2、研究人员提供Crypto88勒索软件处理方法
标题:Remove Crypto888 Ransomware
作者信息: November 18, 2016 By Daniel Stoyanov
//BEGIN
I wrote this article to help you remove Crypto888 Ransomware. This Crypto888 Ransomware removal guide works for all Windows versions.
Crypto888 ransomware is a win-locker virus which appears to be a new variant of Petya ransomware. The developers of the clandestine program have given a small clue about their identity. According to the ransom note, Crypto888 ransomware has been developed by a unit of Czech and Russian hackers. The malevolent program targets 196 file types, including the following: .doc, .docx, .xls, .xlsx, .ppt, .pptx, .asp, .aspx, .html, .txt, .pdf, .sql, .cer, .sln, .ini, .dat, .rar, .zip, .rtf, .bdf, .bkp, .csv, .iff, .exif, .ai, .avi, .wmv, .mp4, .mov, .mpg, .mpeg, .asf, .flv, .mkv, .dng, .wps, .eml, .arw, .js, .bat, .lnk, .pak, .m4a, .m3u, .mp3, .wav, .wma, .flac, .mid, .ogg, .sct, .eps, .mkv, .xml, .mdb, .db, .tif, .tiff, .bmp, .png, .psd, .jpg, .jpeg, .gif, .pfx, .qic, .wsc, .crw, .php, .reg, .ps1, .vb, .raw, .odt, .bin.
该勒索软件加密的文件类型有196种。据称是Petya勒索软件的变种,该研究人员称为Crypt888.根据黑客提供的解锁信息,初步推测该勒索软件由捷克和俄罗斯的黑客编写,当然具体的身份到目前为止还不清楚。这里主要介绍的是如何来解锁被加密的文件,该方式适用于所有Windows平台。黑客们提供了一个邮箱用来进行与受害者之间的联系,该邮箱是zaplacenookamzitedesifrujdat@yandex.com。勒索的赎金大约600美元,安全人员并不建议用户支付赎金,即使支付赎金能赎(找)回您的文件,但是谁又能保证其对同一个受害者不再次作案?毕竟他们要的是钱。因此不妥协也许就能帮助对抗勒索软件。该勒索软件给受害者5天的时间来支付赎金,过期可能还会更高。该勒索软件的主要传播途径有2个:第一个是最传统的通过垃圾邮件进行传播。形式则多种多样,为了骗取接受者的信任,它会将邮件编写得看起来十分像正规的厂家或者可信的来源:像是账单啦、推荐函呀、包裹单呀、银行对账单呀、发票呀、法院的正式传票呀等等不一而足。
另外的一个传播途径就是通过捆绑软件的形式:当然最多的就是通过免费、自由软件或者是盗版软件,因此建议用户不要安装一些来路不明的软件,如果确要安装则需要仔细检查设置选项,有的勒索软件会默认捆绑在一些用户通常会安装的软件安装包中。
//END
Crypto888 Ransomware Uninstall
Method 1: Restore your encrypted files using ShadowExplorer
Usually, Crypto888 Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.
Method 2: Restore your encrypted files by using System Restore
Go to Start –> All programs –> Accessories –> System tools –> System restore
Click “Next“
Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Crypto888 Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:
Recuva
Puran File Recovery
Disk Drill
Glary Undelete
研究人员在不建议用户支付赎金的基础上,提供了三种修补方式来对付这个勒索软件。
(1)采用软件ShadowExplorer来恢复加密的文件。
(2)采用Windows系统本身的系统恢复功能System Restore。
(3)采用一些免费的修复软件来寻找被加密的文件:原理是这个勒索软件在加密了受害者的文件后,只是简单的删除了原文件,因此存在恢复的可能。
点评:针对勒索软件,我们的建议还是预防为主:备份备份再备份。 |