Kyber勒索软件家族详情

【家族名】
Win32/Ransom.Kyber
[平台]   /   [主类型]  .  [家族名]
平台类型 :  Win32 Win64
威胁类型 : Ransom
【是否支持解密】
360解密大师：暂不支持
在线解密：暂不支持
【被加密文件】
被加密文件后缀格式：.#~~~
修改文件后缀为


【勒索提示信息】：
文件名：READ_ME_NOW.txt
文件内容
---------------------------------------------------------------------------------------------------------------------------
/
#  Hello, if you are seeing this then you have been attacked by Kyber Ransomware.
\
<=> Your files are encrypted with the AES-256-CTR algorithm.
     >--  (Explanation) https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
<=> Two asymmetric algorithms X25519 and Kyber1024 were used for key generation.
     >--  (Explanation) https://en.wikipedia.org/wiki/Curve25519
     >--  (Explanation) https://en.wikipedia.org/wiki/Kyber
<=> Keys are created from several random sources, so do not hope that you will return the files without our help
     >--  (Explanation) https://en.wikipedia.org/wiki//dev/random
     >--  (Explanation) https://en.wikipedia.org/wiki/RDRAND
     >--  (Explanation) https://en.wikipedia.org/wiki/HKDF
(??WE HAVE A FLASH DRIVE WITH BACKUPS ON THE ADMIN'S NECK??)
>========================================================================================
> In addition to encrypting files, a lot of data has been downloaded from your network.
> If you don't write to us, within a week or two your name will end up on our
> blog with example of important data.
>========================================================================================
(??CAN WE TRUST HACKERS??)
>========================================================================================
> If you come to our chat room, you can count on free decryption for three small files.
> and examples of the downloaded data.
>========================================================================================
(??WE DON'T HAVE VALUABLE DATA??)
>========================================================================================
> We take a responsible approach to doing our job.
> We have probably downloaded a lot of personal information from your servers, and could
> cause you HUGE problems by publishing it.
# Documents such as payroll, statements, contracts and others may contain valuable data,
# the publication of which could lead to lawsuits.
>========================================================================================
(??WILL THE POLICE HELP??)
>========================================================================================
> DO NOT try to call the police as they will not save you from
> publishing your data, nor will they help you get your files back,
> they will only ban you from paying.
>========================================================================================
(??WHAT IF I TRIED TO TRICK YOU???)
>========================================================================================
> DO NOT modify the files, you may damage them and make it so
> we can't help you.
>========================================================================================
(??WHAT ABOUT THE ANONYMITY??)
>========================================================================================
> We create unique links to anonymous chat for each company.
> you don't have to worry, all the details of our deal will be kept secret.
> We also have alternative ways to contact us if you are worried and do
> not want to write in the panel.
>========================================================================================
HOW TO CONTACT US:
<=> Download Tor Browser (https://www.torproject.org/download)
<=> Open it
<=> Follow this link: http://mlnmlnnrdhcaddwll4zqvfd2v ... 20e888b56e97881937f
  (Also maybe you would like to visit our blog? Don't be shy!)
<=> Blog: http://kyblogtz6k3jtxnjjvluee5ec ... mphmqidkt7xid.onion
---------------------------------------------------------------------------------------------------------------------------

【防护建议】
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括：
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。