Dzen 勒索软件基于 Phobos 代码
Dzen 是一种与 Phobos 系列相关的勒索软件,是我们在分析新恶意软件样本时发现的。该变种会加密文件并更改其文件名,同时还提供两个名为“info.txt”和“info.hta”的勒索字条。每个加密文件都标有受害者的 ID、电子邮件地址和“.dzen”扩展名。
例如,它将“1.jpg”更改为“1.jpg.id[9ECFA84E-3536].[vinsulan@tutamail.com].dzen”,将“2.png”更改为“2.png.id[9ECFA84E-”第3536章].[vinsulan@tutamail.com].dzen,”等等。
勒索信告知受害者加密情况,并指出只有犯罪者的软件才能解锁数据。他们不鼓励任何独立解密或使用第三方工具的尝试,并警告数据会永久丢失。
此外,这些说明建议不要涉及中介或恢复服务,理由是潜在的欺骗或进一步的数据泄露。犯罪分子承诺保密,并承诺在支付赎金后删除所有下载的数据,确保受害者的个人信息不会被出售或用于未来的攻击。
然而,他们规定了两天的联系期限,并威胁说,如果期限过后,将与感兴趣的各方分享数据。详细联系信息通过两个电子邮件地址(vinsulan@tutamail.com 和 vinsulan@cock.li)提供,并附有在电子邮件主题中包含特定 ID 的说明。
Dzen 勒索信威胁数据泄露
Dzen勒索信全文如下:
Your data is encrypted and downloaded!
Unlocking your data is possible only with our software.
Important! An attempt to decrypt it yourself or decrypt it with third-party software will result in the loss of your data forever.
Contacting intermediary companies, recovery companies will create the risk of losing your data forever or being deceived by these companies.
Being deceived is your responsibility! Learn the experience on the forums.Downloaded data of your company.
Data leakage is a serious violation of the law. Don't worry, the incident will remain a secret, the data is protected.
After the transaction is completed, all data downloaded from you will be deleted from our resources. Government agencies, competitors, contractors and local media
not aware of the incident.
Also, we guarantee that your company's personal data will not be sold on DArkWeb resources and will not be used to attack your company, employees
and counterparties in the future.
If you have not contacted within 2 days from the moment of the incident, we will consider the transaction not completed.
Your data will be sent to all interested parties. This is your responsibility.Contact us.
Write us to the e-mail:vinsulan@tutamail.com
In case of no answer in 24 hours write us to this e-mail:vinsulan@cock.li
Write this ID in the title of your message: -
If you have not contacted within 2 days from the moment of the incident, we will consider the transaction not completed.
Your data will be sent to all interested parties. This is your responsibility.Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
如何保护您的敏感数据免受勒索软件攻击?
保护敏感数据免受勒索软件攻击需要采取将主动措施与反应策略相结合的综合方法。以下是保护您的敏感数据的一些步骤:
定期数据备份:在单独的存储设备或云服务上定期备份敏感数据。确保这些备份离线存储或存储在安全的环境中,以防止它们在攻击期间受到损害。
更新和补丁系统:使用最新的安全补丁让您的操作系统、软件和应用程序保持最新状态。勒索软件攻击者可以利用过时软件中的漏洞来访问您的系统。
实施安全软件:在所有设备和网络上安装信誉良好的防病毒和反恶意软件软件。这些工具可以帮助检测并阻止勒索软件威胁,防止它们感染您的系统。
使用电子邮件和网页过滤:实施电子邮件和网页过滤解决方案来阻止勒索软件分发者通常用来传播恶意软件的恶意附件、链接和网站。
教育员工:培训员工如何识别网络钓鱼电子邮件、可疑链接以及勒索软件攻击者使用的其他社会工程策略。鼓励他们在打开电子邮件附件或单击链接(尤其是来自未知发件人的链接)时务必小心。
限制用户权限:将用户权限限制为仅执行其工作职责所需的必要权限。这有助于防止勒索软件在成功渗透后在您的网络中横向传播。
网络分段:将您的网络划分为具有受限访问控制的单独网段。这可以遏制勒索软件的传播并限制其对关键系统和数据的影响。
启用双因素身份验证 (2FA):尽可能实施双因素身份验证,为您的帐户和系统添加额外的安全层。即使登录凭据遭到泄露,这也有助于防止未经授权的访问。
