Secles 勒索软件
Secles 是一种加密数据的威胁软件,网络安全研究人员已经识别出它。勒索软件威胁是专门为加密文件而设计的,目的是向受影响的受害者勒索赎金,以换取所谓的文件解密。
一旦在受感染的系统上激活,Secles 勒索软件就会有效锁定多种文件类型。在此过程中,它会通过附加分配给受害者的唯一 ID、网络犯罪分子的 Telegram 用户名和“.secles”扩展名来更改这些文件的标题。为了说明这一点,最初名为“1.png”的文件将转换为“1.jpg.id[DYz7jzMo].[t.me_secles1bot].secles”。完成加密过程后,Secles 勒索软件会生成一份名为“ReadMe.txt”的勒索字条并将其放置在受影响的系统上。
Secles 勒索软件受害者的文件被劫持
与 Secles 勒索软件相关的勒索字条敦促受害者与攻击者沟通,以启动其加密数据的恢复(解密)。如果所提供的联系信息被证明无法访问,受害者将被引导通过链接的 Tor 网络网站探索替代通信渠道。解密取决于满足赎金要求,但在遵守之前,受害者可以选择测试两个加密文件的恢复过程。该消息明确警告不要更改或删除受影响的数据,因为此类操作可能会阻碍解密过程或使其完全不可能。研究人员强调,解密通常需要网络犯罪分子的直接参与。
尽管支付了赎金,受害者常常发现自己没有必要的解密密钥或工具。因此,强烈建议不要这样做,因为无法保证文件恢复,而屈服于犯罪分子的要求只会使他们的非法活动永久化。
从操作系统中删除 Secles 勒索软件对于防止进一步的数据加密至关重要。但是,请务必注意,删除过程不会自动恢复以前受损的文件。
采用全面的安全方法来防止勒索软件感染
为了有效防止勒索软件感染,用户应采用包含各种主动措施和最佳实践的全面安全方法。以下是有关如何实现此目标的指南:
- 定期备份:定期将重要数据备份到外部安全位置。这可以保证即使您的计算机遭到入侵,您也可以恢复文件而无需屈服于赎金要求。
通过将这些措施纳入网络安全策略,用户可以显着降低成为勒索软件攻击受害者的风险,并增强系统和数据的整体安全状况。
留给 Secles 勒索软件受害者的赎金字条是:
'to recover your data install telgram messanger at @seclesbot ( hxxps://t.me/secleslbot ) you will talk with support using the bot , admin will be monitoring if for any reason bot is not avaiable you can find link and id of new bot at our onion site 2kksm7oobarkoedfnkihgsa2qdvfgwvr4p4furcsopummgs5y37s6bid.onion you will need to install for browser for onion sites ( hxxps://www.torproject.org/download/ ) you dont need to install for if our telegram bot is working, the bot gets banned once a while
you id is :
you will get two sample decryption (decoding) before any payment for free this is strong ransomware, any day you waste without paying is one business day you waste our price is reasonable,the wasted days will cost you more
some notes:
1-although illegal and bad but this is business,you are our client after infection and we will treat you respectfully like a client2-do not delete files at c:\secles , if you want to reinstall windwos take a backup of the folder (dont waste time trying to get anything out of them ,they are encrypted with out public key and cant be read without our private keys)
3-do not play with encrypted file, take a backup if you want to waste some time playing with them
4-if you take a middleman do deal with us directly , take one with good reputation ,we always provide decryptor after payment and only ask for one payment , if you take a random middle man from internet he may take you money and not pay as and disappear or lie to you
5-police can't help you , we are excpericed hackers and we don't leave footprints behind , even if we did police wont risk ther million dollar worth zero day exploits for catching us, instead what they do get sure of is you never pay us and you suffer loss your data
6-if some of your files don't have our extention but do not open ,they are encrypted all other files and will decrypt normally ,they just have not been renamed to get our extension'