目前我们收集到了GlobeImposter 2.0一些特殊变种,例如后缀为*.{eamil}XX,或者为*.crypted_email等,他们有如下特征:
勒索通知文件:how_to_back_file.htm HOW_TO_RESTORE_FILES.html
邮件地址:
makbigfast@india.com
hardfoork@india.com
happydayz@india.com
happydaayz@aol.com
strongman@india.com
hiddentreasure@india.com
choclatestep@india.com
jeepdayz@aol.com
vape@india.com
vapeefiles@aol.com
fostcrypt@india.com
fostecrypt@aol.com
OMNOOMNOOM@india.com
omnoomnoomf@aol.com
trustcrypt@india.com
trustfiles@aol.com
pingy@india.com
plingyfiles@aol.com
legoo@india.com
legosfilos@aol.com
grafcrypt@india.com
graffiles@aol.com
georbushy@aol.com
plingyfiles@aol.com
fostecrypt@aol.com
fostcrypt@india.com
mixfight@india.com
mixifightfiles@aol.com
ronald_reagan@derpymail.org
colin_farel@aol.com
bentleysali@india.com
brabusDangers@india.com
unlistbusten@aol.com
illnestfirst@aol.com
makbigfast@india.com
fedovas@aol.com
uridzu@aaathats3as.com
minzeewerg@420blaze
damarles@airmail.cc
steffevendeng@post.com
yoshikada@cock.lu
zerwix@airmail.cc
secure@cock.li
加密算法:
对于小文件,全字节加密
对于大文件。比如数据库,虚拟机,仅仅加密文件头部,文件尾部有残留信息。西数科技: 司法鉴定/产品质量鉴定/检验检测/数据恢复专家. 4006184118
