楼主:
yoyoflag (新北殺人無罪)
2016-03-24 03:26:59借文章请教一下
我目前也中这个
他也宣称是RSA-4096
副档名都没变 也没什么乱码或怪字
但JPG PNG都变无法打开 连PSD档也被加密
而电脑中 所有资料夹 都出现图中的三个档案
http://imgur.com/Rzk3yFd
网址档案点进去 就如下图
http://imgur.com/MniuOzs
目前病毒已清除
(试过新画、下载一些图档 并重开机 新的档案都没被加密
所以病毒应该是顺利清干净了)
爬文后
试过用这些软件解密
CoinVaultDecryptor
decrypt_hydracrypt
TeslaDecrypter
手上也有加密前跟加密后的同个档案
一起拖到decrypt_hydracrypt上 无效
一起拖到TeslaDecrypter上 出现下图
http://imgur.com/Ha4p72F
应该也是无效的意思吧?
而系统还原 本来一直有开的
可是被加密后 系统还原变成关闭 也找不到还原点
用安全模式去看 一样也找不到还原点
请问有办法找回被消失的还原点吗? (电脑为W7)
请问这种加密 在病毒清除后 不重灌也没关系吧?
(前面说过 新建的图档 没有再被加密了 病毒应该确定清除)
我打算把被加密的图档 就先保留着
等以后看骇客会不会抓到 或者被破解....
再请问这个骇客 是否已经落网 有密码可解了呢?
最后附上他的TXT里的说法 请各位大大帮忙看
是哪一个骇客 是否为已被抓到的骇客? 谢谢
NOT YOUR LANGUAGE? USE https: //translate.google.com
What's the matter with your files?
Your data was secured using a strong encryption with RSA4096.
Use the link down below to find additional information on the encryption keys
using RSA-4096 https: //en.wikipedia.org/wiki/RSA_(cryptosystem)
What exactly that means?
It means that on a structural level your files have been transformed . You
won't be able to use , read , see or work with them anymore .
In other words they are useless , however , there is a possibility to restore
them with our help .
What exactly happened to your files ???
*** Two personal RSA-4096 keys were generated for your PC/Laptop; one key is
public, another key is private.
*** All your data and files were encrypted by the means of the public key ,
which you received over the web .
*** In order to decrypt your data and gain access to your computer you need a
private key and a decryption software, which can be found on one of our
secret servers.
What should you do next ?
There are several options for you to consider :
*** You can wait for a while until the price of a private key will raise, so
you will have to pay twice as much to access your files or
*** You can start getting BitCoins right now and get access to your data
quite fast .
In case you have valuable files , we advise you to act fast as there is no
other option rather
than paying in order to get back your data.
In order to obtain specific instructions , please access your personal
homepage by choosing one of the few addresses down below :
http: //9hrds.wolfcrap.at/43904C175AB8F57
http: //6g4ds.froekuge.com/43904C175AB8F57
http: //vewrb.italisumo.at/43904C175AB8F57
If you can't access your personal homepage or the addresses are not working,
complete the following steps:
*** Download TOR Browser -
http: //www.torproject.org/projects/torbrowser.html.en
*** Install TOR Browser and open TOR Browser
*** Insert the following link in the address bar:
k7tlx3ghr3m4n2tu.onion/43904C175AB8F57
*** Follow instructions on your screen !!!
*** *** *** *** *** *** *** IMPORTANT INFORMATION *** *** *** *** *** ***
Your personal homepages
http: //9hrds.wolfcrap.at/43904C175AB8F57
http: //6g4ds.froekuge.com/43904C175AB8F57
http: //vewrb.italisumo.at/43904C175AB8F57
Your personal homepage Tor-Browser k7tlx3ghr3m4n2tu.onion/43904C175AB8F57
Your personal ID 43904C175AB8F57