雷達勒索軟體
在當今的數位時代,保護您的裝置免受惡意軟體威脅至關重要。勒索軟體是一種特別有害的惡意軟體,它透過加密檔案並要求支付解密費用來帶來重大風險。了解並防範此類威脅對於個人和組織都至關重要。
目錄
RADAR 勒索軟體:概述
研究人員發現了一種名為 RADAR 的新勒索軟體威脅。這種威脅軟體專門設計用於加密受感染設備上的文件,然後要求贖金進行解密。 RADAR 勒索軟體的作案手法包括加密檔案並在檔案名稱後面附加隨機字串,例如將「1.png」轉換為「1.png.W8M8ePNp」。
執行後行為
一旦勒索軟體在受感染的裝置上執行,它就會執行一系列有害操作:
- 文件加密:RADAR 加密受害者的文件,透過附加隨機字串來更改文件名。
- 桌面變更:勒索軟體修改桌面桌布以表示感染。
- 建立勒索字條:產生標題為「README_FOR_DECRYPT.txt」的勒索字條,通知受害者加密和資料被盜的情況。
勒索信詳細資訊
勒索信中明確提出了要求和威脅。它首先通知受害者他們的文件已被加密,然後警告如果不支付贖金,收集到的資料將被洩露。為了強調他們的主張的嚴重性,該說明包含了有關網路犯罪分子先前的攻擊和資料外洩的詳細資訊。受害者在支付贖金之前可以測試 5-10 個檔案的解密情況。此外,該說明還警告受害者不要重新命名、修改或刪除鎖定的文件,因為此類操作可能導致解密變得不可能。它還進一步威脅稱,聯繫當局將導致洩漏的資料自動發布。最後,該說明建議不要向第三方恢復公司尋求協助,聲稱這會增加財務損失。
解密的挑戰
研究人員強調,在沒有網路犯罪分子幫助的情況下解密檔案非常困難。大多數勒索軟體(包括 RADAR)都被設計為能夠高度抵抗解密嘗試,除非攻擊者提供必要的金鑰。即使支付贖金也是有風險的,因為攻擊者很少會兌現發送解密工具的承諾。
為了防止進一步的資料加密,從作業系統中刪除 RADAR 勒索軟體至關重要。但是,刪除不會恢復已加密的檔案。
防範勒索軟體的安全措施
為了保護您的裝置免受 RADAR 等勒索軟體的侵害,實施以下安全措施至關重要:
- 定期備份:定期將所有重要資料備份到外部磁碟機或雲端服務,以確保您無需支付贖金即可恢復檔案。
- 更新軟體:保留使用最新安全性修補程式升級的作業系統和應用程式。
- 反惡意軟體工具:使用信譽良好的反惡意軟體程式來發現並凍結勒索軟體,以免造成損害。
- 電子郵件警惕:謹慎對待電子郵件附件和鏈接,尤其是來自未知發件人的電子郵件附件和鏈接,因為這些是勒索軟體分發的常見載體。
- 網路安全:實施強大的網路安全措施,包括防火牆,以防止未經授權的存取。
- 使用者教育:教育員工和使用者了解勒索軟體和其他類型惡意軟體的風險以及安全線上實踐的重要性。
- 存取控制:規範使用者對關鍵系統和資料的訪問,以最大限度地減少勒索軟體攻擊的潛在影響。
透過這些預防措施,使用者可以大幅減少勒索軟體感染的機會,並保護其寶貴數據免受網路犯罪分子的侵害。
留給 RADAR 勒索軟體受害者的勒索信全文如下:
'RADAR
Your network has been breached and all major data were encrypted.
Important files have been downloaded from your servers and are ready to be published on TOR blogs.To decrypt all the data and prevent exfiltrated files to be disclosed on TOR blogs, dataleak forums, dataleak databases, telegram channels etc with lot of tags/videos on twitter/facebook you should purchase our decryption tool. We will provide you a proof video how our Decryption Tool works.
Please contact our sales department at Skype: [redacted]
We appreciate and respect everyone, that's why in Skype you will get a proof, we will record a video of 5-10 files of your choice.Follow the guidelines below to avoid losing your data:
Do not modify, rename or delete encrypted files. In result your data will be undecryptable.
Do not modify or rename encrypted files. You will lose them.
Do not report to the Police, FBI, etc. They don't care about your business. They simply won't allow you to pay. As a result you will lose everything and your data, recorded data on videos etc will be published.
Do not hire a recovery company. They can't decrypt files without our Decryption Tool. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. You should contact with us yourself and we'll guarantee you 10077BCB65CA365CF885446C7CB6B4ABA99uccessful decryption without any loss + exfiltrated data erasing from our servers.
Do not reject to purchase RADAR Decryptor from us, otherwise exfiltrated files will be publicly disclosed with video of files.
P.S. Do not repeat the same mistakes as other companies did with us, for example our old case with a small Spain Company: [redacted] Their Website - [redacted]
Our media team published files and videos, because they didn't pay as in time. Small part of proofs:
[redacted]
[redacted]
[redacted]
[redacted]
Lot of telegram channels like [redacted] , [redacted] , all darkweb resources list from here - [redacted]We have a direct contact with a list of ransomware owners in jabber and tox, you can see all the companies that refused to cooperate with us, TOR/onion URLs: hxxp://xb6q2aggycmlcrjtbj[redacted]sqb4nx6cmod3emy7sad.onion
hxxp://mbrlkbtq5jonaqkurj[redacted]4rgjbkkknndqwae6byd.onion
hxxp://bianlianlbc5an4kgn[redacted]gczopmm3dnbz3uaunad.onion/
hxxp://alphvmmm27o3abo3r2[redacted]5xsj7j7ejksbpsa36ad.onion
htxxp://knight3xppu263m7g4[redacted]h7vjdc3zrscqlfu3pqd.onion/For [redacted] we hired 3rd party team of data analysts with OSINT-specialists. Because of adding such 3rd parties, the price for Decryption Tool and exfiltrated data erasing has been increased. In result they suffered significant problems due disastrous consequences, leading to loss of valuable intellectual property and other sensitive information, GDPR issues, costly incident response efforts, information misuse/abuse, loss of customer trust, brand and reputational damage, legal and regulatory issues. And it will never end for them, as their files are constantly downloaded and videos are viewed by people from all over the World.
That's why we don't recommend to ignore us.Let's respect each others time.
With best Regards, RADAR'
