RADAR 勒索软件应引起您的注意
每天醒来,勒索软件仍然是用户在线面临的最强大的对手之一。进入该领域的是 RADAR 勒索软件,这是一种恶意程序,旨在加密文件并索要赎金以解密。让我们深入了解 RADAR 勒索软件是什么、它如何运作以及可以采取哪些步骤来防范它。
Table of Contents
什么是 RADAR 勒索软件?
RADAR 勒索软件是一种遵循典型作案手法的恶意软件。它会加密受感染系统上的文件,并在文件名后附加随机字符串。例如,原本名为“picture.png”的文件在加密后可能会变成“picture.png.W36G8ePNp”。
加密过程完成后,RADAR 勒索软件会修改桌面壁纸并留下一封名为“README_FOR_DECRYPT.txt”的勒索信。这封信的目的是告知受害者他们的文件已被加密,数据已被盗,并威胁称,除非满足赎金要求,否则将泄露被盗信息。
查看下面的赎金记录:
Your network has been breached and all major data were encrypted.
Important files have been downloaded from your servers and are ready to be published on TOR blogs.To decrypt all the data and prevent exfiltrated files to be disclosed on TOR blogs, data leak forums, data leak databases, telegram channels etc with lot of tags/videos on twitter/facebook you should purchase our decryption tool. We will provide you a proof video how our Decryption Tool works.
Please contact our sales department at Skype: XXXXXXX
We appreciate and respect everyone, that's why in Skype you will get a proof, we will record a video of 5-10 files of your choice.Follow the guidelines below to avoid losing your data:
- Do not modify, rename or delete encrypted files. In result your data will be undecryptable.
- Do not modify or rename encrypted files. You will lose them.
- Do not report to the Police, FBI, etc. They don't care about your business. They simply won't allow you to pay. As a result you will lose everything and your data, recorded data on videos etc will be published.
- Do not hire a recovery company. They can't decrypt files without our Decryption Tool. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. You should contact with us yourself and we'll guarantee you 10077BCB65CA365CF885446C7CB6B4ABA99uccessful decryption without any loss + exfiltrated data erasing from our servers.
- Do not reject to purchase RADAR Decryptor from us, otherwise exfiltrated files will be publicly disclosed with video of files.
P.S. Do not repeat the same mistakes as other companies did with us, for example our old case with a small Spain Company: XXXXXXX Their Website - XXXXXXX
Our media team published files and videos, because they didn't pay as in time. Small part of proofs:
XXXXXXX
XXXXXXX
XXXXXXX
XXXXXXX
Lot of telegram channels like XXXXXXX , XXXXXXX , all darkweb resources list from here - XXXXXXXWe have a direct contact with a list of ransomware owners in jabber and tox, you can see all the companies that refused to cooperate with us, TOR/onion URLs: hxxp://xb6q2aggycmlcrjtbj[redacted]sqb4nx6cmod3emy7sad.onion
hxxp://mbrlkbtq5jonaqkurj[redacted]4rgjbkkknndqwae6byd.onion
hxxp://bianlianlbc5an4kgn[redacted]gczopmm3dnbz3uaunad.onion/
hxxp://alphvmmm27o3abo3r2[redacted]5xsj7j7ejksbpsa36ad.onion
htxxp://knight3xppu263m7g4[redacted]h7vjdc3zrscqlfu3pqd.onion/For XXXXXXX we hired 3rd party team of data analysts with OSINT-specialists. Because of adding such 3rd parties, the price for Decryption Tool and exfiltrated data erasing has been increased. In result they suffered significant problems due disastrous consequences, leading to loss of valuable intellectual property and other sensitive information, GDPR issues, costly incident response efforts, information misuse/abuse, loss of customer trust, brand and reputational damage, legal and regulatory issues. And it will never end for them, as their files are constantly downloaded and videos are viewed by people from all over the World.
That's why we don't recommend to ignore us.Let's respect each others time.
With best Regards, RADAR
双重勒索策略
RADAR 勒索软件留下的勒索信具有双重目的:要求受害者支付解密文件的费用,并警告受害者如果不支付赎金,他们的数据将被公开。这种方法被称为双重勒索,它增加了受害者遵守攻击者要求的压力。该信进一步详细说明了网络罪犯过去的攻击和他们执行的公司泄密事件,强调了威胁的严重性。
受害者通常被允许解密少量文件(5-10 个),以展示攻击者的解密能力。但是,任何重命名、修改或删除加密文件的尝试都会导致它们无法解密,这给受害者增加了另一层难度。
支付赎金的风险
虽然支付赎金似乎是重新获得加密文件访问权限的最快方法,但它却充满风险。经验表明,如果没有犯罪分子的干预,解密通常是不可能的,即使支付赎金也不能保证会提供解密工具。此外,支付赎金会支持犯罪活动并延续勒索软件攻击的循环。
当局和网络安全专家强烈建议不要满足攻击者的要求。相反,从操作系统中删除勒索软件对于防止进一步的数据加密至关重要。不幸的是,仅靠删除并不能恢复已经加密的文件。最好的解决方案仍然是从备份中恢复数据,这凸显了定期数据备份的重要性。
预防措施和最佳实践
预防勒索软件感染需要采取多方面措施。以下是防范 RADAR 勒索软件等威胁的关键策略:
1.定期备份
将重要数据的备份保存在多个位置,例如未插电的存储设备、远程服务器和云存储。这样可以确保即使一个备份被盗用,其他备份仍能完好无损。
2.谨慎浏览网页和使用电子邮件
浏览互联网和处理电子邮件时要小心谨慎。不要打开来自未知或可疑来源的附件或点击链接。不要相信来自陌生发件人的电子邮件中的信息,尤其是那些要求提供个人信息或包含紧急消息的电子邮件。
3.使用受信任的软件
仅从官方和可信赖的渠道下载软件。避免使用第三方工具进行软件激活或更新,因为这些工具可能包含恶意软件。
4.更新的安全措施
确保您的防病毒和反恶意软件始终保持最新状态。这些工具可以检测并阻止勒索软件造成危害。
了解勒索软件分布
勒索软件(包括 RADAR)主要通过网络钓鱼和社会工程手段传播。恶意软件通常伪装成合法文件(如可执行文件、档案或文档)。常见的传播方法包括后门木马、驱动下载、恶意电子邮件附件、可疑下载源和恶意广告。一些勒索软件甚至可以通过本地网络和可移动存储设备传播。
最后的想法
RADAR 勒索软件是数字世界中的重大威胁,它采用双重勒索等高级手段胁迫受害者。了解此类勒索软件的运作方式并采取主动措施保护您的数据对于防御这些攻击至关重要。定期备份、谨慎的浏览习惯和更新的安全措施是您抵御勒索软件破坏性和高昂成本影响的最佳防御措施。随时了解情况,保持安全,并记住,对抗勒索软件的最佳方法是预防和准备。
