Ragnarok勒索病毒家族详情

【家族名】
Win32/Ransom.Ragnarok

[平台]   /   [主类型]  .  [家族名]
平台类型 :  Win32 Win64
威胁类型 : Ransom

【是否支持解密】
360解密大师：暂不支持
在线解密：暂不支持

【被加密文件】
被加密文件后缀格式： 修改文件后缀为.hela

【勒索提示信息】：
文件名：!!Read_Me.C17F4.html
文件内容 ：
-------------------------------------------------------------------------------
#ALL YOUR FILES ARE ENCRYPTED AND STOLEN BY RAGNAROK
Dear Sir

Your files are encrypted with RSA4096 and AES encryption algorithm.
But don't worry, you can return all your files!! follow the instructions to recover your files

Cooperate with us and get the decrypter program as soon as possible will be your best solution.
Only our software can decrypt all your encrypted files.

What guarantees you have?
We take our reputation seriously. We reject any form of deception
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain any valuable information.
When hiring third-party negotiators or recovery companies. listen to what they tell you. try to think.
Are they really interested in solving your problems or are they just thinking about their profit and ambitions?

By the way.We have stolen lots of your company and your private data which includes doc,xls,pdf,jpg,mdf,sql,pst...
Here we upload sample files of your company and your private data on our blog :
http://sushlnty2j7qdzy64qnvyb6aj ... awodtcedgjid.onion/
We promise that if you don't pay within a week, we will package and publish all of your company and your data on our website.
We also promise we can decrypt all of your data and delete all your files on internet after your payment.
Such leaks of information lead to losses for the company. fines and lawsuits. And don't forget that information can fall into the hands of competitors!
For us this is just business and to prove to you our seriousness.

Our e-mail:
CHRISTIAN1986@TUTANOTA.COM

Reserve e-mail:

melling@confidential.tips

Device ID:
=AAAfljMx4iNzEjL4YTMuITOxwiVyIjU3EUO2UETw0iTJdFL3I0NBJTRBZDRwMTN5EEMxQTR2UUO1YEMDVDRGNTNzI0M2AzMFREM3UDOwYzNBVUMyETRwczMCFENCZEMzMjNxQUQ1IDNCNENDRjRyUUNEVURyI0M1YURBZTM4YENDZTMDJEMxAzM3IURyEjMGZzQ1IkM5I0MBNERDljQEFUNCFjRwYDM3IUNzQkR1MEOyMzNwETQ2QzMBljQ0kjR5UzNwUURGlzN1YzQChTRCVjRDJkNBRkRFVDM2czQwUTN3Q0QxAzMwMUODVENBFDOzITQ4MTM2YUOBNEN4UDO2EENFRDMykzN3EjMERkNCBDN4UjMENER1EEM5kDNzM0NzEDOFVjNEFjN2ATNFlTOEJUMBRDMxUTODZEO5Y0NzIkQxUTQ0kTRzYjNyMUM4Y0M5QUQCZUR5kDNyIUQDJEMxYjR5cDOEREN3ADO3IzMxM0Q3kTO3MTOwcTRyMTQxkDO2QEN2MzMxEzNyIzMxYEOBhDRyMjQCN0MzUDOENjR0ITOwYTRFdTQCZzMBlTMGhTNzIjRwcTMEBTN5EjQCVkM4EzM4UTMCNjR4kTOBNERwUkRwIDRykTRER0QGJDREFEMChTMCVEREJEOBZzQCFUNGNTOCJjNzUDRyIUOxYEODhzQGR0MEFEOFZTN5MUM4EzN3ETO3YzNDJ0QFJDMxEjQ0kjNBNzQBZERFJ0M0AzNxUTMFFzQxkjMFVTMxIkM5MDM2kjR3ADOxUDR1YTQEFDOyMEMBFDR1kjQ3MzMCBTNGRDOFJkRGVUQwcDRCREN3UEN0kTQFRUN5IURBZTQwQUR1Q0NCZzNzYjR3AjMDNkMDlTQ3U0M0cDRxU0MygTNFZkQ2MkR0QjN3ITQ5YjR0kTRCVEMwYTM5MjR1ITNBdzQwMUOEZTQyITO1ETO0kTM2UURCN0NwATOGFTOzMkMCFUN5IjRwEURFRDOFJTQ1kzNGBDREF0NzEDOzIUM5kjQ0YUN1kTR5cjQ3AzN5QDM1MjQ2ITR0EkRENDR4ETR2UkMEZjR4EkMzQTNwAjM0gjNxkTRBNTQDZzN4gDMwcDRyAjM0AzMDJEODZ0MERUQCF0NxUTO5cDN0QDNwkTR5IURyUUO1QzQBZTNGNTRDhTQBlDR5kzMBNTQDNjRCFUR1IUM2cTO4I0MwIENERUOBFDNyITMFJTNyIERwQUQ3QUO2UDRGFTO3ITRGljNGRTRyMjQGJjM3UTM4MENFNjRygDRCNTRCZ0QCF0NzAjRBJjQBdTRBF0N4gzQCRUM1QTN1ADR3ITMFNjN2QTQ2MERFFjN3gzNGNUQ1YTMBhTNGhDM0YDNGJjRFFzMzMjNzQTRxUTMyMUOyQjNycTOBVkQ0UUO5UkM4ETM0wCO3UkNCZUN4UUMDRkMCVUNDVTRxgTRDFTO1EUMyUTQERDO0U0QwQEMElDRwIDMyUzQDdTQ4EERwMUNyUkQ4UkRxMDOBBjMzUTQwMDNDBjMxIUNxIUO5YTOERTNDRkR4MzM0IDN1MkQDJjNBlTQyEURzI0MwATNGF0QEJERFljM0QjNCZDODZTM0EkNDZEM5EDOzcjRFVERBFUQBRjNxIEN4MER2gzNGZjQ5ITQ4MkNzIjQBJTOFVzQFV0N5MEOwQTNFVEM1czQxQjNBJUMFVUO1IzNxUTM4EEOwE0QBN0QxIUOBhjRDZTQ3kjNDFDR4Y0MDZkM1gDM1YTRxYUN4QjRwUEMygTOzIjNGhTN0QTN2cjM1UUR5YENBN0QFRDR2MzM4ETN0UUQwU0MDhTRFF0NCBTNGNER2EUNFNUQFJEOBZDM1EUMGBTN5YzNFZUM1UEOGhDN1gTQDJDOwM0MwUTRyAzQ5MkNGRzMFNDRzgzMFV0N3IjRCJEOGRTRFRkMFRTREFDODJURycDO3EDM5IzMEVER2MzN4UUMENjNBFEMFhTM5YTRDRjR3czNyYzQ4YjMCVUMBVER1MkRyUDO3Y0MxcDODhDMDNkM3ITOEFEM5kzN5EERyMDMEhzN2gzN2YjMyITN3kzN2YjMBVTN1U0M5EUNxMUQCJjMycjN0QjNxQENGZENGNjQCREOwMkMCFDRCFzNGdDMzgzMCZ0NFNDM3YURzQDMxQDNCFjR0gTRFhDNCVjQ2UDOFhzQ1kjQ1YjMCFUOFdzN1kDMzIkRFhzNyUTQyQjR1YUOGNUO1YkRxQUR2UjM1IjR2IUOCR0NBR0N1UTQGZEOCN0Q5MUNEBzQ2YDMEJUQ2YDO5M0Q1YjQ5QURDhTO0kDNGR0Q1gjQGZEMEhDMzEjR3YzMDZ0MxEEMwIkR0MjQDZkMGBzMDJTO0YERyQjQBRDNCNTNCFTR4YUMzcTQxYTQ5IkMFVTOxQDM4MzMBJEO3YEMBRTRzgzN2QTM2kjN0EzNwIDNxYTM4ETMCVjMGhTQxMUQ1EENzADRyMEMwUjM5E0NDZTOBZTOENUO2YUO5ATQCJzMyQEN0YDN4ADO2kjQ0kjQ1QENEZEN4MTQ5MEM0MjQ2UUNyQUOFdTNDdzN5IEODBTQCRzQFVkQ3QDRwIEMDJkQBVEOwYkM1QjN0UjR2IDRxEkREhTR1cDNxYTOENEN3YkMxE0Q3gjRwQUO0cjQ0kjQ5UTQwIjRClDOEFDM2EUNBNzQ0I0MGdzNCdDMBhjN0EzN5EjR5UzQFNkNykTQBhjR5cjQzIDM1UkMwYjM4UjQ1IzQDJUO0ITNxUUQ5MkMEFkRGVEOClzQykTM2ITQDlDO1MURzIjM
-------------------------------------------------------------------------------
【防护建议】
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括：
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。

家族：Ragnarok
被加密文件后缀:hela
黑客邮箱/Url：sushlnty2j7qdzy64qnvyb6ajkwg7resd3p6agc2widnawodtcedgjid.onion

家族：Ragnarok
被加密文件后缀:hela
黑客邮箱/Url：CHRISTIAN1986@TUTANOTA.COM

家族：Ragnarok
被加密文件后缀:hela
黑客邮箱/Url：melling@confidential.tips

家族：Ragnarok
被加密文件后缀:thor
黑客邮箱/Url：ragnar0k@tutanota.com

家族：Ragnarok
被加密文件后缀:thor
黑客邮箱/Url：ragnarok_recover@secmail.pro

家族：Ragnarok
被加密文件后缀:thor
黑客邮箱/Url：r19nar0k@airmail.cc

家族：Ragnarok
被加密文件后缀:ragnarok_cry
黑客邮箱/Url：asgardmaster5@protonmail.com

家族：Ragnarok
被加密文件后缀:ragnarok
黑客邮箱/Url：ragnarok_master@protonmail.com

家族：Ragnarok
被加密文件后缀:ragnarok
黑客邮箱/Url：ragnarok@rape.lol

家族：Ragnarok
被加密文件后缀:ragnarok
黑客邮箱/Url：yawkyawkyawk@cock.li

家族：Ragnarok
被加密文件后缀:rgnk
黑客邮箱/Url：!!Attention_How_To_Recover_My_Files.txt

家族：Ragnarok
被加密文件后缀:rgnk
黑客邮箱/Url：ragnarok_master@protonmail.com

家族：Ragnarok
被加密文件后缀:ragnarok
黑客邮箱/Url：asgardmaster5@protonmail.com

家族：Ragnarok
被加密文件后缀:ragnarok
黑客邮箱/Url：ragnar0k@ctemplar.com

家族：Ragnarok
被加密文件后缀:ragnarok
黑客邮箱/Url：j.jasonm@yandex.com

家族：Ragnarok
被加密文件后缀:hela
黑客邮箱/Url：christian1986@tutanota.com

家族：Ragnarok
被加密文件后缀:hela
黑客邮箱/Url：melling@confidential.tips

家族：Ragnarok
被加密文件后缀:rgnk
黑客邮箱/Url：!!Attention_How_To_Recover_My_Files.txt

家族：Ragnarok
被加密文件后缀:ragnarok_cry
黑客邮箱/Url：asgardmaster5@protonmail.com

家族：Ragnarok
被加密文件后缀:ragnarok
黑客邮箱/Url：asgardmaster5@protonmail.com

家族：Ragnarok
被加密文件后缀:hela
黑客邮箱/Url：christian1986@tutanota.com

家族：Ragnarok
被加密文件后缀:ragnarok
黑客邮箱/Url：j.jasonm@yandex.com

家族：Ragnarok
被加密文件后缀:hela
黑客邮箱/Url：melling@confidential.tips

家族：Ragnarok
被加密文件后缀:thor
黑客邮箱/Url：r19nar0k@airmail.cc

家族：Ragnarok
被加密文件后缀:ragnarok
黑客邮箱/Url：ragnar0k@ctemplar.com

家族：Ragnarok
被加密文件后缀:thor
黑客邮箱/Url：ragnar0k@tutanota.com

家族：Ragnarok
被加密文件后缀:ragnarok
黑客邮箱/Url：ragnarok@rape.lol

家族：Ragnarok
被加密文件后缀:ragnarok
黑客邮箱/Url：ragnarok_master@protonmail.com

家族：Ragnarok
被加密文件后缀:rgnk
黑客邮箱/Url：ragnarok_master@protonmail.com