Secles 勒索軟體
Secles 是一種加密資料的威脅軟體,網路安全研究人員已經識別出它。勒索軟體威脅是專門為加密檔案而設計的,目的是向受影響的受害者勒索贖金,以換取所謂的文件解密。
一旦在受感染的系統上激活,Secles 勒索軟體就會有效鎖定多種檔案類型。在此過程中,它會透過附加分配給受害者的唯一 ID、網路犯罪分子的 Telegram 使用者名稱和「.secles」副檔名來變更這些檔案的標題。為了說明這一點,最初名為「1.png」的檔案將轉換為「1.jpg.id[DYz7jzMo].[t.me_secles1bot].secles」。完成加密過程後,Secles 勒索軟體會產生一份名為「ReadMe.txt」的勒索字條並將其放置在受影響的系統上。
Secles 勒索軟體受害者的檔案被劫持
與 Secles 勒索軟體相關的勒索字條敦促受害者與攻擊者溝通,以啟動其加密資料的恢復(解密)。如果所提供的聯絡資訊被證明無法訪問,受害者將被引導透過連結的 Tor 網路網站探索替代通訊管道。解密取決於滿足贖金要求,但在遵守之前,受害者可以選擇測試兩個加密檔案的恢復過程。該訊息明確警告不要更改或刪除受影響的數據,因為此類操作可能會阻礙解密過程或使其完全不可能。研究人員強調,解密通常需要網路犯罪分子的直接參與。
儘管支付了贖金,受害者常常發現自己沒有必要的解密金鑰或工具。因此,強烈建議不要這樣做,因為無法保證文件恢復,而屈服於犯罪分子的要求只會使他們的非法活動永久化。
從作業系統中刪除 Secles 勒索軟體對於防止進一步的資料加密至關重要。但是,請務必注意,刪除過程不會自動恢復先前受損的檔案。
採用全面的安全方法來防止勒索軟體感染
為了有效防止勒索軟體感染,使用者應採用包含各種主動措施和最佳實踐的全面安全方法。以下是有關如何實現此目標的指南:
- 定期備份:定期將重要資料備份到外部安全位置。這可以保證即使您的電腦遭到入侵,您也可以恢復文件而無需屈服於贖金要求。
透過將這些措施納入網路安全策略,使用者可以顯著降低成為勒索軟體攻擊受害者的風險,並增強系統和資料的整體安全狀況。
留給 Secles 勒索軟體受害者的贖金字條是:
'to recover your data install telgram messanger at @seclesbot ( hxxps://t.me/secleslbot ) you will talk with support using the bot , admin will be monitoring if for any reason bot is not avaiable you can find link and id of new bot at our onion site 2kksm7oobarkoedfnkihgsa2qdvfgwvr4p4furcsopummgs5y37s6bid.onion you will need to install for browser for onion sites ( hxxps://www.torproject.org/download/ ) you dont need to install for if our telegram bot is working, the bot gets banned once a while
you id is :
you will get two sample decryption (decoding) before any payment for free this is strong ransomware, any day you waste without paying is one business day you waste our price is reasonable,the wasted days will cost you more
some notes:
1-although illegal and bad but this is business,you are our client after infection and we will treat you respectfully like a client2-do not delete files at c:\secles , if you want to reinstall windwos take a backup of the folder (dont waste time trying to get anything out of them ,they are encrypted with out public key and cant be read without our private keys)
3-do not play with encrypted file, take a backup if you want to waste some time playing with them
4-if you take a middleman do deal with us directly , take one with good reputation ,we always provide decryptor after payment and only ask for one payment , if you take a random middle man from internet he may take you money and not pay as and disappear or lie to you
5-police can't help you , we are excpericed hackers and we don't leave footprints behind , even if we did police wont risk ther million dollar worth zero day exploits for catching us, instead what they do get sure of is you never pay us and you suffer loss your data
6-if some of your files don't have our extention but do not open ,they are encrypted all other files and will decrypt normally ,they just have not been renamed to get our extension'
