2019年5月最新勒索病毒样本分析及数据恢复

一、依然熟悉的“老面孔”

中毒特征：<原文件名>.{邮箱}AOL

勒索信息：how_to_back_files.htm

特征示例：ReadMe.txt.{[email protected]}AOL

特征后缀收集：{[email protected]}AOL? 及其他 .com}AOL 后缀

{[email protected]}AOL

{[email protected]}MTP

{[email protected]}MGH

{[email protected]}CMG

{[email protected]}MG

中毒特征：<原文件名>.ID-<随机8位字符串>.<邮件地址>.特征后缀

勒索信息：FILES ENCRYPTED.txt data files encrypted.txt info.hta

特征示例：readme.txt.ID-16E86DC7.[[email protected]].btc
readme.txt.id-F06E54C7.[[email protected]].ETH

特征后缀收集：.ETH .btc .adobe .bkpx .tron .bgtx .combo .gamma .block .bip .arrow .cesar [email protected] [email protected] [email protected] [email protected]@qq.com? [email protected] [email protected]@india.com [email protected] [email protected]@qq.com btccrypthel[email protected]

中毒特征：<原文件名>.scaletto

勒索信息：how_to_open_files.html

特征示例：readme.txt.scaletto

勒索邮箱：[email protected]

中毒特征：[邮箱].字符-字符.ITLOCK

勒索信息：!README_ITLOCK!

特征示例：[[email protected]].63Nv1K7q-xCeWZJaH.ITLOCK

特征后缀收集：.ITLOCK

[email protected]

[email protected]

[email protected]

1、.firex3m后缀勒索病毒

勒索文件示例：325248.jpg.id-3261642625_[[email protected]].firex3m

后缀特征：.firex3m

勒索文件：!!! DECRYPT MY FILES !!!.txt

勒索邮箱： [email protected]

勒索文件示例：1月印绣洗.xls.{[email protected]}KBK

勒索邮箱：[email protected]

勒索文件示例：SD31801N_201801_log.LDF.
{[email protected]}BET

勒索邮箱：[email protected]

勒索文件示例：readme.txt.[ID-599947564][[email protected]].JURASIK
勒索文件：JURASIK-DECRYPT.txt
勒索邮箱：[email protected]

勒索文件示例：readme.txt.{[email protected]}VC

勒索邮箱：[email protected]

原文地址：https://blog.51cto.com/14119124/2395926