Embargo勒索软件家族详情

【家族名】
Win32/Ransom.Embargo
[平台]   /   [主类型]  .  [家族名]
平台类型 :  Win32 Win64
威胁类型 : Ransom
【是否支持解密】
360解密大师：暂不支持
在线解密：暂不支持
【被加密文件】
新增扩展名：.564ba1（随机字符串）


【勒索提示信息】：
文件名：HOW_TO_RECOVER_FILES.txt
文件内容 ：
-------------------------------------------------------------------------------
Your network has been chosen for Security Audit by EMBARGO Team.
We successfully infiltrated your network, downloaded all important and sensitive documents, files, databases, and encrypted your systems.
You must contact us before the deadline 2024-05-21 06:25:37 +0000 UTC, to decrypt your systems and prevent your sensitive information from disclosure on our blog:
http://embargobe3n5okxyzqphpmk3m ... kk7hhi544jid.onion/
Do not modify any files or file extensions. Your data maybe lost forever.
Instructions:
1. Download torbrowser: https://www.torproject.org/download/
2. Go to your registration link:
=================================
http://5ntlvn7lmkezscee2vhatjaig ... 1a4598f130979ad77c8
=================================
3. Register an account then login
If you have problems with this instructions, you can contact us on TOX:
9500B1A73716BCF40745086F7184A33EA0141B7D3F852431C8FDD2E1E8FAF9277E9FDC117B47
After payment for our services, you will receive:
- decrypt app for all systems
- proof that we delete your data from our systems
- full detail pentest report
- 48 hours support from our professional team to help you recover systems and develop Disaster Recovery plan
IMPORTANT: After 2024-05-21 06:25:37 +0000 UTC deadline, your registration link will be disabled and no new registrations will be allowed.
If no account has been registered, your keys will be deleted, and your data will be automatically publish to our blog and/or sold to data brokers.
WARNING: Speak for yourself. Our team has many years experience, and we will not waste time with professional negotiators.
If we suspect you to speaking by professional negotiators, your keys will be immediate deleted and data will be published/sold.
-------------------------------------------------------------------------------
【防护建议】
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括：
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。