一个24小时运行的Win7中了勒索病毒！！！

wwwab

以后发勒索信请给原图

不要翻译
不要翻译
不要翻译

还好后缀是mkp，一眼就能看出来是makop

Jirehlov1234

wwwab 发表于 2022-5-24 12:17
以后发勒索信请给原图

不要翻译

单靠后缀还是证据不足。好在楼主这个例子可以通过邮箱和勒索信格式来判断是makop。

gbx972

lvzhiwei 发表于 2022-5-24 10:52
卡巴斯基也防止不了所有病毒包括勒索，卡巴名气大会有人专门针对卡巴做免疫的。还是要和前面几楼说的那样 ...

直接用HIPS保护数据，别说病毒，就连ali的保护进程读取能防，还有什么防不了

gbx972

不知道LZ的WIN7是不是SP1，有没有打到最新的补丁。

xzykgc4mc3

Hibike 发表于 2022-5-23 23:23
防勒索的话，智量/KART/HMPA吧

大佬，弱弱问一声，火绒跟Kaspersky Anti-Ransomware Tool能够搭配吗

00006666

dongwenqi 发表于 2022-5-24 10:52
是的，我系统是win7，没打过系统补丁，没有中招勒索病毒

楼主那个是开公网IP，然后被扫描到给爆破了，一般家庭使用的都是内网IP。

陪你去见鬼

wwwab 发表于 2022-5-24 12:17
以后发勒索信请给原图

不要翻译

::: Greetings :::

Little FAQ:

.1.
Q: Whats Happen?
A: Your files have been encrypted. The file structure was not damaged, we did everything possible so that this could not happen.

.2.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay us.

.3.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.

.4.
Q: How to contact with you?
A: You can write us to our mailbox: hopeandhonest@smime.ninja

.5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.

.6.
Q: If I don’t want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.



:::BEWARE:::
DON'T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.


这是原文

dongwenqi

00006666 发表于 2022-5-24 12:49
楼主那个是开公网IP，然后被扫描到给爆破了，一般家庭使用的都是内网IP。

说的也是

00006666

陪你去见鬼 发表于 2022-5-24 12:53
::: Greetings :::

Little FAQ:

分享一个被加密的文档文件来判断比单独看这个勒索信要准确。

陪你去见鬼

freeyang 发表于 2022-5-24 12:00
Win7做家庭小服务器真的安全性太差了，而且楼主还把它暴露公网，肯定都被扫描无数次了。没事整个linux做小 ...

下载机还是win方便啊，整个迅雷和百度云，就能远程控制下载了，而且还有个打印机是通过Win7共享给其他设备的，Linux不知道怎么驱动打印机并共享