【数据恢复案例】.[[email protected]].eking新型变种勒索病毒
目录
一、什么是 .[[email protected]].eking 勒索病毒?
二、中了 .[[email protected]].eking 后缀勒索病毒文件怎么恢复?
三、恢复案例介绍:
1. 被加密数据情况
2. 数据恢复完成情况
3. 数据恢复工期
系统安全防护措施建议:
一、什么是 .[[email protected]].eking 勒索病毒?
.[[email protected]].eking 属于 Phobos 勒索病毒家族,已传播2,3年了。它加密文件、重命名文件并生成许多勒索消息。
.[[email protected]].eking 勒索软件以某种方式入侵进入计算机后,会更改Windows注册表、删除卷影副本、打开/写入/复制系统文件、生成后台运行的进程、加载各种模块等。
.[[email protected]].eking 勒索病毒将扫描您的计算机以查找图像、视频以及重要的生产力文档和文件,例如 .doc、.docx、.xls、.pdf。当检测到这些文件时,勒索软件会对它们进行加密并将其扩展名更改为“[XXXXXX].[[email protected]].eking ”,这样您就无法再打开它们。
.[[email protected]].eking 勒索病毒是如何传播感染的?
经过分析多家公司感染勒索病毒后的机器环境及系统日志判断,勒索病毒基本上是通过以下几种方式入侵,请大家可逐一了解并检查以下防范入侵方式,毕竟事前预防比事后恢复容易的多。
远程桌面口令爆破
关闭远程桌面,或者修改默认用户administrator
共享设置
检查是否只有共享出去的文件被加密。
第三方账户
检查是否有软件厂商提供固定密码的账户或安装该软件会新增账户。包括远程桌面、数据库等涉及到口令的软件。
软件漏洞
根据系统环境,针对性进行排查,例如常见被攻击环境Java、通达 OA、致远 OA 等。查 web 日志、排查域控与设备补丁情况等。
二、中了 .[[email protected]].eking 后缀勒索病毒文件怎么恢复?
此后缀病毒文件由于加密算法的原因,每台感染的电脑服务器文件都不一样,需要独立检测与分析加密文件的病毒特征与加密情况,才能确定最适合的恢复方案。
三、恢复案例介绍:
1. 被加密数据情况
一台服务器,被加密的文件数据量约370万个,数据量大约6T+,数据量比较庞大。
2. 数据恢复完成情况
数据完成恢复,370万+个文件,全部文件均已恢复,恢复率等于100%。恢复完成的文件均可以正常打开及使用。
3. 数据恢复工期
恢复工期:
一台服务器,我们团队在收到客户当天下单立即开始执行恢复施工,由于数据量比较庞大,最终于第四天上午完成了全部数据的恢复,耗时四天。
系统安全防护措施建议:
1.多台机器,不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性,并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制,并进行定期备份
4.定期检测系统和软件中的安全漏洞,及时打上补丁。
5.定期到服务器检查是否存在异常。
6.安装安全防护软件,并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件,如果已经被杀毒软件拦截查杀,不要添加信任继续运行。
9.保存良好的备份习惯,尽量做到每日备份,异地备份。
经过我们整理发现,目前市面上的.eking病毒类型有上百种变种,与该病毒同类的后缀病毒还有以下各种后缀,都是同一个病毒家族的均可以恢复处理:
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
.[[email protected]].eking
[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、mmmjjjtoptip@cock。李,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected], [email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、digistart@ protonmail.com, [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], DECRYPTUNKNOWN@Protonmail。 com, [email protected], [email protected], ICQ@fartwetsquirrel,[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、clearcom@ protonmail.com, [email protected], [email protected], [email protected], [email protected], [email protected], yoursjollyroger@cock, [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], rodrigos@ keemail.me, [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], davidshelper@protonmail。 com, [email protected], [email protected], [email protected],[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected],[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、 [email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、 [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], rody_218 @ protonmail.com、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、decrypt20@firemail。抄送,[email protected],[email protected],[email protected],[email protected],[email protected],ransomsophos @ tutanota。com, [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], infoback@ mail.ee、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、sdjhf4df@potronmail。 com, [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、jackkarter@ gmx.com, [email protected], [email protected], [email protected], [email protected],[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], help4dec@ cock.li,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],sharm777@protonmail。 com,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],unlocker@ firemail.cc、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、958f895@tutanota。 com,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],夫人。[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected],[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、[email protected]、gener888@ cock.li, [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], phobos@criptext。 com, [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]