SchrodingerCat Ransomware
研究人員警告用戶注意一種新發現的名為 SchrodingerCat 的惡意軟體,該惡意軟體屬於勒索軟體類別。這種特殊的威脅旨在對受害者設備上儲存的資料進行加密,並隨後要求為所謂的加密資料解密支付贖金。
在受感染的裝置上啟動後,SchrodingerCat 會加密檔案並透過附加「.schrodingercat」副檔名來變更其檔案名稱。例如,最初名為“1.png”的檔案將轉換為“1.png.schrodingercat”,而“2.pdf”將變為“2.pdf.schrodingercat”,依此類推。
加密過程完成後,SchrodingerCat 會產生名為「how_to_back_files.html」的勒索字條。經調查發現,該勒索軟體主要針對大型組織而非個人家庭用戶。此外,已證實 SchrodingerCat 是屬於Globe Imposter 勒索軟體家族的變種。
SchrodingerCat 勒索軟體的受害者無法存取重要文件和數據
SchrodingerCat 發出的贖金訊息概述了受害者公司網路的危害,強調儲存在其中的文件已被加密。該說明指出,恢復對鎖定資料的存取的唯一方法是購買價格為 0.15 BTC(比特幣加密貨幣)的解密器。在撰寫本文時,考慮到匯率的不斷波動,這相當於接近一萬美元。
該說明詳細說明了不遵守規定的後果,建議不要涉及中間人,並建議與攻擊者直接溝通。拒絕支付贖金會促使網路犯罪分子威脅拍賣或洩露從網路中竊取的敏感資料。此外,犯罪分子可能會聯繫受害者的客戶,為他們提供購買受損資訊的機會。
研究人員強調,在沒有攻擊者參與的情況下,解密受勒索軟體影響的資料通常是不可能的。即使滿足了贖金要求,受害者也經常無法獲得承諾的解密金鑰或軟體。因此,強烈建議不要支付贖金,因為資料恢復得不到保證,屈服於要求會導致犯罪活動持續下去。
要阻止 SchrodingerCat 勒索軟體進一步加密,必須將其從作業系統中根除。但是,請務必注意,刪除不會恢復已受影響文件的完整性。
不要拿設備和資料的安全冒險
使用者可以透過多種主動措施增強裝置和資料的防禦能力,抵禦惡意軟體和勒索軟體威脅:
- 使用可靠的安全軟體:在所有裝置上安裝信譽良好的反惡意軟體。確保定期更新您的程式以偵測和緩解最新威脅。
- 保持軟體更新:定期更新作業系統、軟體應用程式和韌體以修補安全漏洞。許多惡意軟體都會利用已知的漏洞,因此保持更新有助於最大限度地降低風險。
- 小心電子郵件附件和連結:處理連結或電子郵件附件時要小心,尤其是來自未知或可疑寄件者的連結或電子郵件附件。驗證電子郵件的真實性,避免下載附件或點擊可疑來源的連結。
- 啟用防火牆保護:啟動和設定設備和網路上的防火牆,以監視和控制傳入和傳出的網路流量。防火牆用作受信任的內部網路和不受信任的外部網路之間的屏障,有助於阻止未經授權的存取和惡意活動。
- 設定強密碼和多重身份驗證 (MFA) :為所有帳戶和裝置使用牢不可破的唯一密碼。考慮盡可能實施多重身份驗證 (MFA),這透過要求密碼以外的其他驗證來擴展安全性。
- 定期備份資料:定期將重要資料備份到外部儲存設備或基於雲端的服務。如果發生惡意軟體感染或勒索軟體攻擊,備份可確保無需支付贖金即可恢復資料。
- 限制使用者權限:將裝置和網路上的使用者權限限制為其工作職能所必需的權限。這透過減少攻擊者對敏感資料和系統資源的存取來限制惡意軟體的潛在影響。
- 實施網路分段:將網路分段為較小的隔離部分,以遏止和減輕惡意軟體的傳播。這有助於防止網路內的橫向移動並限制感染造成的損害。
- 保持知情並保持警惕:透過安全部落格、論壇和新聞媒體等信譽良好的來源,隨時了解新出現的威脅和安全最佳實踐。
SchrodingerCat Ransomware 產生的要求贖金的註解是:
'YOUR PERSONAL ID
ENGLISH
YOUR CORPORATE NETWORK LOCKED!
ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.
TO RESTORE FILES YOU WILL NEED A DECRYPTOR!
To get the decryptor you should:
Pay for decrypt your network - 0.15 BTC
Buy BTC on one of these sites
hxxps://binance.com
hxxps://www.coinbase.com
Any site you trust
Bitcoin Wallet: 3Pvn*************MLA5
Our contacts:
email: yourdatahelp@seznam.cz
ToxID: CA04B61C320C50D12A2C1B95B5062474B5C00B995B588D0B3781DC052CBF9A354CD10F96C84D
You can download TOXChat here : hxxps://tox.chat/download.html
The message must contain your Personal ID! it is at top of this document.
HOW IT WORKS.
If you need a decrypter or return information, please contact us directly ! The guarantee of successful deals is only a direct contact! Don't shy... It's just business for us and we are always ready for polite and mutually beneficial communication.
What's problem with intermediaries?!
Very often intermediaries take money for themselves, it looks something like this: You turn to an intermediary for help, who promises you huge discounts and professional solutions to problems. Afterwards, intermediary contacts us to conduct a decrypt test, receives decrypted files, and then asks you to transfer money to a wallet not related to us. Having received money, intermediary assures client in every possible way that he did not receive decrypter or simply disappears with money. REMEMBER! - We only have wallet that is indicated in this html (first and last 4 characters) When transferring money to any other wallet, you are not transferring it to us.
deception using various Universal Decryptors for 30% of cost or at a fixed price has become very common. With beautiful pictures or enticing videos on YouTube, where they will show you how it works "Universal Software" - which in reality does not work, but is a Trojan for stealing bitcoin or another cryptolocker, before installing something like that - test it on an isolated network computer and you can see that it is useless. Globeimposter 2.0 namely, this is what you see on your network 🙂 can't be deciphered by anything! Besides original key... only one who created Build has key!- this is us. Contact real professionals like - hxxps://www.bleepingcomputer.com/forums/, or any large anti-virus companies - - they can tell you all horror of situation.
Considering above, we reserve right to request KYC confirmation. For example, send us a message from your corporate email on behalf of Company Director or IT department. We know their original emails - since we carefully study network before work 🙂 By contacting directly, you can count on a friendly conversation, a business-like approach... and possibly a good discount (discount depends on many circumstances, size of company,size of ransom, our checks of your accounting, phase of the Moon, etc.)
WHAT HAPPENS IF YOU DON'T PAY
In case of non-payment, we organize an auction on various sites in DarkNet and try to sell files leaked from your network to interested parties.
Next, we use mail + any other contacts of your clients, and notify them of what happened, perhaps they will be interested so that information does not get into public domain and will be ready to buy out information separately.
-If there are no willing to buy, we simply publish everything that we have in the public resources.
-------------------------------------
© 2024 Nacugunder Corporation | All Rights Reserved.'
