SchrodingerCat Ransomware

研究人员警告用户注意一种新发现的恶意软件，称为 SchrodingerCat，属于勒索软件类别。这种特殊的威胁旨在加密存储在受害者设备上的数据，然后要求支付赎金以解密加密数据。

在受感染的设备上激活后，SchrodingerCat 会加密文件并通过附加“.schrodingercat”扩展名来更改其文件名。例如，最初名为“1.png”的文件将转换为“1.png.schrodingercat”，而“2.pdf”将变为“2.pdf.schrodingercat”，依此类推。

加密后，SchrodingerCat 会生成一个名为“how_to_back_files.html”的勒索信。经调查发现，该勒索软件主要针对大型组织，而非个人家庭用户。此外，已确认 SchrodingerCat 是属于Globe Imposter 勒索软件家族的一个变种。

SchrodingerCat 勒索软件的受害者无法访问重要文件和数据

SchrodingerCat 发出的赎金信息概述了受害者公司网络的入侵情况，并强调存储在其中的文件已被加密。该通知指出，恢复对锁定数据的访问的唯一方法是购买一个解密器，其价格为 0.15 BTC（比特币加密货币）。在撰写本文时，考虑到不断波动的汇率，这相当于近一万美元。

该通知详细说明了不遵守规定的后果，建议不要让中间人参与，并建议直接与攻击者沟通。拒绝支付赎金会促使网络犯罪分子威胁拍卖或泄露从网络窃取的敏感数据。此外，犯罪分子可能会联系受害者的客户，为他们提供购买被盗信息的机会。

研究人员强调，在没有攻击者参与的情况下，解密受勒索软件影响的数据通常是不可能的。即使满足了赎金要求，受害者也经常得不到承诺的解密密钥或软件。因此，强烈反对支付赎金，因为数据恢复并不能保证，而屈服于要求只会助长犯罪活动。

要阻止 SchrodingerCat 勒索软件进一步加密，必须将其从操作系统中清除。但是，必须注意的是，删除后不会恢复已感染文件的完整性。

不要拿设备和数据的安全冒险

用户可以通过多种主动措施增强其设备和数据对恶意软件和勒索软件威胁的防御能力：

• 使用可靠的安全软件：在所有设备上安装信誉良好的反恶意软件。确保定期更新您的程序以检测和缓解最新威胁。

• 保持软件更新：定期更新操作系统、软件应用程序和固件以修补安全漏洞。许多恶意软件都会利用已知的漏洞，因此保持更新有助于最大限度地降低风险。

• 小心电子邮件附件和链接：处理链接或电子邮件附件时要小心，尤其是来自未知或可疑发件人的链接或电子邮件附件。验证电子邮件的真实性，避免下载附件或点击可疑来源的链接。

• 启用防火墙保护：激活和配置设备和网络上的防火墙，以监视和控制传入和传出的网络流量。防火墙用作受信任的内部网络和不受信任的外部网络之间的屏障，有助于阻止未经授权的访问和恶意活动。

• 设置强密码和多重身份验证 (MFA) ：为所有帐户和设备使用牢不可破的唯一密码。考虑尽可能实施多重身份验证 (MFA)，这通过要求密码以外的其他验证来扩展安全性。

• 定期备份数据：定期将重要数据备份到外部存储设备或基于云的服务。如果发生恶意软件感染或勒索软件攻击，备份可确保无需支付赎金即可恢复数据。

• 限制用户权限：将设备和网络上的用户权限限制为其工作职能所必需的权限。这通过减少攻击者对敏感数据和系统资源的访问来限制恶意软件的潜在影响。

• 实施网络分段：将网络分段为更小的隔离部分，以遏制和减轻恶意软件的传播。这有助于防止网络内的横向移动并限制感染造成的损害。

• 保持知情并保持警惕：通过安全博客、论坛和新闻媒体等信誉良好的来源，随时了解新出现的威胁和安全最佳实践。

SchrodingerCat Ransomware 生成的要求赎金的注释是：

'YOUR PERSONAL ID

ENGLISH

YOUR CORPORATE NETWORK LOCKED!

ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.

TO RESTORE FILES YOU WILL NEED A DECRYPTOR!

To get the decryptor you should:

Pay for decrypt your network - 0.15 BTC

Buy BTC on one of these sites

hxxps://binance.com

hxxps://www.coinbase.com

Any site you trust

Bitcoin Wallet: 3Pvn*************MLA5

Our contacts:

email: yourdatahelp@seznam.cz

ToxID: CA04B61C320C50D12A2C1B95B5062474B5C00B995B588D0B3781DC052CBF9A354CD10F96C84D

You can download TOXChat here : hxxps://tox.chat/download.html

The message must contain your Personal ID! it is at top of this document.

HOW IT WORKS.

If you need a decrypter or return information, please contact us directly ! The guarantee of successful deals is only a direct contact! Don't shy... It's just business for us and we are always ready for polite and mutually beneficial communication.

What's problem with intermediaries?!

Very often intermediaries take money for themselves, it looks something like this: You turn to an intermediary for help, who promises you huge discounts and professional solutions to problems. Afterwards, intermediary contacts us to conduct a decrypt test, receives decrypted files, and then asks you to transfer money to a wallet not related to us. Having received money, intermediary assures client in every possible way that he did not receive decrypter or simply disappears with money. REMEMBER! - We only have wallet that is indicated in this html (first and last 4 characters) When transferring money to any other wallet, you are not transferring it to us.

deception using various Universal Decryptors for 30% of cost or at a fixed price has become very common. With beautiful pictures or enticing videos on YouTube, where they will show you how it works "Universal Software" - which in reality does not work, but is a Trojan for stealing bitcoin or another cryptolocker, before installing something like that - test it on an isolated network computer and you can see that it is useless. Globeimposter 2.0 namely, this is what you see on your network 🙂 can't be deciphered by anything! Besides original key... only one who created Build has key!- this is us. Contact real professionals like - hxxps://www.bleepingcomputer.com/forums/, or any large anti-virus companies - - they can tell you all horror of situation.

Considering above, we reserve right to request KYC confirmation. For example, send us a message from your corporate email on behalf of Company Director or IT department. We know their original emails - since we carefully study network before work 🙂 By contacting directly, you can count on a friendly conversation, a business-like approach... and possibly a good discount (discount depends on many circumstances, size of company,size of ransom, our checks of your accounting, phase of the Moon, etc.)

WHAT HAPPENS IF YOU DON'T PAY

In case of non-payment, we organize an auction on various sites in DarkNet and try to sell files leaked from your network to interested parties.

Next, we use mail + any other contacts of your clients, and notify them of what happened, perhaps they will be interested so that information does not get into public domain and will be ready to buy out information separately.

-If there are no willing to buy, we simply publish everything that we have in the public resources.

-------------------------------------

© 2024 Nacugunder Corporation | All Rights Reserved.'