恢复Sodinokibi勒索病毒Welcome. Again/-readme.txt成功恢复sql文

Sodinokibi勒索病毒已经强势登陆国内网络，安全形势不容乐观，如何防御Sodinokibi勒索病毒的***，是关键！
这种病毒类似于GANDCrab，中毒后，文件后缀会被篡改，随机生成5-10个字母+数字的组合，并带有一封-readme.txt的勒索信件。
---=== Welcome. Again. ===---

[+] Whats Happen? [+]

Your files are encrypted, and currently unavailable. You can check it: all files on you computer has expansion 8z0hw87.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).

[+] What guarantees? [+]

Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.

[+] How to get access on website? [+]

You have two ways:

1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/
b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/8B6B973FAE68452C

2) If TOR blocked in your country, try to use ×××! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decryptor.top/8B6B973FAE68452C

根据国外安全研究团队的披露，***者传播Sodinokibi勒索软件的方式，往往是通过Oracle WebLogic Server中的反序列化漏洞（CVE-2019-2725），而经过我们现场取证，发现此次***是通过爆破3389端口来进行传播的。

安全建议：
1、服务器暂时关闭不必要的端口（如135、139、445）
2、下载并更新Windows系统补丁，及时修复永恒之蓝系列漏洞
XP、Windows Server 2003、win8等系统访问：
Win7、win8.1、Windows Server 2008、Windows 10, Windows Server 2016等系统访问：
3、定期对服务器进行加固，尽早修复服务器相关组件安全漏洞，安装服务器端的安全软件
4、服务器Tomcat后台登录、SSH登录使用高强度密码，切勿使用弱口令，防止***暴力破解
5、使用安全软件拦截可能的病毒***

转载于:https://blog.51cto.com/14082223/2397658