資料勒索軟體
資訊安全專家最近發現了一種令人擔憂的新勒索軟體威脅,稱為 Datah 勒索軟體。這種有害軟體會對受感染系統上的多種檔案類型進行加密,使受害者無法存取它們。除了加密檔案外,Datah 還留下了一張名為「+README-WARNING+.txt」的勒索字條,其中包括受害者的聯絡資訊和進一步說明。
此外,Datah 更進一步,對加密檔案進行了重新命名。它透過在檔案名稱中附加特定識別碼來實現這一點,包括受害者的唯一 ID、電子郵件地址「datahelper@onionmail.org」和「.datah」副檔名。例如,最初名為“1.doc”的文件將轉換為“1.doc.[2AF30FA3].[datahelper@onionmail.org].datah”,而“2.pdf”將轉換為“2.pdf”。 2AF30FA3].[datahelper@onionmail.org].datah,'等等。值得注意的是,Datah 被歸類為屬於Makop 勒索軟體家族的變種。
Datah 勒索軟體受害者的資料被劫持
Datah 勒索軟體隨附的勒索字條向受害者傳達了一個明確的訊息:他們的文件已被加密,但底層文件結構保持不變。該說明強調,恢復的唯一途徑是向負責加密的網路犯罪分子付款。為了灌輸信任感,威脅行為者提供了兩個有限大小的簡單文件的測試解密,展示了他們在收到付款後解密文件的能力。
透過電子郵件地址 (datahelper@onionmail.org) 和 TOX ID 提供詳細聯絡訊息,使受害者能夠與犯罪者進行溝通。然而,該說明最後嚴厲警告不要試圖獨立更改加密文件。此類行為可能會導致資料和解密所需的私鑰遺失,從而可能為受害者帶來不可逆轉的後果。
對於受害者來說,不要屈服於贖金要求至關重要,因為無法保證網路犯罪分子在收到付款後會履行提供解密工具的承諾。此外,從受感染的電腦中迅速刪除勒索軟體也至關重要。這樣做不僅可以降低進一步加密的風險,還有助於防止勒索軟體潛在傳播到同一網路內的其他計算機,從而減輕攻擊的整體影響。
在所有設備上實施的關鍵防禦措施
在所有裝置上實施關鍵的防禦措施對於保護資料免受勒索軟體威脅至關重要。以下是用戶應採取的關鍵步驟:
- 定期軟體更新:確保定期更新作業系統、應用程式和安全軟體。更新通常包括修復勒索軟體利用的漏洞的修補程式。
透過努力實施這些防禦措施,使用者可以減少成為勒索軟體攻擊受害者的機會並保護其寶貴資料。
Datah 勒索軟體隨附的贖金字條全文如下:
'::: Greetings :::
Little FAQ:
.1.
Q: Whats Happen?
A: Your files have been encrypted. The file structure was not damaged, we did everything possible so that this could not happen..2.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay us..3.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc… not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee..4.
Q: How to contact with you?
A: You can write us to our mailbox: datahelper@onionmail.org
Or you can contact us via TOX: B99CB0C13B44E2A1AEBAEB28E70371D6E3DB35DA801721930B53B0E787433270665DA610BAB0
You can download TOX: hxxps://qtox.github.io/.5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files..6.
Q: If I don t want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.:::BEWARE:::
DON'T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.'
