎对待电子邮件附件和链接,尤其是来自未知发件人的附件和链接,因为这些是勒索软件传播的常见载体。
- 网络安全:实施强大的网络安全措施,包括防火墙,以防止未经授权的访问。
- 用户教育:向员工和用户宣传勒索软件和其他类型恶意软件的风险以及安全上网的重要性。
- 访问控制:规范用户对关键系统和数据的访问,以最大限度地减少勒索软件攻击的潜在影响。
通过采取这些预防措施,用户可以显著减少勒索软件感染的机会,并保护他们的宝贵数据免遭网络犯罪分子的侵害。
RADAR 勒索软件留给受害者的勒索信全文如下:
'RADAR
Your network has been breached and all major data were encrypted.
Important files have been downloaded from your servers and are ready to be published on TOR blogs.To decrypt all the data and prevent exfiltrated files to be disclosed on TOR blogs, dataleak forums, dataleak databases, telegram channels etc with lot of tags/videos on twitter/facebook you should purchase our decryption tool. We will provide you a proof video how our Decryption Tool works.
Please contact our sales department at Skype: [redacted]
We appreciate and respect everyone, that's why in Skype you will get a proof, we will record a video of 5-10 files of your choice.Follow the guidelines below to avoid losing your data:
Do not modify, rename or delete encrypted files. In result your data will be undecryptable.
Do not modify or rename encrypted files. You will lose them.
Do not report to the Police, FBI, etc. They don't care about your business. They simply won't allow you to pay. As a result you will lose everything and your data, recorded data on videos etc will be published.
Do not hire a recovery company. They can't decrypt files without our Decryption Tool. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. You should contact with us yourself and we'll guarantee you 10077BCB65CA365CF885446C7CB6B4ABA99uccessful decryption without any loss + exfiltrated data erasing from our servers.
Do not reject to purchase RADAR Decryptor from us, otherwise exfiltrated files will be publicly disclosed with video of files.
P.S. Do not repeat the same mistakes as other companies did with us, for example our old case with a small Spain Company: [redacted] Their Website - [redacted]
Our media team published files and videos, because they didn't pay as in time. Small part of proofs:
[redacted]
[redacted]
[redacted]
[redacted]
Lot of telegram channels like [redacted] , [redacted] , all darkweb resources list from here - [redacted]We have a direct contact with a list of ransomware owners in jabber and tox, you can see all the companies that refused to cooperate with us, TOR/onion URLs: hxxp://xb6q2aggycmlcrjtbj[redacted]sqb4nx6cmod3emy7sad.onion
hxxp://mbrlkbtq5jonaqkurj[redacted]4rgjbkkknndqwae6byd.onion
hxxp://bianlianlbc5an4kgn[redacted]gczopmm3dnbz3uaunad.onion/
hxxp://alphvmmm27o3abo3r2[redacted]5xsj7j7ejksbpsa36ad.onion
htxxp://knight3xppu263m7g4[redacted]h7vjdc3zrscqlfu3pqd.onion/For [redacted] we hired 3rd party team of data analysts with OSINT-specialists. Because of adding such 3rd parties, the price for Decryption Tool and exfiltrated data erasing has been increased. In result they suffered significant problems due disastrous consequences, leading to loss of valuable intellectual property and other sensitive information, GDPR issues, costly incident response efforts, information misuse/abuse, loss of customer trust, brand and reputational damage, legal and regulatory issues. And it will never end for them, as their files are constantly downloaded and videos are viewed by people from all over the World.
That's why we don't recommend to ignore us.Let's respect each others time.
With best Regards, RADAR'
