RADAR 勒索軟體應該要引起您的注意
每天我們醒來,勒索軟體仍然是用戶在網路上面臨的最強大的對手之一。該領域的新進入者之一是 RADAR 勒索軟體,這是一種旨在加密檔案並要求解密的贖金的惡意程式。讓我們深入了解 RADAR 勒索軟體是什麼、它如何運作以及可以採取哪些措施來防範它。
Table of Contents
什麼是 RADAR 勒索軟體?
RADAR 勒索軟體是一種遵循典型作案手法的惡意軟體。它對受感染系統上的檔案進行加密,並在檔案名稱後面附加隨機字串。例如,最初名為「picture.png」的檔案在加密後可能會轉換為「picture.png.W36G8ePNp」。
加密過程完成後,RADAR 勒索軟體會修改桌面桌布並投放標題為「README_FOR_DECRYPT.txt」的勒索字條。這張便條是為了告知受害者,他們的文件已被加密並且資料已被盜,並威脅稱,除非滿足贖金要求,否則將洩露被盜資訊。
請看下面的勒索信:
Your network has been breached and all major data were encrypted.
Important files have been downloaded from your servers and are ready to be published on TOR blogs.To decrypt all the data and prevent exfiltrated files to be disclosed on TOR blogs, data leak forums, data leak databases, telegram channels etc with lot of tags/videos on twitter/facebook you should purchase our decryption tool. We will provide you a proof video how our Decryption Tool works.
Please contact our sales department at Skype: XXXXXXX
We appreciate and respect everyone, that's why in Skype you will get a proof, we will record a video of 5-10 files of your choice.Follow the guidelines below to avoid losing your data:
- Do not modify, rename or delete encrypted files. In result your data will be undecryptable.
- Do not modify or rename encrypted files. You will lose them.
- Do not report to the Police, FBI, etc. They don't care about your business. They simply won't allow you to pay. As a result you will lose everything and your data, recorded data on videos etc will be published.
- Do not hire a recovery company. They can't decrypt files without our Decryption Tool. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. You should contact with us yourself and we'll guarantee you 10077BCB65CA365CF885446C7CB6B4ABA99uccessful decryption without any loss + exfiltrated data erasing from our servers.
- Do not reject to purchase RADAR Decryptor from us, otherwise exfiltrated files will be publicly disclosed with video of files.
P.S. Do not repeat the same mistakes as other companies did with us, for example our old case with a small Spain Company: XXXXXXX Their Website - XXXXXXX
Our media team published files and videos, because they didn't pay as in time. Small part of proofs:
XXXXXXX
XXXXXXX
XXXXXXX
XXXXXXX
Lot of telegram channels like XXXXXXX , XXXXXXX , all darkweb resources list from here - XXXXXXXWe have a direct contact with a list of ransomware owners in jabber and tox, you can see all the companies that refused to cooperate with us, TOR/onion URLs: hxxp://xb6q2aggycmlcrjtbj[redacted]sqb4nx6cmod3emy7sad.onion
hxxp://mbrlkbtq5jonaqkurj[redacted]4rgjbkkknndqwae6byd.onion
hxxp://bianlianlbc5an4kgn[redacted]gczopmm3dnbz3uaunad.onion/
hxxp://alphvmmm27o3abo3r2[redacted]5xsj7j7ejksbpsa36ad.onion
htxxp://knight3xppu263m7g4[redacted]h7vjdc3zrscqlfu3pqd.onion/For XXXXXXX we hired 3rd party team of data analysts with OSINT-specialists. Because of adding such 3rd parties, the price for Decryption Tool and exfiltrated data erasing has been increased. In result they suffered significant problems due disastrous consequences, leading to loss of valuable intellectual property and other sensitive information, GDPR issues, costly incident response efforts, information misuse/abuse, loss of customer trust, brand and reputational damage, legal and regulatory issues. And it will never end for them, as their files are constantly downloaded and videos are viewed by people from all over the World.
That's why we don't recommend to ignore us.Let's respect each others time.
With best Regards, RADAR
雙重勒索策略
RADAR 勒索軟體留下的贖金票據有雙重目的:它要求支付解密文件的費用,並警告受害者,如果不支付贖金,他們的數據將被公開發布。這種方法稱為雙重勒索,會增加受害者遵守攻擊者要求的壓力。該說明進一步詳細介紹了網路犯罪分子過去的攻擊以及他們執行的公司洩密事件,強調了威脅的嚴重性。
受害者通常被允許解密少量檔案(5-10)以展示攻擊者的解密能力。然而,任何重命名、修改或刪除加密檔案的嘗試都可能導致它們無法解密,從而為受害者增加另一層難度。
支付贖金的風險
雖然支付贖金似乎是重新獲得加密文件存取權的最快方法,但它充滿了風險。經驗表明,如果沒有犯罪分子的干預,解密往往是不可能的,即使支付贖金也不能保證提供解密工具。此外,支付贖金支持犯罪活動並使勒索軟體攻擊的循環持續下去。
當局和網路安全專家強烈建議不要滿足攻擊者的要求。相反,從作業系統中刪除勒索軟體對於防止進一步的資料加密至關重要。不幸的是,僅刪除並不能恢復已加密的檔案。最好的解決方案仍然是從備份中恢復數據,這凸顯了定期數據備份的重要性。
預防措施和最佳實踐
預防勒索軟體感染需要採取多方面的方法。以下是防範 RADAR 勒索軟體等威脅的關鍵策略:
1.定期備份
在多個位置保存重要資料的備份,例如未插電的儲存設備、遠端伺服器和雲端儲存。這可以確保即使一個備份受到損害,其他備份也保持完好。
2.保持警惕的瀏覽和電子郵件實踐
瀏覽網路和處理電子郵件時請務必小心。不要開啟附件或點擊從未知或可疑來源收到的連結。不要相信來自陌生寄件者的電子郵件中的信息,尤其是那些要求提供個人資訊或包含緊急訊息的電子郵件。
3.使用可信任軟體
僅從官方且值得信賴的管道下載軟體。避免使用第三方工具進行軟體啟動或更新,因為這些工具可能包含惡意軟體。
4.更新的安全措施
確保您的防毒和反惡意軟體軟體始終是最新的。這些工具可以在勒索軟體造成損害之前對其進行檢測和阻止。
了解勒索軟體分佈
包括 RADAR 在內的勒索軟體主要透過網路釣魚和社會工程策略進行傳播。惡意軟體通常偽裝成合法文件,例如可執行文件、檔案或文件。常見的擴散方法包括後門木馬、偷渡式下載、惡意電子郵件附件、可疑下載來源和惡意廣告。一些勒索軟體甚至可以透過本地網路和可移動儲存設備傳播。
最後的想法
RADAR 勒索軟體是數位世界中的重大威脅,它採用雙重勒索等先進策略來脅迫受害者。了解此類勒索軟體的運作方式並採取主動措施來保護您的資料對於防禦這些攻擊至關重要。定期備份、保持警覺的瀏覽習慣和更新的安全措施是抵禦勒索軟體破壞性和代價高昂影響的最佳防禦措施。隨時了解情況,保持保護,並記住,打擊勒索軟體的最佳方法是預防和準備。
