【求助】中了.Rook勒索病毒,寻求大咖分析解密!
3月3日新装系统win10电脑上,有病毒。没来及得安装防护软件就中招了,主机重新格掉,移动硬盘文件还在锁定当中。希望在吾爱里有大神可以帮助解密。
锁定文件地址:https://pan.baidu.com/s/1WlF9xxHl0gm1ZM_lLZFohQ 提取码:52PJ
病毒ReadMeRook.txe信息:
-----------Welcome. Again. --------------------
[+]Whats Happen?[+]
Your files are encrypted,and currently unavailable. You can check it: all files on you computer has expansion Rook.
By the way,everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees?[+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the file capacity, please send 1 files not larger than 1M to us, and we will prove that we are capable of restoring.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data,cause just we have the private key. In practise - time is much more valuable than money.
If we find that a security vendor or law enforcement agency pretends to be you to negotiate with us, we will directly destroy the private key and no longer provide you with decryption services.
You have 3 days to contact us for negotiation. Within 3 days, we will provide a 50% discount. If the discount service is not provided for more than 3 days, the files will be leaked to our onion network. Every more than 3 days will increase the number of leaked files.
We will replace the private key every 15 days and the old private key will be deleted. Please do not contact us if it has been encrypted for more than 15 days, we can do nothing, even if God comes, there is nothing we can do.
Our mail box:
securityrook@privatemail.com
If there is no reply for a long time, please contact the following email address!
securityrook@horsefucker.org
------------------------------------------------------------------------------------------------
!!!DANGER!!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!!!!!!
YOUR PERSONAL ID: jGJzitgXU9wJoZWZ2FD3kZNmZq6n05pDl3t+59cbpwdB0qe90EqtHsT308kQnpqJ42mN9b1oUgS+VWrrmkXZf0pMoBh1RI9mMGP5TRuhB2+4AW9bhnxEL34nkg+l4EzFGMm95YFdfARjixky65GAuGKclF0L7+8PjVs96XyBngZpMctjol8x95kqmqhD0y0/DCxF60U/ZFhlmECBN5ockmi3MuuoVPkRZZMHVpXtEhA0ci+CXC1wXOpKMgvvbrbJBQdKViV9a9EcN4n6SxBjPAYz8YNUYA3yd/CqDzZOHSr3+9c2aGspsVtU66U14uPiH9FoMPKyDH7VYke3WmC7tWe48jPHj3/hsOURgzFaCgSnXWwPheXFHtokyeSNhe4UTnsxSycyPEmQPGkReXMcEi7IwG/Hk9NKYZvId8wfT+JmgcOWvu+FoFr4a8WIUTUqdQHtpZ/90QDsT1ZLLRKMb+HhTZcJh1ZIG4hnGhr2szJoWLrBR3KycIrSAU3l+39ZdNU4jHpgL7dcGS7nOaikvAxnhEvTSoVRJQKobsNNoT5w+XkZnsoGow5tivZqj6CQe3EnCoT4nVqghPEmDa7jpfsM9yXqMW5bte3Q7S3u1FURNZN6y/CEtDw7dcCOZjRUP46D7BQt5la/ClldT9ws4T19nTX9/BzAxBV0G6kPyvE=
https://www.nomoreransom.org/crypto-sheriff.php?lang=zh
https://www.52pojie.cn/forum.php?mod=viewthread&tid=1439531&highlight=%C0%D5%CB%F7
楼主试试这些看看 看360说这个无解,rook家族还是直接全盘格掉重装吧 资料不重要的话 还TM挺客气,三天内打5折 提供网页版的翻译:
您的文件已加密,目前不可用。你可以检查:你电脑上的所有文件都有扩展程序。
顺便说一句,一切都可以恢复(还原),但您需要遵循我们的指示。否则,您无法返回数据(从不)。
[+]什么保证?[+]
这只是生意。我们绝对不在乎你和你的交易,只在乎得到好处。如果我们不做我们的工作和责任,没有人会不与我们合作。这不符合我们的利益。
要检查文件容量,请发送1个不超过1M的文件给我们,我们将证明我们能够恢复。
如果你不配合我们的服务——对我们来说,这无关紧要。但是你会失去你的时间和数据,因为我们只有私钥。实际上,时间比金钱更有价值。
如果我们发现安全供应商或执法机构冒充您与我们协商,我们将直接销毁私钥,不再为您提供解密服务。
您有3天时间与我们联系洽谈。3天内,我们将提供50%的折扣。如果超过3天未提供折扣服务,文件将泄漏到我们的洋葱网络。每超过3天就会增加泄露文件的数量。
我们将每15天更换一次私钥,旧的私钥将被删除。如果加密超过15天,请不要联系我们,我们无能为力,即使上帝来了,我们也无能为力。
我们的邮箱:
securityrook@privatemail.com
如果长时间没有回复,请联系以下电子邮件地址!
securityrook@horsefucker.org
------------------------------------------------------------------------------------------------
!!!危险
不要试图自行更改文件,不要使用任何第三方软件来恢复数据或使用防病毒解决方案——这可能会损坏私钥,并因此丢失所有数据。
!!!!!!! 目前好像是无解的,只能认栽了。 上个月我也中招了,结果是全盘格式化,重装系统。
页:
[1]