瘧疾毒勒索軟體威脅資料洩露
我們的研究人員在審查新文件樣本時發現了瘧疾毒勒索軟體。該惡意軟體是基於Chaos勒索軟體的變種。在我們的系統上測試瘧疾中毒樣本後,它開始加密檔案並更改其檔案名稱。
透過附加由四個隨機字元組成的副檔名來修改原始檔名。例如,對於我們測試系統上的所有受影響的文件,名為“1.jpg”的文件被轉換為“1.jpg.pl4s”,“2.png”被轉換為“2.png.mlr1”,依此類推。
加密過程結束後,勒索軟體更改了桌面桌布並放置了名為「INSTRUCTIONS.txt」的勒索字條。此註釋中的消息通知受害者他們的文件已被加密,並表明他們的所有設備已被感染,這些設備中的敏感資料已被提取。
為了獲得解密軟體,受害者被指示以 149.99 美元的 Monero (XMR) 加密貨幣購買該軟體。贖金金額也指定為 1.235 XMR,大約相當於 150 美元(請記住,兌換率可能會波動)。
遵守規定的期限為二十四小時。未能付款不僅會導致受影響的資料繼續無法訪問,還會導致被盜文件/資訊(例如照片、影片、搜尋歷史記錄、筆記等)洩露到受害者的聯絡人清單中。
瘧疾勒索信全文
MALARIA勒索軟體產生的贖金字條全文如下:
THE MALARIA VIRUS™
YOU HAVE BEEN HACKED
All of your files are now encrypted…
Your computer was infected with a ransomware virus.
Your files are now encrypted and you will not be able to access them without our help.What can I do to get my files back?
You can order our decryption software, which will allow you to recover all of your data and remove the ransomware from your computer. The price for the software is $149.99. Payment is made EXCLUSIVELY through a cryptocurrency called MONERO (XMR).
BEFORE WE CONTINUE
Just a quick disclamer…
It ain't just your personal computer that we currently have access to. Far from that. We have remote access to EVERY device on your home network, together with data on such devices.
Failure to make a successful transaction will result in all of your personal information (photos, videos, search history, notes etc.) being published to the people from your contacts list. It would be a pretty unpleasant scenario, but it can easily be avoided.
Deleting them won't help you, as they are already backed up on our servers, in case you believe you can outsmart us.
No guide, expert, google search or an authority will help you resolve this, only a quick transaction (more on it later on).If you still believe we are bluffing, test your luck.
You have 24 HOURS to complete the transaction…
How do I Pay?
Purchasing Monero is not difficult, the best you can do is a quick google search on how to acquire some.
These sites are said to be the easiest to understand and most reliable:
hxxps://www.coinbureau.com/guides/how-to-use-monero/
hxxps://www.getmonero.org/resources/user-guides/make-payment.htmlYou can send the specified amount to any of these 5 addresses:
1.84LaGDZBun7Eh5byzGjAm49qHexyTR8k2ZxMKMdujW17C qMQFeuB3NTzJ2X28tfRmWaPyPQgvoHVDYmN4q2cPtP85CPjo6r
2.82hFADnc17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHVzb 7vL8Kb8rmmnUw6eQYyNeZw6yp5fAKTiLCFrHvXNewSC9363xXzn
3.84KvQhitPgx9tBwV9TZKgEWhQxpLFeE4keh7CncPCWZiN TvGRkpApGmB7rzQztmJ7caad8oWLbkzTaMpv6v2QWLfT3ZhLwu
4.85GUskKaCUNCmpgVqFGarwXPAD5jN6kbGY7NPWtPAU v25YcBrv5fQk17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHVLeWEYhZ
5.8ARUSgkNHuRDvjJfygpNMX6WoLgERac9rS9i8CsXs17C qMQFeuB3NTzJ2X28tfRmWaPyPQgvoHViDcQuzvLYinpfHGdEEi4Payment amount: 1.235 XMR (Adjust it to the current value, it should
be $150)MAKE SURE TO LEAVE YOUR E-MAIL IN THE DESCRIPTION WHEN SENDING FUNDS!
Otherwise we won't know who to send the software to.
THE MALARIA VIRUS™
勒索軟體如何感染您的系統?
勒索軟體可以透過多種方法感染您的系統,包括:
網路釣魚電子郵件:一種常見的方法是透過包含惡意附件或連結的網路釣魚電子郵件。當使用者點擊這些連結或下載並開啟附件時,勒索軟體就可以安裝在系統上。
惡意網站:造訪受感染或惡意網站也可能導致偷渡式下載,勒索軟體會在您不知情或未經您同意的情況下自動下載並在您的系統上執行。
易受攻擊的軟體:利用軟體或作業系統中的漏洞(透過漏洞利用工具包等方法)可能會允許勒索軟體存取您的系統。為了降低這種風險,讓您的軟體和作業系統保持最新的安全修補程式至關重要。
遠端桌面協定 (RDP) 攻擊:攻擊者可以利用薄弱或未受保護的遠端桌面協定連線來存取您的系統並部署勒索軟體。
惡意廣告:合法網站上的惡意廣告(惡意廣告)可以將使用者重新導向至託管勒索軟體的網站或啟動勒索軟體自動下載到系統上。
外部儲存裝置:如果裝置本身受到威脅,將受感染的外部儲存裝置(例如 USB 磁碟機或外部硬碟)連接到系統可能會引入勒索軟體。
軟體下載:從不信任或非官方來源下載軟體(尤其是盜版或破解軟體)可能會使您的系統遭受勒索軟體和其他惡意軟體的攻擊。
社會工程:攻擊者可以使用社會工程策略來誘騙使用者執行惡意腳本或向勒索軟體授予管理權限。