Obscura勒索软件家族详情

【家族名】
Win32/Ransom.Obscura
[平台]   /   [主类型]  .  [家族名]
平台类型 :  Win32 Win64
威胁类型 : Ransom
【是否支持解密】
360解密大师：暂不支持
在线解密：暂不支持
【被加密文件】
被加密文件后缀格式：.obscura
修改文件后缀为


【勒索提示信息】：
文件名：README-OBSCURA.txt
文件内容
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Good day! Your company has failed a simple penetration test.
>> Your network has been completely encrypted by our software.
Our ransomware virus uses advanced cryptography technology that will make it very difficult for you to recover your information.
>> All information has been stolen.
We have stolen all information from all devices on your network, including NAS. The data includes but is not limited to: employee passport details, internal documentation, financial documents, and so on.
>> You have about 240 hours to respond.
If there is no response, all stolen information will be distributed.
We are waiting for you to decide to write to us, and we will be happy to negotiate a ransom price with you. By paying the ransom, you will also receive:
1) a report on how we infiltrated your network
2) instructions + software that decrypts all files
3) our assistance in recovery, if needed.
>> They will not help you; they are your enemies.
Recovery agencies, the police, and other services will NOT HELP you. Agencies want your money, but they do not know how to negotiate.
If you think you can restore your infrastructure from external backups that we did not access, we warn you:
1) The laws of any country impose huge fines on companies for information leaks.
2) Playing against us will not work in your favor. We will gladly wipe every one of your servers and computers.
When you write to us, we expect to hear from you who you are and what your relationship to the company is.
Your ID: 148061707215636819
TOX: AE55FC0EB1C25A5B081650108F9081E236DECE1CE08D2E185A6F15B9FB48E700210BED374643
Blog: http://obscurad3aphckihv7wptdxvd ... iiqndq6y6xad.onion/
Obscura. 2025.
--------------------------------------------------------------------------------------------------------------------------------------------------------------


【防护建议】
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括：
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。