NAS中了勒索病毒 后缀为.encrypt
本帖最后由 qyqyyqyq 于 2019-7-31 14:13 编辑赎金已付,给的解密钥匙无法解密,LINUX命令行运行到一半会报错,交涉后要求额外支付0.05BTC,遂拒绝。请问有大佬研究研究吗?
报错信息:
另:在外网查找相关勒索病毒信息后,看见了以下回复
目前尚未联系到此人。
外网网址:https://www.bleepingcomputer.com/news/security/new-ech0raix-ransomware-brute-forces-qnap-nas-devices/#cid12783 需FQ,有关于该勒索病毒的一些情况,都是代码。
另:在外网某一论坛发现以下流程
For those interested in paying here is the process it took me a full week and I needed a lot of help from my son who is a very intelligent software engineer:Preprocess (Bitcoin and Tor Browser)1. Download a Tor Browers (This is a secure browser that is anonymous and required to view the Ransomeware peoples website)2. Copy in the link from your README_FOR_DECRYPT.TXT)3. Find out how much they are asking for in Bitcoin 4. Buy Bitcoin4.1 Open a Bitcoin Exchange Account (Try Coinbase, it seems good)4.2 Figure out how to change $$ into Bitcoin (I had to use a Bitcoin ATM try coinradar.com) 4.3 Buy enough bitcoin to cover both the ransom and the fees to exchange4.4 Get a Bitcoin wallet if not part of the Bitcoin Exchange Account5. Transfer Bitcoin to Ransomware people6 Wait for a day7. Download Decyptorusing Tor browser at the same address as above (There is a link at the bottom of the window in the Tor Browser that says check payment and get decryptor)
Decryption Process (you need to know a bit about ssh and linux to do this as I haven't included the syntax)
[*]Download Decryptor
[*]Unzip Decryptor (QNAP runs linux so use that one)
[*]Move Decryptor to Folder on QNAP ( share/Container) – I did this with the Web GUI but could be done in Terminal or Command Window
[*]Open Terminal or Command Window
[*]Use ssh protocal to run commands in QNAP
[*]Change directory to folder where Decyptor is located ( /share/Container)
[*]Run chmod to set permissions
[*]Run decryptor on each folder.
[*]I tried to run on all data folder but timed out and had to keep restarting in the folder where it timed out.
[*]Check to make sure all files are decrypted
[*]Backup to another drive
据反馈100%解密
另:https://www.bleepingcomputer.com/forums/t/617854/qnap-nas-encrypt-ech0raix-ransomware-encrypt-support-topic/ 这里有关于该勒索病毒的一些讨论信息,并附有相关解密软件,目前尚未测试是否可行 下载后,解压归档文件并将解密器_Linux*文件上载到您的NAS。上传后,在终端中运行命令:chmod +x ./decryptor_linux && ./decryptor_linux。或者将加密文件复制到另一个设备,并使用start directory参数启动解密程序。Linux中的示例:chmod +x ./decryptor_linux* && ./decryptor_linux* -s /destination/dir。星型符号替换为处理器体系结构(x86,x64,arm,etc)。在解密之前,请确保至少有1-2 GB的可用空间。
下载附件扣了2CB。建议贴出报错信息。也有可能是骗人的。。。 有钱人,你交赎金时候没让黑客解密几个验证啊 shaokui123 发表于 2019-7-31 11:13
有钱人,你交赎金时候没让黑客解密几个验证啊
验证过了才交的...确实能解 专门骗你这种人,给了第二次还有第三次、第四次。 解密之前验证过能解?那就是故意骗你的 1062807258wang 发表于 2019-7-31 12:26
下载后,解压归档文件并将解密器_Linux*文件上载到您的NAS。上传后,在终端中运行命令:chmod +x ./decrypt ...
稍等,我将报错信息贴上来,谢谢您 qyqyyqyq 发表于 2019-7-31 11:22
验证过了才交的...确实能解
那你就是中了套路了,报警吧,唯一出路,如果网上各位大神能解开的话黑客就不会放毒了,记住,黑客就是最坏的大神 1062807258wang 发表于 2019-7-31 12:26
下载后,解压归档文件并将解密器_Linux*文件上载到您的NAS。上传后,在终端中运行命令:chmod +x ./decrypt ...
报错信息已更新 shaokui123 发表于 2019-7-31 12:53
那你就是中了套路了,报警吧,唯一出路,如果网上各位大神能解开的话黑客就不会放毒了,记住,黑客就是最 ...
我在付款后联系黑客,更新了下载密匙的页面,后用密匙解密发现有一部分能解密,详见帖子里的图,我看不懂代码,猜的。解密到一半报错,后询问黑客,答复等2-3小时,他修复密匙,后提出需额外0.05BTC,交涉了一礼拜,无果。