信件样本:
文件名字:CRAB-DECRYPT.txt
中毒特征:所有文件添加一个扩展名:.CRAB
文件内容:
---= GANDCRAB V3 =---
Attention!
All your files documents, photos, databases and other important files are encrypted and have the extension: .CRAB
The only method of recovering files is to purchase a private key. It is on our server and only we can recover your files.
The server with your key is in a closed network TOR. You can get there by the following ways:
0. Download Tor browser - https://www.torproject.org/
1. Install Tor browser
2. Open Tor Browser
3. Open link in TOR browser: http://gandcrab2pie73et.onion/f204fd37566af699
4. Follow the instructions on this page
On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.
The alternative way to contact us is to use Jabber messanger. Read how to:
0. Download Psi-Plus Jabber Client: https://psi-im.org/download/
1. Register new account: http://sj.ms/register.php
0) Enter "username": f204fd37566af699
1) Enter "password": your password
2. Add new account in Psi
3. Add and write Jabber ID: ransomware@sj.ms any message
4. Follow instruction bot
ATTENTION!
It is a bot! It's fully automated artificial system without human control!
To contact us use TOR links. We can provide you all required proofs of decryption availibility anytime. We are open to conversations.
You can read instructions how to install and use jabber here http://www.sfu.ca/jabber/Psi_Jabber_PC.pdf
CAUGHTION!
Do not try to modify files or use your own private key. This will result in the loss of your data forever!
加密算法:
全字节加密,不是仅仅加密一部分,不论文件的大小,均采用一个算法。
解密研究:
研究中...