Charon勒索软件家族详情

【家族名】
Win32/Ransom.Charon
[平台]   /   [主类型]  .  [家族名]
平台类型 :  Win32 Win64
威胁类型 : Ransom
【是否支持解密】
360解密大师：暂不支持
在线解密：暂不支持
【被加密文件】
被加密文件后缀格式：.Charon
修改文件后缀为


【勒索提示信息】：
文件名：How To Restore Your Files.txt
文件内容
--------------------------------------------------------------------------------------------------------------------------------------------------------------
================================================================================
                            ATTENTION Egyptair
                        YOUR NETWORK HAS BEEN COMPROMISED
================================================================================
Dear Egyptair Management,
Your corporate network has been successfully infiltrated and encrypted by our
advanced ransomware system. All critical business data, including:
• Financial records and accounting databases
• Customer information and contact lists  
• Employee personal data and HR records
• Proprietary software and source code
• Business contracts and legal documents
• Email archives and communication logs
• Backup systems and recovery files
...have been ENCRYPTED and are currently INACCESSIBLE.
================================================================================
                                WHAT HAPPENED?
================================================================================
Our team has gained complete access to your network infrastructure through
sophisticated penetration techniques. We have:
1. Encrypted all critical business files using military-grade encryption
2. Exfiltrated sensitive data as insurance against non-payment
3. Disabled your backup and recovery systems
4. Maintained persistent access to your network
Your current security measures were insufficient to prevent this breach.
================================================================================
                              RECOVERY OPTIONS
================================================================================
You have TWO options to recover your data:
OPTION 1: Pay the ransom fee of $500,000 USD in Bitcoin
- Fast and guaranteed recovery of all encrypted files
- Deletion of all exfiltrated data from our servers
- Complete removal of our access from your systems
- Detailed security report to prevent future breaches
OPTION 2: Attempt recovery without payment
- Risk permanent data loss
- Potential public release of sensitive information
- Continued vulnerability to future attacks
- Significant business disruption and downtime
================================================================================
                               PAYMENT DETAILS
================================================================================
Ransom Amount: $500,000 USD (Bitcoin equivalent)
Payment Deadline: 72 hours from this notice
Bitcoin Wallet Address: bc1qzhnwl8dx5c7rekplhn4vq7jjxee6depthy9f98
Current Bitcoin Price: Check https://coinbase.com or https://blockchain.info
Payment Confirmation: Send transaction ID to OopsCharon@proton.me
================================================================================
                              IMPORTANT WARNINGS
================================================================================
⚠️  DO NOT attempt to decrypt files yourself - this may cause permanent damage
⚠️  DO NOT contact law enforcement - this will result in data publication
⚠️  DO NOT ignore this message - deadline is strictly enforced
⚠️  DO NOT try to restore from backups - they have been compromised
================================================================================
                               PROOF OF ACCESS
================================================================================
As proof of our capabilities, we have prepared samples of your encrypted data:
• [SAMPLE_FILE_1] - Encrypted on [DATE]
• [SAMPLE_FILE_2] - Encrypted on [DATE]  
• [SAMPLE_FILE_3] - Encrypted on [DATE]
We can provide decryption of 2-3 small files as proof that recovery is possible.
Send your test files to OopsCharon@proton.me with subject "PROOF REQUEST".
================================================================================
                              CONTACT INFORMATION
================================================================================
For payment confirmation and decryption key delivery:
Email: OopsCharon@proton.me
Tox: 42E4DD67CCFDA605BC8F578BA1D47F05250B52EF388C28882A7A1052AFD33126DEB96372BE58
Subject Line: "Egyptair - Payment Confirmation"
Response Time: 12-24 hours
Languages: English, Spanish, French, German, Russian, Chinese
================================================================================
                              BUSINESS CONTINUITY
================================================================================
We understand the critical nature of your business operations. Upon payment:
1. You will receive the master decryption key within 6 hours
2. Step-by-step recovery instructions will be provided
3. Technical support will be available during recovery
4. All exfiltrated data will be securely deleted
5. Security recommendations will be provided
================================================================================
                                 FREQUENTLY ASKED QUESTIONS
================================================================================
Q: Can we negotiate the price?
A: The price is final and non-negotiable(Except in special circumstances).
Q: How do we know you'll provide the decryption key?
A: Our reputation depends on successful transactions. We always deliver.
Q: What if we pay but don't receive the key?
A: This has never happened. We provide 24/7 support until full recovery.
Q: Can we recover without paying?
A: Technically impossible. Our encryption is unbreakable without the key.
Q: Will you attack us again?
A: No. Payment includes permanent removal from our target list.
================================================================================
                               FINAL WARNING
================================================================================
This is a business transaction, not a personal attack. We are professionals
who simply want to be compensated for demonstrating your security weaknesses.
Your cooperation will ensure:
✓ Quick resolution of this incident
✓ Complete data recovery
✓ Minimal business disruption
✓ Confidential handling of this matter
Failure to cooperate will result in:
✗ Permanent data loss
✗ Public exposure of sensitive information
✗ Significant financial and reputational damage
✗ Potential legal complications
================================================================================
Time is critical. Contact us immediately at OopsCharon@proton.me
Remember: We are your ONLY option for data recovery.
================================================================================
                        This message will self-destruct in 72 hours
================================================================================
--------------------------------------------------------------------------------------------------------------------------------------------------------------


【防护建议】
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括：
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。