复活的勒索软件

在当今的数字时代，保护设备免受恶意软件威胁至关重要。勒索软件等恶意软件会对个人和组织造成毁灭性的影响，导致大量数据丢失、财务损失和运营中断。该领域的最新威胁之一是 Risen Ransomware，这是一种威胁性软件，它会加密用户的文件并要求支付赎金才能恢复文件。了解 Risen Ransomware 的运作方式以及如何防范此类威胁对于维护网络安全至关重要。

崛起的勒索软件概述

网络安全研究人员发现了 Risen 勒索软件，并确定了其独特的特征和操作方法。感染系统后，Risen 会加密文件并通过在其扩展名后附加电子邮件地址和用户 ID 来重命名文件。例如，“1.png”重命名为“1.png.Default@firemail.de].E86EQNTPTT”，而“2.pdf”则变为“2.pdf.Default@firemail.de].E86EQNTPTT”。

勒索信和威胁

Risen 勒索软件创建了两个勒索信：“$Risen_Note.txt”和“$Risen_Guide.hta”。此外，它还会更改桌面壁纸并在登录前屏幕上显示一条消息，确保受害者知道有漏洞。勒索信声称攻击者利用安全漏洞入侵了受害者的整个网络，并使用强算法加密了所有文件。他们还声称，文档、图像、工程数据、会计信息和客户详细信息等关键数据已被盗。

敲诈勒索手段

勒索信威胁称，如果受害者在未指定的期限内不合作，攻击者将泄露或出售收集的数据。信中指出，备份也已加密，无法访问，这意味着恢复文件的唯一方法是通过攻击者提供的特定解密工具。受害者最多可以发送三个测试文件进行免费解密，并且必须使用提供的电子邮件地址 default1@tutamail.com 和 default@firemail.de 联系攻击者，并在主题行中注明他们的机器 ID。如果 72 小时内没有回复，受害者将被告知通过提供的 TOR 博客联系攻击者。

支付赎金的风险

尽管攻击者承诺会支付赎金，但强烈建议不要这样做。被骗的风险很大，因为即使付款后攻击者也可能不会提供解密工具。此外，勒索软件在活跃期间可以继续加密文件并在整个网络中传播，造成进一步的损害。

预防勒索软件感染的安全措施

防范 Risen 等勒索软件需要采取多方面措施。以下是用户应实施的一些关键安全措施：

• 定期备份：定期备份重要数据，并确保备份以离线方式存储或存储在安全的云解决方案中。这可确保在遭受攻击时能够恢复数据。
• 更新的软件：保留所有软件，包括应用程序和操作系统，并使用最新的安全补丁进行升级，以消除勒索软件可以利用的漏洞。
• 强大的反恶意软件：使用信誉良好的反恶意软件解决方案，在勒索软件造成危害之前发现并阻止它。确保这些工具定期更新。
• 电子邮件和网络过滤：实施电子邮件和网络过滤解决方案，以阻止可能传递勒索软件负载的欺诈性电子邮件和网站。
• 用户培训：教育用户了解勒索软件的危害以及安全的在线行为。强调不要打开可疑的电子邮件附件或点击未知链接的重要性。
• 网络分段：对网络进行分段以控制勒索软件的传播。这有助于控制感染并防止其影响整个网络。
• 访问控制：实施严格的访问控制以限制用户权限并阻止对敏感数据和系统的未经授权的访问。

Risen 勒索软件是网络威胁领域中的一个重要威胁。了解其运作方式和主动安全程序的重要性有助于降低感染风险。通过实施强大的网络安全措施，用户可以保护其数据和网络免受勒索软件的破坏性影响。

留给 Risen Ransomware 受害者的勒索信上的文字是：

'All Your Important Files Have Been Encrypted
NOTE
We have also taken your critical documents and files from different parts of your network, which we will leak or sell if there is no cooperation from your side.

Our operators have been monitoring your business for a while, when we say these documents are critical, we mean it.
We await for your response before the deadline ends, After that we will continue the process of leaking or selling your documents.
We assure you that this won't happen if you cooperate with us.
CONTACT US
For more instructions, to save your files and your business, contact us by :
Email address :Default@firemail.de
didn't get any response in 24 hours ? use : default1@tutamail.com

Leave subject as your machine id "-"
If you didn't get any respond within 72 hours use our Tor blog to contact us, therefore we can create another way for you to contact your cryptor as soon as possible.

ATTENTION
Do not rename or change info of any file, in case of any changes in files after encryption there is a huge risk for making it unusable
Do not pay any amount of money before receiving decrypted test files
there might be many middle man services out there whom will contact us for your case and they will make a profit adding a sort of money to the fixed price
any attempts for decrypting your files through third party softwares will cause permanent damage to following files and permanent data loss
there will be a deadline until your data get sold or leaked by our team,you better corporate with us before the following deadline otherwise we will proceed to sell or leak your data without any past warnings'

Risen Ransomware 生成的文本文件包含来自攻击者的以下消息：

'RisenNote :

Read this text file carefully.

We have penetrated your whole network due some critical security issues.

We have encrypted all of your files on each host in the network within strong algorithm.

We have also Took your critical data such as docs, images, engineering data, accounting data, customers and …
And trust me, we exactly know what should we collect in case of NO corporation until the end of the deadline we WILL leak or sell your data, the only way to stop this process is successful corporation.

We have monitored your Backup plans for a whileand they are completely out of access(encrypted)

The only situation for recovering your files is our decryptor, there are many middle man services out there whom will contact us for your caseand add an amount of money on the FIXED price that we gave to them, so be aware of them.

Remember, you can send Upto 3 test files for decrypting, before making payment, we highly recommend to get test files to prevent possible scams.

In order to contact us you can either use following email :

Email address : Default@firemail.de

Or If you weren't able to contact us whitin 24 hours please Email : default1@tutamail.com

Leave subject as your machine id :

If you didn't get any respond within 72 hours use our blog to contact us,
therefore we can create another way for you to contact your cryptor as soon as possible.
TOR BLOG :'