Sveiki papasakosim apie crypto virusus arba ransomware arba sifruojantis virusas. Sis virusas turi ivariu pavadinimu atmainu bet galutinis rezultatas tas pats uzkoduoti failai ir ispirka.

lockypr.JPG

 

Visa viruso eiga

 

1. Jus i pasta gaunat laiska. dazniausiai laiskas yra doc su pavadinimu invoice arba saskaita arba kolego laiskas su vardu kazkuriuo. ir dazniausiai buna prirasyta jus gavote saskaita prasome greiciau perziureti ir apmoketi.

ransomware.JPG

 kaip zmogus paspaudzia atidaryti jam gali dar ismesti lentele enable macros. ir kaip tik zmogus paspaudzia virusas isipakuoja ir pradeda veikti.

pradeda ieskotu failu 

Office/Document files (62x):

dokumentai

.123, .602, .CSV, .dif, .DOC, .docb, .docm, .docx, .DOT, .dotm, .dotx, .hwp, .mml, .odg, .odp, .ods, .odt, .otg, .otp, .ots, .ott, .pdf, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .PPT, .pptm, .pptx, .RTF, .sldm, .sldx, .slk, .stc, .std, .sti, .stw, .sxc, .sxd, .sxi, .sxm, .sxw, .txt, .uop, .uot, .wb2, .wk1, .wks, .xlc, .xlm, .XLS, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml

Scripts/Source codes (23x):

.asm, .asp, .bat, .brd, .c, .class, .cmd, .cpp, .cs, .dch, .dip, .h, .jar, .java, .js, .pas, .php, .pl, .rb, .sch, .sh, .vb, .vbs

Media files (20x):

.3g2, .3gp, .asf, .avi, .fla, .flv, .m3u, .m4u, .mid, .mkv, .mov, .mp3, .mp4, .mpeg, .mpg, .swf, .vob, .wav, .wma, .wmv

Graphic/Image files (14x):

nuotraukos 

.bmp, .cgm, .djv, .djvu, .gif, .jpeg, .jpg, .NEF, .png, .psd, .raw, .svg, .tif, .tiff

Database files (14x):

.db, .dbf, .frm, .ibd, .ldf, .mdb, .mdf, .MYD, .MYI, .odb, .onenotec2, .sql, .SQLITE3, .SQLITEDB rivile centas finvalda agnumas

Archives (11x):

.7z, .ARC, .bak, .gz, .PAQ, .rar, .tar, .bz2, .tbk, .tgz, .zip

CAD/CAM/3D files (8x):

.3dm, .3ds, .asc, .lay, .lay6, .max, .ms11, .ms11 (Security copy)

Certificates (5x):

.crt, .csr, .key, .p12, .pem

Virtual HDD (4x):

.qcow2, .vdi, .vmdk, .vmx

pastas (2x):

pst outlook windows mail

Virtual currency (1x):

wallet.dat bitcoin litecoin pinigines

 

Surades situos failus virusus iskart juos sifruoja. dazniausiai vadinimu AES sifrafimu.

https://lt.wikipedia.org/wiki/AES

raktas sugeneruojamas automatiskai kiek yra zinoma kad ta pacia diena dazniausiai toks pats.

uzsifraves duomenis virusas pasisalina  ir palieka instrukcija kaip atgauti failus su kaina. kaina nurodoma bitcoint tam kad negalima butu atrasti kuriam zmogui pervedet.

Musu labaratorija yra pastebejus kad siai dienai virusas dazniausiai paveikia kompiuterius kurie neturi antivirus bet yra pastebeta ir su antivirusais

antivirusines kurios buvo kompiuteri bet nesustabde virus

Avast

Micorsoft essensial

NOD 4 5 6 versija

Siuloma antivirusai kurie yra atparus virusam !!!

Kaspersky internet security atsisiusti cia nemokamai galioja 30 dienu

360 total security nemokama antivirusas atsiusti cia

Jeigu jau pasigavot tai antivirusas jau nepades jum atgauti duomenu.

Atgauti duomenis yra galimi keli variantai

1. kadangi virusas trina failus galima meginti atrasti kaip istrintus failus su atkurimo programa skirta istrinetiem duomenim

2. Jeigu virusas nespejo padaryti viso darbo pvz zmogus nutrauke viruso darba. galima meginti su programele 

http://www.shadowexplorer.com/downloads.html .

shadow-explorer.JPG

bet siuloma yra pasidaryti disko kopija pradziai pries bet ka darant kad poto suklydus galima kazka dar pasidaryti

 

Posektorinė kopija 1:1

Iki 1 TB 30,00 Eur + PVM
Nuo 1 iki 2 TB 50,00 Eur + PVM
Nuo 2 iki 3 TB 70,00 Eur + PVM
Nuo 3 TB ir daugiau nuo 90,00 Eur + PVM

 

3 variantas sumoketi ispirka. esama tokiu variantu kaip zmonem reikejo duomenu teko ir moketi. is patirties sumokejus gaunama 100% raktas atkuodoti failus bet ne visada 100% atsifruoja. ir duomenu atstatyti neimanoma visai

4 variantas jai nezinot ka daryti ar nenorit daryti pristatyti i artimiausiai musu skyriu ir musu profesionalus techinkai bandys jum padeti

Virusai ( Duomenu atstatymo kainos )

Paprasti virusai 20 - 50 Eur + PVM
CryptoLocker nuo 50 Eur + PVM 
CryptoWall nuo 70 Eur + PVM
Kiti virusai gadintais duomenys  nuo 100 Eur +pvm

Yra jau irankiu kurie leidzia atsifruoti duomenis nemokat pinigu siai dienai mes turim sitiem virusam sprendimus sukurtus musu labaratorijoje

777

Apocalypse

Locky

Badblock

Crypboss

Cryptinfinite

Dryptodefense

Dmalocker2

Gomasom

Harasom

Hydra

Keybtc

Lechiffre

Nemucod

Pclok

Radamant

Stampado

Tesla 1 2 3

Wildfire

Xor

Shade

Rakhni

Mp3

Bart

Crypt888

Legion

CryptXXX V1, V2, V3* {original file name}.crypt, cryp1, crypz, or 5 hexadecimal characters
CryptXXX V4, V5 {MD5 Hash}.5 hexadecimal characters
TeslaCrypt V1** {original file name}.ECC
TeslaCrypt V2** {original file name}.VVV, CCC, ZZZ, AAA, ABC, XYZ
TeslaCrypt V3 {original file name}.XXX or TTT or MP3 or MICRO
TeslaCrypt V4 File name and extension are unchanged
SNSLocker {Original file name}.RSNSLocked
AutoLocky {Original file name}.locky
BadBlock {Original file name}
777 {Original file name}.777
XORIST {Original file name}.xorist or random extension
XORBAT {Original file name}.crypted
CERBER V1 {10 random characters}.cerber
Stampado {Original file name}.locked
Nemucod {Original file name}.crypted
Chimera {Original file name}.crypt
LECHIFFRE {Original file name}.LeChiffre
MirCop Lock.{Original file name}
Bart {Original file name}.bart.zip
Apocalypse {Original file name}.encrypted, .FuckYourData, .locked, .Encryptedfile, or .SecureCrypted
Crypt888 Lock.{Original file name}
Legion {Original file name}_23-07-2016-21-27-23_$Šis el.pašto adresas yra apsaugotas nuo šiukšlių. Jums reikia įgalinti JavaScript, kad peržiūrėti jį.$.legion
Jigsaw {Original file name}.random extension
Globe/Purge

V1: {Original file name}.purge

V2: {Original file name}.{email address + random characters}

V3: Extension not fixed or file name encrypted

DXXD

V1: {Original file name}.{Original extension}dxxd

Teamxrat/Xpan

V2: {Original filename}.__xratteamLucked

Crysis

.{id}.{email address}.xtbl, crypt

DemoTool

.demoadc

PowerLocky

{Original file name}.locky 

TeleCrypt

{Original file name}

DemoTool  .demoadc
Dharma  .wallet
WannaCry (WCRY) {Original file name}.WNCRY, {Original file name}.WCRY
AES_NI Šis el.pašto adresas yra apsaugotas nuo šiukšlių. Jums reikia įgalinti JavaScript, kad peržiūrėti jį. and Šis el.pašto adresas yra apsaugotas nuo šiukšlių. Jums reikia įgalinti JavaScript, kad peržiūrėti jį.
XData {Original file name} XData
Jaff {Original file name} WLU
NemucodAES  
LambdaLocker .lambda_l0cked
Petya  

Siuo metu ieskome budu ir neturim sitiem virusam !!!

ZEPTO virusas Atsifruoti 5% duomenu siai dienai

 

 

 

 zepto.JPG

 

 

 

Fantom virusas Atsifruoti 1.8 %

 

 

fantom.JPG

 

Cerber3 Virusas atsifruoti 0.7 %

 

 cerber3.JPG

cerber 4-5

cerberus3m.JPG

Osiris 

osiris.JPG

 

 

Jeigu duomenys nera skubus bet svarbus siuloma pasilikti kopija. Dazniausiai laboratorija atranda irankius kazkur 0.5- 1 metu begyje. !!!

Atnaujinta 2017-11-15

Visi  imanomi

777, 7ev3n, 7h9r, 7zipper, 8lock8, ACCDFISA v2.0, AdamLocker, AES_KEY_GEN_ASSIST, AES-NI, Al-Namrood, Al-Namrood 2.0, Alcatraz, Alfa, Alma Locker, Alpha, AMBA, Amnesia, AnDROid, AngryDuck, Anubis, Apocalypse, Apocalypse (New Variant), ApocalypseVM, ASN1 Encoder, AutoLocky, AxCrypter, BadBlock, BadEncript, BandarChor, BankAccountSummary, Bart, Bart v2.0, BitCrypt, BitCrypt 2.0, BitCryptor, BitKangoroo, BitStak, Black Feather, Black Shades, Blocatto, BlockFile12, Booyah, BrainCrypt, Brazilian Ransomware, BTCamant, BTCWare, Bucbi, BuyUnlockCode, Cancer, Cerber, Cerber 2.0, Cerber 3.0, Cerber 4.0 / 5.0, CerberTear, Chimera, CHIP, Clouded, CockBlocker, Coin Locker, CoinVault, Comrade Circle, Conficker, Coverton, CradleCore, Cripton, Cry128, Cry9, Cryakl, CryFile, CryLocker, CrypMic, CrypMic, Crypren, Crypt0, Crypt0L0cker, Crypt38, CryptConsole, CryptFuck, CryptInfinite, CryptoDefense, CryptoDevil, CryptoFinancial, CryptoFortress, CryptoHasYou, CryptoHitman, CryptoJacky, CryptoJoker, CryptoLocker3, CryptoLockerEU, CryptoLuck, CryptoMix, CryptoMix Revenge, CryptoMix Wallet, CryptON, Crypton, CryptorBit, CryptoRoger, CryptoShield, CryptoShocker, CryptoTorLocker, CryptoViki, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0, CryptoWire, CryptXXX, CryptXXX 2.0, CryptXXX 3.0, CryptXXX 4.0, CryPy, CrySiS, CTB-Faker, CTB-Locker, Damage, DarkoderCryptor, Deadly, DEDCryptor, DeriaLock, Dharma (.dharma), Dharma (.onion), Dharma (.wallet), Digisom, DirtyDecrypt, DMA Locker, DMA Locker 3.0, DMA Locker 4.0, DMALocker Imposter, Domino, Done, DoNotChange, DXXD, DynA-Crypt, ECLR Ransomware, EdgeLocker, EduCrypt, El Polocker, EncrypTile, EncryptoJJS, Encryptor RaaS, Enigma, Enjey Crypter, EnkripsiPC, Erebus, Evil, Exotic, Extractor, Fabiansomware, Fadesoft, Fantom, FenixLocker, FindZip, FireCrypt, Flatcher3, FLKR, Flyper, FrozrLock, FS0ciety, FuckSociety, FunFact, GC47, GhostCrypt, Globe, Globe (Broken), Globe3, GlobeImposter, GlobeImposter 2.0, GOG, GoldenEye, Gomasom, GPCode, GX40, HadesLocker, HappyDayzz, Heimdall, Help50, HelpDCFile, Herbst, Hermes, Hermes 2.0, Hi Buddy!, HiddenTear, HollyCrypt, HolyCrypt, Hucky, HydraCrypt, IFN643, iRansom, Ishtar, Jack.Pot, Jaff, Jager, JapanLocker, JeepersCrypt, Jigsaw, Jigsaw (Updated), JobCrypter, JuicyLemon, Kaenlupuf, Karma, Karmen, Kasiski, KawaiiLocker, KeRanger, KeyBTC, KEYHolder, KillerLocker, KimcilWare, Kirk, Kolobo, Kostya, Kozy.Jozy, Kraken, KratosCrypt, Krider, Kriptovor, KryptoLocker, L33TAF Locker, LambdaLocker, LeChiffre, LLTP, LMAOxUS, Lock2017, Lock93, Locked-In, LockLock, Locky, Lortok, LoveServer, LowLevel04, MafiaWare, Magic, Maktub Locker, Marlboro, MarsJoke, Matrix, Maykolin, Meteoritan, Mikoyan, MirCop, MireWare, Mischa, MNS CryptoLocker, Mobef, MOTD, MRCR1, n1n1n1, NanoLocker, NCrypt, NegozI, Nemucod, Nemucod-7z, Netix, NewHT, Nhtnwcuf, NM4, NMoreira, NMoreira 2.0, NotAHero, Nuke, NullByte, NxRansomware, ODCODC, OpenToYou, OzozaLocker, PadCrypt, PayDay, PaySafeGen, PClock, PClock (Updated), PEC 2017, Philadelphia, Pickles, PopCornTime, Potato, PowerLocky, PowerShell Locker, PowerWare, Pr0tector, PrincessLocker, PrincessLocker 2.0, Project34, Protected Ransomware, PshCrypt, PyL33T, R980, RAA-SEP, Radamant, Radamant v2.1, RanRan, Rans0mLocked, RansomCuck, RansomPlus, RarVault, Razy, REKTLocker, RemindMe, RenLocker, RensenWare, Roga, Rokku, RoshaLock, RotorCrypt, Roza, RSAUtil, Ruby, Russian EDA2, SADStory, Sage 2.0, Salsa, SamSam, Sanction, Sanctions, Satan, Satana, SerbRansom, Serpent, ShellLocker, Shigo, ShinoLocker, Shujin, Simple_Encoder, Smrss32, SNSLocker, Spora, Sport, SQ_, Stampado, Stupid Ransomware, SuperCrypt, Surprise, SZFLocker, Team XRat, Telecrypt, TeslaCrypt 0.x, TeslaCrypt 2.x, TeslaCrypt 3.0, TeslaCrypt 4.0, TowerWeb, ToxCrypt, Trojan.Encoder.6491, Troldesh / Shade, TrueCrypter, TrumpLocker, UCCU, UIWIX, Ukash, UmbreCrypt, UnblockUPC, Ungluk, Unknown Crypted, Unknown Lock, Unknown XTBL, Unlock26, Unlock92, Unlock92 2.0, UserFilesLocker, USR0, Uyari, V8Locker, VaultCrypt, vCrypt, VenisRansomware, VenusLocker, VindowsLocker, Vortex, VxLock, WannaCryptor, WildFire Locker, Winnix Cryptor, WinRarer, WonderCrypter, X Locker 5.0, XCrypt, Xorist, Xort, XRTN, XTP Locker 5.0, XYZWare, YouAreFucked, YourRansom, zCrypt, Zekwacrypt, ZeroCrypt, ZimbraCryptor, ZinoCrypt, ZipLocker, Zyklon, Wanna Cry, AES-NI, XData, NemucodAES, LambdaLocker, Petya