SchrodingerCat 勒索软件要求 BTC 赎金

在对新文件进行例行检查时，我们的研究团队偶然发现了 SchrodingerCat 勒索软件，它是 GlobeImposter 勒索软件家族的一个变体。薛定谔猫对数据进行加密并要求付费才能解密。

经过测试，我们观察到该勒索软件会对文件进行加密，并在其名称后附加“.schrodingercat”扩展名。例如，名为“1.jpg”的文件在加密后将变为“1.jpg.schrodingercat”，依此类推。

加密后，SchrodingerCat 会生成名为“how_to_back_files.html”的勒索字条，表明它的目标是组织而不是个人用户。该说明声称受害者的公司网络已被破坏，导致其存储的文件被加密。

为了重新获得加密数据的访问权限，受害者必须购买解密器，价格为 0.15 BTC，在撰写本文时相当于约一万美元。该说明建议不要涉及中间人，并鼓励与攻击者直接谈判。

拒绝支付赎金可能会导致网络犯罪分子拍卖或泄露从网络中窃取的敏感数据。此外，犯罪分子可能会联系受害者的客户，提出出售他们泄露的信息。

薛定谔猫的作者将自己视为一家企业

SchrodingerCat 勒索信全文包含大量文字，黑客称自己为“Nacugunder Corporation”。全文如下：

YOUR PERSONAL ID

ENGLISH
YOUR CORPORATE NETWORK LOCKED!

ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.

TO RESTORE FILES YOU WILL NEED A DECRYPTOR!
To get the decryptor you should:
Pay for decrypt your network - 0.15 BTC

Buy BTC on one of these sites
hxxps://binance.com
hxxps://www.coinbase.com
Any site you trust

Bitcoin Wallet: 3Pvn*MLA5

Our contacts:
email: yourdatahelp@seznam.cz

ToxID: CA04B61C320C50D12A2C1B95B5062474B5C00B995B588D0B3781DC052CBF9A354CD10F96C84D

You can download TOXChat here : hxxps://tox.chat/download.html

The message must contain your Personal ID! it is at top of this document.

HOW IT WORKS.

If you need a decrypter or return information, please contact us directly ! The guarantee of successful deals is only a direct contact! Don't shy… It's just business for us and we are always ready for polite and mutually beneficial communication.

What's problem with intermediaries?!

Very often intermediaries take money for themselves, it looks something like this: You turn to an intermediary for help, who promises you huge discounts and professional solutions to problems. Afterwards, intermediary contacts us to conduct a decrypt test, receives decrypted files, and then asks you to transfer money to a wallet not related to us. Having received money, intermediary assures client in every possible way that he did not receive decrypter or simply disappears with money. REMEMBER! - We only have wallet that is indicated in this html (first and last 4 characters) When transferring money to any other wallet, you are not transferring it to us.

deception using various Universal Decryptors for 30% of cost or at a fixed price has become very common. With beautiful pictures or enticing videos on YouTube, where they will show you how it works "Universal Software" - which in reality does not work, but is a Trojan for stealing bitcoin or another cryptolocker, before installing something like that - test it on an isolated network computer and you can see that it is useless. Globeimposter 2.0 namely, this is what you see on your network 🙂 can't be deciphered by anything! Besides original key… only one who created Build has key!- this is us. Contact real professionals like - hxxps://www.bleepingcomputer.com/forums/, or any large anti-virus companies - - they can tell you all horror of situation.

Considering above, we reserve right to request KYC confirmation. For example, send us a message from your corporate email on behalf of Company Director or IT department. We know their original emails - since we carefully study network before work 🙂 By contacting directly, you can count on a friendly conversation, a business-like approach… and possibly a good discount (discount depends on many circumstances, size of company,size of ransom, our checks of your accounting, phase of the Moon, etc.)
WHAT HAPPENS IF YOU DON'T PAY

In case of non-payment, we organize an auction on various sites in DarkNet and try to sell files leaked from your network to interested parties.
Next, we use mail + any other contacts of your clients, and notify them of what happened, perhaps they will be interested so that information does not get into public domain and will be ready to buy out information separately.
-If there are no willing to buy, we simply publish everything that we have in the public resources.

© 2024 Nacugunder Corporation | All Rights Reserved.

像 SchrodingerCat 这样的勒索软件是如何分布的？

像 SchrodingerCat 这样的勒索软件通常通过各种方法分发，包括：

网络钓鱼电子邮件：网络犯罪分子经常通过包含恶意附件或链接的网络钓鱼电子邮件分发勒索软件。这些电子邮件可能看起来合法，诱骗用户打开附件或单击链接，然后将勒索软件安装到受害者的系统上。

恶意广告：网站上的恶意广告（恶意广告）可以将用户重定向到托管分发勒索软件的漏洞利用工具包的网站。这些广告可能会出现在合法网站上，并利用用户浏览器或插件中的漏洞以静默方式安装勒索软件。

漏洞利用工具包：漏洞利用工具包是旨在利用软件漏洞的恶意代码包。网络犯罪分子使用漏洞利用工具包来感染访问受感染网站的用户，利用其浏览器或插件中的漏洞在其系统上传递和执行勒索软件。

远程桌面协议 (RDP) 攻击：攻击者可能利用远程桌面服务（如 RDP）的弱或默认凭据来获取对系统的未经授权的访问权限。一旦进入系统，他们就可以直接在受害者的网络上部署勒索软件。

驱动下载：驱动下载是指在用户访问受感染或恶意网站时，勒索软件在未经用户同意的情况下自动下载并安装到用户系统中。这通常利用用户浏览器或插件中的漏洞。

受感染的软件或文件：网络犯罪分子可能会将勒索软件伪装成可从互联网下载的合法软件或文件来分发勒索软件。不知情的用户会下载并运行这些文件，从而无意中将勒索软件安装到他们的系统中。

USB 和可移动媒体：勒索软件可以通过受感染的 USB 驱动器或其他可移动媒体传播。当用户将受感染的 USB 驱动器插入计算机时，勒索软件可能会自动执行并感染系统。

为了防止勒索软件攻击，用户应该养成良好的网络安全习惯，包括定期更新软件、使用信誉良好的防病毒软件、谨慎对待电子邮件附件和链接以及定期备份重要数据。