如何封鎖並移除現金勒索軟體
網路威脅情勢引入了另一種威脅,稱為現金勒索軟體。該惡意程式由 Cash RAT(遠端存取木馬)和 MintStealer 背後的相同威脅參與者開發,旨在加密資料並要求解密付費。 Cash Ransomware 在加密檔案的檔案名稱後附加“.CashRansomware”副檔名,將“1.jpg”轉換為“1.jpg.CashRansomware”,將“2.png”轉換為“2.png.CashRansomware”。
Table of Contents
勒索信詳細資訊
Cash Ransomware 會建立三個勒索字條:桌面桌布、彈出視窗和名為「Cash Ransomware.html」的 HTML 檔案。這些註釋雖然外觀不同,但傳達了相同的關鍵訊息:
- 文件已加密的通知。
- 要求支付贖金以解密資料。
- 針對可能阻礙資料復原的操作的警告。
這些訊息指定檔案已使用 XChaCha20、Poly1305 和 AES-256-GCM 加密演算法進行加密。受害者被指示支付 80 美元的門羅幣 (XMR) 加密貨幣以進行解密。此外,這些註釋還警告不要重新啟動裝置或執行防毒程序,因為這些操作可能會使檔案永久無法解密。也不鼓勵斷開網路連接,因為這可能會阻礙協商和恢復工作。
現金勒索軟體說明如下:
Cash RANSOMWARE
YOUR FILES
ARE ENCRYPTED
BY CASH RANSOMWAREWhat happend?
Dear -, We regret to inform you that your files have been compromised by the insidious Cash Ransomware program. This ruthless malware has infiltrated your system, encrypting your precious data and holding it hostage until its demands are met. Below are the chilling details of this dire situation:Rapid scanning of your storage drives has been executed, leaving no corner untouched by the malicious claws of Cash Ransomware.
Utilizing the advanced XChaCha20 encryption algorithm, your files have been ensnared with unbreakable tags and a deadly combination of Poly1305 or AES-256-GCM, meticulously chosen by the ransomware's constructors to ensure maximum devastation.
To further fortify its grip on your data, Cash Ransomware employs a hybrid bulletproof encryption technique, rendering any attempts at decryption futile against its impenetrable defenses.
Files bearing specific extensions have been singled out for priority encryption, ensuring that your most critical data is held captive, intensifying the fear and desperation of your predicament.
As a final blow to any hopes of recovery, Cash Ransomware deploys a double-key encryption mechanism, thwarting any attempts at deception or circumvention, leaving you no recourse but to comply with its demands.
In light of this harrowing situation, we implore you to refrain from taking any actions that may exacerbate the damage and worsen your plight:
Do not download antivirus software: Any attempts to combat Cash Ransomware with conventional means will only serve to alert its creators, potentially triggering further encryption or irreversible data loss.
Do not disconnect from the network: Isolation will not shield you from the relentless reach of Cash Ransomware; instead, it may hinder potential avenues of negotiation or resolution.
Do not reboot your systems: Restarting your devices could disrupt ongoing encryption processes, rendering your files irretrievable and sealing your fate in the clutches of this merciless malware.
We understand the gravity of your situation and stand ready to assist you in navigating this crisis. However, time is of the essence, and decisive action is imperative to mitigate the extent of the damage inflicted by Cash Ransomware.How to decrypt my files?
Your files are heavily encrypted, and none can be decrypted without the decryption key.
To obtain the decryption key, you need to make a payment to the specified amount to the XMR / Monero wallet.
Once you've made the payment, you should contact the attackers via email or Telegram to receive the decryption key.
After receiving the decryption key, you need to input it into the decryption panel in Cash.
Once you hit the decryption button, your files will be decrypted.
現金勒索軟體分析
根據勒索軟體感染研究的豐富經驗,很明顯,在沒有攻擊者參與的情況下解密幾乎是不可能的。支付贖金並不能保證資料恢復,因為網路犯罪者即使在滿足其要求後也常常無法提供解密金鑰。因此,強烈建議不要遵守贖金要求,因為這只會助長犯罪活動。
有趣的是,Cash Ransomware 要求的贖金金額相對較低,這一點值得懷疑。勒索軟體通常會向家庭用戶索取三到四位數的金額(以美元計)。當贖金異常低時,攻擊者可能不會費心向受害者發送恢復工具,這表明勒索軟體可能會用於創造收入或測試新軟體/技術。
緩解和預防
為了防止進一步加密,必須從作業系統中移除現金勒索軟體。但是,這不會恢復已受影響的檔案。只能從備份中進行恢復,這強調了在多個位置(例如遠端伺服器、未插電的儲存設備)維護備份的重要性。
值得注意的勒索軟體範例
LockBit 5、Risen、Cronus、Lynx 和 HorrorDead 是最新的勒索軟體範例,它們的功能都類似,都是透過加密資料並要求解密付費。勒索軟體程式的主要區別在於所使用的加密演算法(對稱或非對稱)和勒索金額,具體取決於目標(家庭用戶與公司和組織等大型實體)。
感染載體
現金勒索軟體以 RaaS(勒索軟體即服務)的形式提供,這意味著其開發人員將其出售給網路犯罪分子。因此,增殖方法可能會有所不同。一般來說,惡意軟體透過網路釣魚和社會工程策略傳播,通常偽裝成合法內容或與合法內容捆綁在一起。惡意檔案可以是執行檔、檔案、文件、JavaScript 等,開啟受感染檔案時會觸發下載/安裝鏈。
常見的惡意軟體分發技術包括:
- 裝載程式/後門型木馬。
- 路過式下載。
- 可疑的下載來源(例如免費軟體網站、P2P 網路)。
- 垃圾郵件中的惡意附件/連結。
- 網路詐騙。
- 非法軟體啟動(“破解”)工具。
- 虛假更新。
此外,某些惡意軟體可以透過本地網路和可移動儲存裝置進行自我傳播。
防護措施
為了防止勒索軟體感染:
- 僅從官方和經過驗證的管道下載。
- 使用正版功能/工具啟動和更新程式。
- 謹慎對待收到的電子郵件和訊息。
- 避免開啟可疑的附件或連結。
- 瀏覽時保持警惕,避免詐騙內容。
- 安裝並定期更新信譽良好的防毒軟體。
- 定期執行系統掃描以偵測並消除威脅。
如果您的電腦感染了現金勒索軟體,建議使用反惡意軟體程式執行掃描以自動消除威脅。遵守這些最佳實踐,確保安全並保護您的資料。
