GANDCRAB最新变种出现,相比较于GANDCRAB v5.0.4,GANDCRABv5.1更具危害性,请大家注意防范。
---= GANDCRAB V5.1 =---
UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED
*****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****
Attention!
All your files, documents, photos, databases and other important files are encrypted and have the extension:
The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.
The server with your key is in a closed network TOR. You can get there by the following ways:
| 0. Download Tor browser - https://www.torproject.org/
| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/63eefd25f88b4272
| 4. Follow the instructions on this page
**注意防范的同时,如果不幸中招,可以加q2362441418咨询一下
当然,事中防御和事后补救,远不及事前防御更让人来得心安。为了避免不必要的损失,建议您采取如下措施:
(1)针对服务器,不仅要安装带主动防护的杀毒软件,还要部署安全加固软件,阻断******。
(2)关闭445、135、139等不必要的端口,不要在公网上直接暴露远程桌面服务(RDP,默认监听端口3389),如运维需要,确保只能登录×××后才能访问。
(3)及时修复系统漏洞,如果服务器上安装了JBoss、Tomcat、Weblogic WLS等组件,还需及时更新至最新版本。不要轻易安装来路不明的软件,
(4)使用高强度密码并定期更换,禁止在多台服务器上使用相同密码,防止***在爆破一台服务器后可轻易***同密码的其他服务器。
(5)及时备份服务器上的核心数据到其他主机上,并对备份数据做好网络隔离,防止备份数据被加密**
原文地址:http://blog.51cto.com/14090158/2344681