SchrodingerCat 勒索軟體要求 BTC 贖金

在對新文件進行例行檢查時，我們的研究團隊偶然發現了 SchrodingerCat 勒索軟體，它是 GlobeImposter 勒索軟體家族的一個變體。薛丁格貓對資料進行加密並要求付費才能解密。

經過測試，我們觀察到該勒索軟體會對檔案進行加密，並在其名稱後面附加「.schrodingercat」副檔名。例如，名為“1.jpg”的檔案在加密後將變為“1.jpg.schrodingercat”，依此類推。

加密後，SchrodingerCat 會產生一個名為「how_to_back_files.html」的勒索字條，表示它的目標是組織而不是個人使用者。該說明聲稱受害者的公司網路已被破壞，導致其儲存的文件被加密。

為了重新獲得加密資料的存取權限，受害者必須購買解密器，價格為 0.15 BTC，在撰寫本文時相當於約一萬美元。該說明建議不要涉及中間人，並鼓勵與攻擊者直接談判。

拒絕支付贖金可能會導致網路犯罪分子拍賣或洩露從網路中竊取的敏感資料。此外，犯罪分子可能會聯繫受害者的客戶，提出出售他們洩漏的資訊。

薛丁格貓的作者將自己視為企業

SchrodingerCat 勒索信全文包含大量文字，駭客稱自己為「Nacugunder Corporation」。全文如下：

YOUR PERSONAL ID

ENGLISH
YOUR CORPORATE NETWORK LOCKED!

ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.

TO RESTORE FILES YOU WILL NEED A DECRYPTOR!
To get the decryptor you should:
Pay for decrypt your network - 0.15 BTC

Buy BTC on one of these sites
hxxps://binance.com
hxxps://www.coinbase.com
Any site you trust

Bitcoin Wallet: 3Pvn*MLA5

Our contacts:
email: yourdatahelp@seznam.cz

ToxID: CA04B61C320C50D12A2C1B95B5062474B5C00B995B588D0B3781DC052CBF9A354CD10F96C84D

You can download TOXChat here : hxxps://tox.chat/download.html

The message must contain your Personal ID! it is at top of this document.

HOW IT WORKS.

If you need a decrypter or return information, please contact us directly ! The guarantee of successful deals is only a direct contact! Don't shy… It's just business for us and we are always ready for polite and mutually beneficial communication.

What's problem with intermediaries?!

Very often intermediaries take money for themselves, it looks something like this: You turn to an intermediary for help, who promises you huge discounts and professional solutions to problems. Afterwards, intermediary contacts us to conduct a decrypt test, receives decrypted files, and then asks you to transfer money to a wallet not related to us. Having received money, intermediary assures client in every possible way that he did not receive decrypter or simply disappears with money. REMEMBER! - We only have wallet that is indicated in this html (first and last 4 characters) When transferring money to any other wallet, you are not transferring it to us.

deception using various Universal Decryptors for 30% of cost or at a fixed price has become very common. With beautiful pictures or enticing videos on YouTube, where they will show you how it works "Universal Software" - which in reality does not work, but is a Trojan for stealing bitcoin or another cryptolocker, before installing something like that - test it on an isolated network computer and you can see that it is useless. Globeimposter 2.0 namely, this is what you see on your network 🙂 can't be deciphered by anything! Besides original key… only one who created Build has key!- this is us. Contact real professionals like - hxxps://www.bleepingcomputer.com/forums/, or any large anti-virus companies - - they can tell you all horror of situation.

Considering above, we reserve right to request KYC confirmation. For example, send us a message from your corporate email on behalf of Company Director or IT department. We know their original emails - since we carefully study network before work 🙂 By contacting directly, you can count on a friendly conversation, a business-like approach… and possibly a good discount (discount depends on many circumstances, size of company,size of ransom, our checks of your accounting, phase of the Moon, etc.)
WHAT HAPPENS IF YOU DON'T PAY

In case of non-payment, we organize an auction on various sites in DarkNet and try to sell files leaked from your network to interested parties.
Next, we use mail + any other contacts of your clients, and notify them of what happened, perhaps they will be interested so that information does not get into public domain and will be ready to buy out information separately.
-If there are no willing to buy, we simply publish everything that we have in the public resources.

© 2024 Nacugunder Corporation | All Rights Reserved.

像 SchrodingerCat 這樣的勒索軟體是如何分佈的？

像 SchrodingerCat 這樣的勒索軟體通常透過各種方法分發，包括：

網路釣魚電子郵件：網路犯罪分子經常透過包含惡意附件或連結的網路釣魚電子郵件來分發勒索軟體。這些電子郵件可能看起來合法，誘騙用戶打開附件或點擊鏈接，然後將勒索軟體安裝到受害者的系統上。

惡意廣告：網站上的惡意廣告（惡意廣告）可以將使用者重新導向到託管分發勒索軟體的漏洞利用工具包的網站。這些廣告可能會出現在合法網站上，並利用使用者瀏覽器或外掛程式中的漏洞以靜默方式安裝勒索軟體。

漏洞利用工具包：漏洞利用工具包是旨在利用軟體漏洞的惡意程式碼包。網路犯罪分子使用漏洞利用工具包來感染訪問受感染網站的用戶，利用其瀏覽器或外掛程式中的漏洞在其係統上傳遞和執行勒索軟體。

遠端桌面協定 (RDP) 攻擊：攻擊者可能會利用遠端桌面服務（例如 RDP）的弱憑證或預設憑證來獲得對系統的未經授權的存取。一旦進入，他們就可以將勒索軟體直接部署到受害者的網路上。

偷渡式下載：當勒索軟體在造訪受感染或惡意網站時未經使用者同意而自動下載並安裝到使用者的系統上時，就會發生偷渡式下載。這通常會利用用戶瀏覽器或插件中的漏洞。

受感染的軟體或檔案：網路犯罪分子可能透過將勒索軟體偽裝成可從網路下載的合法軟體或檔案來傳播勒索軟體。毫無戒心的用戶下載並運行這些文件，無意中在他們的系統上安裝了勒索軟體。

USB 和可移動媒體：勒索軟體可以透過受感染的 USB 隨身碟或其他可移動媒體傳播。當使用者將受感染的 USB 隨身碟插入電腦時，勒索軟體可能會自動執行並感染系統。

為了防止勒索軟體攻擊，使用者應保持良好的網路安全衛生，包括定期更新軟體、使用信譽良好的防毒軟體、謹慎對待電子郵件附件和連結以及定期備份重要資料。