Fisakalzb 勒索軟件擴展了 Snatch 克隆系列
Fisakalzb 勒索軟件是 Snatch 勒索軟件克隆家族的新成員。
新菌株沒有什麼壯觀或新穎的。它將加密在受害者係統上找到的大多數文件並使它們不可讀。
加密文件類型將包括媒體文件、文檔、存檔文件和可執行文件。一旦文件被加密,它們的原始名稱就會附加擴展名“.fisakalzb”。這將使名為“image.jpg”的文件在加密後變成“image.jpg.fisakalzb”。
勒索軟件將其贖金記錄放入名為“HOW TO RESTORE YOUR FILES.TXT”的文件中。勒索信是用英文寫的,內容如下:
Hello!
All your files are encrypted!
Email me if you want to get your files back - I will do it very quickly!
Contact me by email:
NeilAlden1Armstrong14 at swisscows dot email or JohniFlex at airmail dot cc
The subject line must contain an encryption extension or the name of your company!
Do not rename encrypted files, you may lose them forever.
You may be a victim of fraud. Free decryption as a guarantee.
Send us up to 3 files for free decryption.
The total file size should be no more than 1 MB! (not in the archive), and the files should not contain valuable information. (databases, backups, large Excel spreadsheets, etc.)
To contact us, we recommend that you create an email address at protonmail.com or tutanota.com
Because gmail and other public email programs can block our messages!
If you do not receive a response from us for a long time, check your spam folder.
=================================
Customer service TOX ID: [alphanumeric strings]
Only emergency! Use if support is not responding