Diamond (Duckcryptor) 勒索軟體
網路安全研究人員最近在調查潛在的惡意軟體風險時發現了一種稱為 Diamond Ransomware 的新威脅。與許多勒索軟體病毒一樣,這種威脅程式的主要目的是對其滲透的裝置上的資料進行加密。隨後,Diamond 勒索軟體背後的網路犯罪分子將尋求向受影響的用戶或組織勒索贖金,以換取恢復對加密資料的存取。值得注意的是,專家已經發現了一種名為Diamond Ransomware 的勒索軟體威脅。為了區分兩者,新變體也可以稱為 Duckcryptor。
在受害者的裝置上成功執行後,Diamond (Duckcryptor) 勒索軟體會啟動針對多種檔案類型的加密過程。此威脅透過附加「.[Dyamond@firemail.de].duckryptor」副檔名來修改原始檔名。例如,最初名為“1.png”的檔案將更改為“1.png.[Dyamond@firemail.de].duckryptor”,“2.pdf”將變為“2.pdf.[Dyamond@firemail.de ].duckryptor」. de].duckryptor,」等等。
加密後,勒索軟體透過更改桌面桌布並產生兩個標題為「Duckryption_info.hta」和「Duckryption_README.txt」的勒索字條來進一步改變系統。這些筆記可能包含支付贖金的說明,並可能提供網路犯罪分子的聯絡資訊。
Diamond (Duckcryptor) 勒索軟體可能造成嚴重中斷
Diamond (Duckcryptor) 勒索軟體留下的贖金字條可能具有不同的文字變體,但傳達了類似的核心訊息。他們通知受害者他們的文件已被加密,並強調恢復對資料的存取需要支付贖金,通常以比特幣加密貨幣形式支付。在滿足贖金要求之前,受害者可以選擇對最多兩個文件進行解密測試,但須遵守某些規範。
此外,這些訊息還警告不要嘗試手動解密或使用第三方解密工具,因為這些操作可能會導致不可逆轉的資料遺失。隨附的文本文件詳細說明了與向第三方來源尋求幫助相關的風險。
該領域的安全專家強調,在沒有攻擊者參與的情況下解密通常是不可行的。此外,即使受害者遵守了贖金要求,也經常無法收到承諾的解密工具。因此,他們強烈建議不要支付贖金,因為無法保證資料恢復,這樣做只會為網路犯罪分子的非法活動提供資金。
要阻止 Diamond (Duckcryptor) 勒索軟體進一步加密,必須將其從作業系統中完全移除。但是,刪除勒索軟體不會恢復已受到損害的檔案。
實施全面的安全方法以確保您的資料和設備的安全
實施全面的安全方法對於保護使用者的資料和裝置免受各種威脅至關重要。以下是有關用戶如何實現此目標的詳細指南:
- 強式身分驗證:實施複雜密碼、生物辨識身分驗證和多重身分驗證 (MFA) 等強式身分驗證措施,以防止未經授權存取任何裝置和帳戶。
- 加密:對靜態和傳輸中的私人資料進行加密,以防止未經授權的存取。加密工具和技術可用於保護儲存在裝置上、透過網路傳輸和儲存在雲端的資料。
- 定期更新和修補:使所有裝置、作業系統和軟體始終保持最新的安全修補程式和更新。定期檢查並安裝更新以解決已知漏洞並加強對潛在威脅的防禦。
- 防火牆和網路安全:在設備和網路上安裝和設定防火牆以監視和控制傳入和傳出流量。實施入侵偵測和防禦系統 (IDPS) 等網路安全措施來偵測和阻止不安全活動。
- 反惡意軟體:在所有裝置上安裝信譽良好的反惡意軟體,以偵測和移除詐騙軟體和檔案。保持安全程式的威脅定義為最新,並定期掃描裝置是否有惡意軟體。
- 安全 Wi-Fi 網路:具有強加密(例如 WPA2 或 WPA3)和唯一密碼的安全 Wi-Fi 網路。不要對 Wi-Fi 路由器和網路使用預設或容易猜到的密碼。
- 資料備份和復原:定期將重要資料和檔案備份到安全的離線儲存位置,例如雲端儲存服務或外部硬碟。檢查備份和復原程序,確保它們在發生資料遺失或安全事件時有效。
- 使用者教育與意識:教育使用者常見的安全隱患和安全運算的最佳實踐,包括如何識別網路釣魚電子郵件、規避可疑網站以及安全處理敏感資訊。
透過實施這些全面的安全措施並持續監控和更新它們,使用者可以增強資料和裝置的安全性,抵禦各種威脅。
留給 Diamond (Duckcryptor) 勒索軟體受害者的贖金字條是:
Diamond Ransomware
All your files have been EncryptedWhat Should i Do?If you want to restore them, Write us a E-mail: Dyamond@firemail.de
Include this ID on your Message: {Username}
In case of no answer in 24 hours write us to this e-mail: reopen1824@firemail.deHow can I buy bitcoins?You can buy bitcoins from all reputable sites in the world and send them to us.
Just search how to buy bitcoins on the Inter, sans-serifnet. Our suggestion is these sites.binance.com | localbitcoins.com | bybit.comWhat is your guarantee to restore files?
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us.
Its not in our Inter, sans-serifests. To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc) and low sizes(max 2 mb) we will decrypt them and send back to you. That is our guarantee.Attention!
Do not try to decrypt your data using third party software, it may cause permanent data loss.'
Diamond (Duckcryptor) 勒索軟體建立的文字檔案包含攻擊者的以下勒索資訊:
'Diamond Ransomware
Attention!! (Do not scan the files with antivirus in any case. In case of data loss, the consequences are yours) Attention!!
what happened?
All your files have been stolen and then encrypted. But don't worry, everything is safe and will be returned to you.
How can I get my files back?
You have to pay us to get the files back. We don't have bank or paypal accounts, you only have to pay us via Bitcoin.How can I buy bitcoins?
You can buy bitcoins from all reputable sites in the world and send them to us. Just search how to buy bitcoins on the internet. Our suggestion is these sites.www.binance.com/en
www.coinbase.com
www.localbitcoins.comwww.bybit.com
What is your guarantee to restore files?
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc… not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you.That is our guarantee.
How to contact with you?
If you want to restore them, Write us a E-mail: Dyamond@firemail.de
In case of no answer in 24 hours write us to this E-mail: reopen1824@firemail.de
Make sure that you send the key.txt file (saved in your desktop) in the emailHow will the payment process be after payment?
After payment, we will send you the decryption tool along with the guide and we will be with you until the last file is decrypted.
What happens if I don't pay you?
If you don't pay us, you will never have access to your files because the private key is only in our hands. This transaction is not important to us,
but it is important to you, because not only do you not have access to your files, but you also lose time. And the more time passes, the more you will lose andIf you do not pay the ransom, we will attack your computer/company again in the future.
What are your recommendations?
Never change the name of the files, if you want to manipulate the files, make sure you make a backup of them. If there is a problem with the files, we are not responsible for it.
Never work with intermediary companies, because they charge more money from you. For example, if we ask you for 50,000 dollars, they will tell you 55,000 dollars. Don't be afraid of us, just call us.
We are committed to complete the unlock after your payment.
Our suggested price is based on your ability, so don't worry about the price and send an email to make a deal.
If after sending an email and paying our admin, our admin does not unlock your files, you can share this situation with us so that we can fire the admin and unlock your files for free Telegram ID to contact support 🙁 @MB00200 ).'
