Spook勒索软件家族详情

【家族名】
Win32/Ransom.Spook
[平台]   /   [主类型]  .  [家族名]
平台类型 :  Win32 Win64
威胁类型 : Ransom
【是否支持解密】
360解密大师：暂不支持
在线解密：暂不支持
【被加密文件】
新增扩展名：.NMU7PHR3V5
【勒索提示信息】：
文件名：RESTORE_FILES_INFO.txt
文件内容 ：
-------------------------------------------------------------------------------
YOUR COMPANY WAS HACKED AND COMPROMISED!!!
All your important files have been encrypted!
Our  encryption algorithms are very strong and your files are very well protected,
the only way to get your files back is to cooperate with us and get the decrypter program.
Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover.
____________________________________________________________________________________
For us this is just business and to prove to you our seriousness, we will decrypt you three files for free.
Just open our website, upload the encrypted files and get the decrypted files for free.
____________________________________________________________________________________
! WARNING !
Whole your network was fully COMPROMISED!
We has DOWNLOADED of your PRIVATE SENSITIVE Data, including your Billing info, Insuranse cases, Financial reports,
Business audit, Banking Accounts! Also we have corporate correspondence, information about your clients.
We got even more info about your partners and even about your staff.
Additionally, you must know that your sensitive data has been stolen  by our analyst experts and if you choose to no cooperate with us,
you  are exposing yourself to huge penalties with lawsuits and government if we both don't find  an agreement.
We have seen it before cases with multi million costs in  fines and lawsuits,
not to mention the company reputation and losing clients trust and  the medias calling non-stop for answers.
Come chat with us and you could  be surprised on how fast we both can find an agreement without getting this incident public.
____________________________________________________________________________________
IF YOU ARE AN EMPLOYER OF A COMPANY THEN YOU SHOULD KNOW THAT SPREADING SENSITIVE INFORMATION ABOUT YOUR COMPANY BEING COMPROMISED IS A VIOLATION OF CONFIDENTIALITY.
YOUR COMPANY'S REPUTATION WILL SUFFER AND SANCTIONS WILL BE TAKEN AGAINST YOU.
____________________________________________________________________________________
WE HIGHLY SUGGEST THAT YOU DON'T CONTACT THE AUTHORITIES REGARDING THIS INCIDENT BECAUSE IF YOU DO, THEN AUTHORITIES WILL MAKE THIS PUBLIC WHICH COMES WITH A COST FOR YOUR ENTERPRISE.
THE RECOVERY PROCESS OF YOUR FILES WILL BE FASTER IF YOU COME AND CHAT WITH US EARLY. IF YOU CHOOSE TO COOPERATE, YOU WILL SEE THAT WE ARE PROFESSIONALS WHO GIVES GOOD SUPPORT.
Instructions for contacting us:
____________________________________________________________________________________
You have way:
1) Using a TOR browser!
a. Download and install TOR browser from this site: https://torproject.org/
b. Open the Tor browser. Copy the link: http://spookuhvfyxzph54ikjfwf2mw ... hp?track=NMU7PHR3V5 and paste it in the Tor browser.
c. Start a chat and follow the further instructions.
Key Identifier:
LGE8hgEtasxRLEsCSEIF2HhEnJvO7nDn6NKhWTF5dmINRaG1OIIclFoL4J/QpVPWIo18r5w6MxDjC//woKGFQWm7DvMrGX5hIe8RgCbGQ1N74TYRp5ByGW2+YVXm8A78Mv0kfDosM1CBbYi0OY1RIjcAJr+bUzfi+0srlhXjHemUGaKuWI2JZReynobSm/9BPsFt6G+CnV4ydb5seitvEkPmx4u4QBYD74GWFyxep4U9GNC7zv2arXEeLv4H7d/O6dum40Ua0s0C8OTfrhS5zn3eO6cd5uNadBrTwuYpgApelWvzs1qCLKdxDlyU1gtcBKfVTd8n4KDPVdZrASP1vyjr0+sRfJeg1mmTkLhbBaWIxMa/Dbh5FkUBHDe7bcxdIGl6ya4WUK3MKj7Ty71KkpjYj5WKScZJ/veez3SH1nUovRrtlB/NhmDkzdAjvOcax37/Lju8AZP4w9evolo9zUlbmGSTz713n0ADxyGiqDo5tLYwEpKv4XL3Lqn1ouj5MTeETnYVVbJ40vKBNf8S21ti8Hy4BL3tm0Oxy+hxC4ne5EQglUByCeAL0TmcH16WDoNLDUGrG1hhDiP+So5nEJAPjiFEr5jLuIVwYhudJydM0K1lfmQu8k/3WyASl2GiAyd7y8STE7vsAIXgY2yQNwIpLvZ0Om9WP55O1a1Oilk=


Number of files that were processed is: 1957
-------------------------------------------------------------------------------
【弹窗】


【防护建议】
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括：
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。