如何阻止和删除 Cash 勒索软件
网络威胁领域又引入了另一种威胁,即 Cash Ransomware。此恶意程序由 Cash RAT(远程访问木马)和 MintStealer 背后的同一威胁行为者开发,旨在加密数据并要求支付解密费用。Cash Ransomware 会在加密文件的文件名后附加“.CashRansomware”扩展名,将“1.jpg”转换为“1.jpg.CashRansomware”,将“2.png”转换为“2.png.CashRansomware”。
Table of Contents
赎金票据详细信息
Cash Ransomware 会创建三条勒索信:一张桌面壁纸、一个弹出窗口和一个名为“Cash Ransomware.html”的 HTML 文件。这些信虽然外观不同,但传达的关键信息相同:
- 通知文件已加密。
- 要求支付赎金来解密数据。
- 警告不要采取可能妨碍数据恢复的操作。
消息指出,这些文件是使用 XChaCha20、Poly1305 和 AES-256-GCM 加密算法加密的。受害者被要求支付 80 美元的 Monero (XMR) 加密货币才能解密。此外,该通知还警告不要重新启动设备或运行防病毒程序,因为这些操作可能会导致文件永久无法解密。也不建议断开网络连接,因为这可能会妨碍协商和恢复工作。
Cash Ransomware 的说明如下:
Cash RANSOMWARE
YOUR FILES
ARE ENCRYPTED
BY CASH RANSOMWAREWhat happend?
Dear -, We regret to inform you that your files have been compromised by the insidious Cash Ransomware program. This ruthless malware has infiltrated your system, encrypting your precious data and holding it hostage until its demands are met. Below are the chilling details of this dire situation:Rapid scanning of your storage drives has been executed, leaving no corner untouched by the malicious claws of Cash Ransomware.
Utilizing the advanced XChaCha20 encryption algorithm, your files have been ensnared with unbreakable tags and a deadly combination of Poly1305 or AES-256-GCM, meticulously chosen by the ransomware's constructors to ensure maximum devastation.
To further fortify its grip on your data, Cash Ransomware employs a hybrid bulletproof encryption technique, rendering any attempts at decryption futile against its impenetrable defenses.
Files bearing specific extensions have been singled out for priority encryption, ensuring that your most critical data is held captive, intensifying the fear and desperation of your predicament.
As a final blow to any hopes of recovery, Cash Ransomware deploys a double-key encryption mechanism, thwarting any attempts at deception or circumvention, leaving you no recourse but to comply with its demands.
In light of this harrowing situation, we implore you to refrain from taking any actions that may exacerbate the damage and worsen your plight:
Do not download antivirus software: Any attempts to combat Cash Ransomware with conventional means will only serve to alert its creators, potentially triggering further encryption or irreversible data loss.
Do not disconnect from the network: Isolation will not shield you from the relentless reach of Cash Ransomware; instead, it may hinder potential avenues of negotiation or resolution.
Do not reboot your systems: Restarting your devices could disrupt ongoing encryption processes, rendering your files irretrievable and sealing your fate in the clutches of this merciless malware.
We understand the gravity of your situation and stand ready to assist you in navigating this crisis. However, time is of the essence, and decisive action is imperative to mitigate the extent of the damage inflicted by Cash Ransomware.How to decrypt my files?
Your files are heavily encrypted, and none can be decrypted without the decryption key.
To obtain the decryption key, you need to make a payment to the specified amount to the XMR / Monero wallet.
Once you've made the payment, you should contact the attackers via email or Telegram to receive the decryption key.
After receiving the decryption key, you need to input it into the decryption panel in Cash.
Once you hit the decryption button, your files will be decrypted.
Cash 勒索软件分析
根据对勒索软件感染的广泛研究经验,显然,没有攻击者的参与,解密几乎是不可能的。支付赎金并不能保证数据恢复,因为网络犯罪分子即使在满足其要求后也经常无法提供解密密钥。因此,强烈建议不要遵守赎金要求,因为这只会助长犯罪活动。
有趣的是,现金勒索软件要求的赎金金额相对较低,这很可疑。勒索软件通常要求家庭用户支付三到四位数(美元)的赎金。当赎金异常低时,攻击者可能不会费心向受害者发送恢复工具,这表明勒索软件可能用于创收或测试新软件/技术。
缓解和预防
为了防止进一步加密,必须从操作系统中删除 Cash Ransomware。但是,这不会恢复已经受影响的文件。只能从备份中进行恢复,这强调了在多个位置(例如远程服务器、未插电的存储设备)维护备份的重要性。
值得注意的勒索软件示例
LockBit 5、Risen、Cronus、Lynx 和 HorrorDead 是近期的勒索软件示例,它们都具有类似的功能,即加密数据并要求支付解密费用。勒索软件程序主要在所使用的加密算法(对称或非对称)和赎金大小方面有所不同,赎金大小取决于目标(家庭用户与大型实体,如公司和组织)。
感染媒介
Cash Ransomware 以 RaaS(勒索软件即服务)的形式提供,这意味着其开发人员将其出售给网络犯罪分子。因此,传播方法可能有所不同。通常,恶意软件通过网络钓鱼和社会工程策略传播,通常伪装成合法内容或与合法内容捆绑在一起。恶意文件可以是可执行文件、档案、文档、JavaScript 等,打开受感染文件时会触发下载/安装链。
常见的恶意软件传播技术包括:
- 加载程序/后门型木马。
- 驱动下载。
- 可疑的下载源(例如免费软件网站、P2P 网络)。
- 垃圾邮件中的恶意附件/链接。
- 网上诈骗。
- 非法软件激活(“破解”)工具。
- 虚假更新。
此外,一些恶意软件可以通过本地网络和可移动存储设备自我传播。
保护措施
为了防止勒索软件感染:
- 仅从官方和经过验证的渠道下载。
- 使用正版功能/工具激活和更新程序。
- 谨慎对待收到的电子邮件和信息。
- 避免打开可疑的附件或链接。
- 浏览时保持警惕,避免欺诈内容。
- 安装并定期更新信誉良好的防病毒软件。
- 执行定期系统扫描以检测并消除威胁。
如果您的计算机感染了 Cash Ransomware,建议使用反恶意软件程序进行扫描以自动消除威胁。遵循这些最佳做法,确保安全并保护您的数据。
