Arai 勒索軟件

Arai Ransomware 是一種有害威脅，旨在加密存儲在受感染設備上的數據。 Arai Ransomware 能夠針對多種文件類型，這些文件類型在經過數據加密後將處於不可用狀態。使用的加密算法確保受影響的文件在沒有正確的解密密鑰的情況下幾乎不可能恢復。應該指出的是，Arai Ransomware 似乎專門針對感染企業實體。

Arai Ransomware 通過將“.araicrypt”附加到它們作為新的文件擴展名來修改它鎖定的文件的原始名稱。 Arai Ransomware 對被入侵設備造成的更改還包括創建一個名為“READ_TO_RESTORE_YOUR_FILES.txt”的新文本文件。該文件將被放置在設備的桌面上，其作用是攜帶帶有網絡犯罪分子指示的贖金票據。

贖金票據的詳細信息

在要求贖金的信息中，Arai Ransomware 的犯罪運營商透露他們正在進行雙重勒索行動。除了阻止受害者訪問他們自己的文件外，攻擊者還從受感染的系統中收集敏感或機密信息。該說明指出，該惡意軟件已刪除加密文件的所有備份和卷影副本。

洩露的數據被用作推動受害者支付要求贖金的額外槓桿。否則，黑客威脅要向公眾發布私人數據或將其出售給任何相關方。此外，受害者顯然只有 48 小時來滿足網絡犯罪分子的要求。在該期限結束後，黑客將拒絕協助恢復加密文件並發布收集的信息。

贖金記錄給受害者留下了兩個可以作為溝通渠道的電子郵件地址。主要地址是“AraiHelp@secmail.pro”，而“AraiHelp2@secmail.pro”用作備份。

Arai Ransomware 的消息全文為：

'===========================================

All Your Files Have Been Encrypted !!

===========================================

All of your backups and shadow copies have also been deleted so forget restoring

them.

===========================================

We also have been able to steal your confidential files (databases, customers data's,

HR etc...) all over your network workstations and servers.

===========================================

If you want to hear your mind instead of our instructions, you will loose stupidly your

files but you will also see your files being published online or sell to tiers (and we'll do it)

In this case, beleive us that you're going to suffer a big financial loss and a big loss

of reputation.

===========================================

We are aware that you don't want this case too happens.

If you want to restore files and want us to delete your confidentials files, contact us right

with a message to the contact address below. Include the KeyID in your message pls.

===========================================

AraiHelp@secmail.pro

If there's no answers from us in the next 15 hours, contact us to :

AraiHelp2@secmail.pro

Note that you have only 48 hours to contact us. After this delay, there will be no data

recovered and your files will be published.

Key Identifier:'