Re: [問題] 中勒索病毒,請益處理方式
借文章請教一下
我目前也中這個
他也宣稱是RSA-4096
副檔名都沒變 也沒什麼亂碼或怪字
但JPG PNG都變無法打開 連PSD檔也被加密
而電腦中 所有資料夾 都出現圖中的三個檔案
http://imgur.com/Rzk3yFd
網址檔案點進去 就如下圖
http://imgur.com/MniuOzs
目前病毒已清除
(試過新畫、下載一些圖檔 並重開機 新的檔案都沒被加密
所以病毒應該是順利清乾淨了)
爬文後
試過用這些軟體解密
CoinVaultDecryptor
decrypt_hydracrypt
TeslaDecrypter
手上也有加密前跟加密後的同個檔案
一起拖到decrypt_hydracrypt上 無效
一起拖到TeslaDecrypter上 出現下圖
http://imgur.com/Ha4p72F
應該也是無效的意思吧?
而系統還原 本來一直有開的
可是被加密後 系統還原變成關閉 也找不到還原點
用安全模式去看 一樣也找不到還原點
請問有辦法找回被消失的還原點嗎? (電腦為W7)
請問這種加密 在病毒清除後 不重灌也沒關係吧?
(前面說過 新建的圖檔 沒有再被加密了 病毒應該確定清除)
我打算把被加密的圖檔 就先保留著
等以後看駭客會不會抓到 或者被破解....
再請問這個駭客 是否已經落網 有密碼可解了呢?
最後附上他的TXT裡的說法 請各位大大幫忙看
是哪一個駭客 是否為已被抓到的駭客? 謝謝
NOT YOUR LANGUAGE? USE https: //translate.google.com
What's the matter with your files?
Your data was secured using a strong encryption with RSA4096.
Use the link down below to find additional information on the encryption keys
using RSA-4096 https: //en.wikipedia.org/wiki/RSA_(cryptosystem)
What exactly that means?
It means that on a structural level your files have been transformed . You
won't be able to use , read , see or work with them anymore .
In other words they are useless , however , there is a possibility to restore
them with our help .
What exactly happened to your files ???
*** Two personal RSA-4096 keys were generated for your PC/Laptop; one key is
public, another key is private.
*** All your data and files were encrypted by the means of the public key ,
which you received over the web .
*** In order to decrypt your data and gain access to your computer you need a
private key and a decryption software, which can be found on one of our
secret servers.
What should you do next ?
There are several options for you to consider :
*** You can wait for a while until the price of a private key will raise, so
you will have to pay twice as much to access your files or
*** You can start getting BitCoins right now and get access to your data
quite fast .
In case you have valuable files , we advise you to act fast as there is no
other option rather
than paying in order to get back your data.
In order to obtain specific instructions , please access your personal
homepage by choosing one of the few addresses down below :
http: //9hrds.wolfcrap.at/43904C175AB8F57
http: //6g4ds.froekuge.com/43904C175AB8F57
http: //vewrb.italisumo.at/43904C175AB8F57
If you can't access your personal homepage or the addresses are not working,
complete the following steps:
*** Download TOR Browser -
http: //www.torproject.org/projects/torbrowser.html.en
*** Install TOR Browser and open TOR Browser
*** Insert the following link in the address bar:
k7tlx3ghr3m4n2tu.onion/43904C175AB8F57
*** Follow instructions on your screen !!!
*** *** *** *** *** *** *** IMPORTANT INFORMATION *** *** *** *** *** ***
Your personal homepages
http: //9hrds.wolfcrap.at/43904C175AB8F57
http: //6g4ds.froekuge.com/43904C175AB8F57
http: //vewrb.italisumo.at/43904C175AB8F57
Your personal homepage Tor-Browser k7tlx3ghr3m4n2tu.onion/43904C175AB8F57
Your personal ID 43904C175AB8F57
--
※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 182.235.220.205
※ 文章網址: https://www.ptt.cc/bbs/AntiVirus/M.1458761229.A.B44.html
→
03/24 03:29, , 1F
03/24 03:29, 1F
※ 編輯: yoyoflag (182.235.220.205), 03/24/2016 03:37:13
→
03/24 03:37, , 2F
03/24 03:37, 2F
推
03/24 06:51, , 3F
03/24 06:51, 3F
→
03/24 10:21, , 4F
03/24 10:21, 4F
推
03/24 13:17, , 5F
03/24 13:17, 5F
推
03/26 15:38, , 6F
03/26 15:38, 6F
→
04/06 04:24, , 7F
04/06 04:24, 7F
→
04/06 04:24, , 8F
04/06 04:24, 8F
→
04/06 04:25, , 9F
04/06 04:25, 9F
→
04/06 04:26, , 10F
04/06 04:26, 10F
→
04/06 10:42, , 11F
04/06 10:42, 11F
推
04/12 02:14, , 12F
04/12 02:14, 12F
推
04/14 10:21, , 13F
04/14 10:21, 13F
→
04/14 10:21, , 14F
04/14 10:21, 14F
討論串 (同標題文章)
完整討論串 (本文為第 3 之 3 篇):
