崛起勒索軟體

在當今的數位時代，保護設備免受惡意軟體威脅至關重要。勒索軟體等惡意軟體可能對個人和組織造成毀滅性影響，導致重大資料遺失、財務損失和營運中斷。該領域的最新威脅之一是 Risen Ransomware，這是一種威脅軟體，它會加密用戶的檔案並要求支付贖金才能恢復。了解 Risen 勒索軟體的運作方式以及如何防範此類威脅對於維護網路安全至關重要。

Risen 勒索軟體概述

Risen 勒索軟體是由網路安全研究人員發現的，他們確定了其獨特的特徵和操作方法。感染系統後，Risen 會加密檔案並透過將電子郵件地址和使用者 ID 附加到檔案的副檔名來重新命名它們。例如，“1.png”重新命名為“1.png.Default@firemail.de].E86EQNTPTT”，“2.pdf”變成“2.pdf.Default@firemail.de].E86EQNTPTT”。

勒索信和威脅

Risen 勒索軟體會建立兩個勒索字條：「$Risen_Note.txt」和「$Risen_Guide.hta」。此外，它還會更改桌面桌布並在預先登入畫面上顯示一則訊息，以確保受害者意識到漏洞。勒索信聲稱，由於安全缺陷，攻擊者已經滲透到受害者的整個網絡，並使用強大的演算法對所有文件進行了加密。他們還聲稱，文件、圖像、工程數據、會計資訊和客戶詳細資訊等關鍵數據已被盜。

勒索策略

勒索信威脅說，如果受害者在未指定的期限內不合作，攻擊者將洩露或出售收集到的資料。這些註釋指出，備份也已加密並且無法訪問，這意味著恢復檔案的唯一方法是透過攻擊者提供的特定解密工具。受害者最多可以發送三個測試檔案以進行免費解密，並且必須使用提供的電子郵件地址（default1@tutamail.com 和 default@firemail.de）聯繫攻擊者，並在主題行中包含其電腦 ID。如果 72 小時內沒有回复，受害者會被告知透過提供的 TOR 部落格聯繫攻擊者。

支付贖金的風險

儘管攻擊者做出了承諾，人們還是非常不鼓勵支付贖金。被欺騙的風險很大，因為攻擊者即使在付款後也可能不會提供解密工具。此外，勒索軟體在保持活動狀態時可以繼續加密檔案並在整個網路中傳播，從而造成進一步的損害。

防止勒索軟體感染的安全措施

防範像 Risen 這樣的勒索軟體需要採取多方面的方法。以下是用戶應實施的一些關鍵安全措施：

• 定期備份：定期設定重要資料的備份，並確保備份離線儲存或儲存在安全的基於雲端的解決方案中。這可確保在遭受攻擊時資料恢復。
• 更新的軟體：保留所有軟體，包括應用程式和作業系統，並使用最新的安全性修補程式進行升級，以消除勒索軟體可以利用的漏洞。
• 強大的反惡意軟體：使用信譽良好的反惡意軟體解決方案來揭露和阻止勒索軟體，以免造成損害。確保定期更新這些工具。
• 電子郵件和網頁過濾：實施電子郵件和網頁過濾解決方案，以阻止可能傳播勒索軟體負載的詐騙電子郵件和網站。
• 使用者培訓：教育使用者了解勒索軟體的危險和安全線上做法。強調不要開啟可疑電子郵件附件或點擊未知連結的重要性。
• 網路分段：將網路分段以規範勒索軟體的傳播。這可以幫助遏制感染並防止其影響整個網路。
• 存取控制：實施嚴格的存取控制以限制使用者權限並阻止對敏感資料和系統的未經授權的存取。

Risen 勒索軟體是網路威脅領域的重大威脅。了解其操作以及主動安全措施的重要性有助於降低感染風險。透過實施強大的網路安全實踐，使用者可以保護其資料和網路免受勒索軟體的破壞性影響。

Risen 勒索軟體受害者留下的贖金字條上的文字是：

'All Your Important Files Have Been Encrypted
NOTE
We have also taken your critical documents and files from different parts of your network, which we will leak or sell if there is no cooperation from your side.

Our operators have been monitoring your business for a while, when we say these documents are critical, we mean it.
We await for your response before the deadline ends, After that we will continue the process of leaking or selling your documents.
We assure you that this won't happen if you cooperate with us.
CONTACT US
For more instructions, to save your files and your business, contact us by :
Email address :Default@firemail.de
didn't get any response in 24 hours ? use : default1@tutamail.com

Leave subject as your machine id "-"
If you didn't get any respond within 72 hours use our Tor blog to contact us, therefore we can create another way for you to contact your cryptor as soon as possible.

ATTENTION
Do not rename or change info of any file, in case of any changes in files after encryption there is a huge risk for making it unusable
Do not pay any amount of money before receiving decrypted test files
there might be many middle man services out there whom will contact us for your case and they will make a profit adding a sort of money to the fixed price
any attempts for decrypting your files through third party softwares will cause permanent damage to following files and permanent data loss
there will be a deadline until your data get sold or leaked by our team,you better corporate with us before the following deadline otherwise we will proceed to sell or leak your data without any past warnings'

Risen 勒索軟體產生的文字檔案包含來自攻擊者的以下訊息：

'RisenNote :

Read this text file carefully.

We have penetrated your whole network due some critical security issues.

We have encrypted all of your files on each host in the network within strong algorithm.

We have also Took your critical data such as docs, images, engineering data, accounting data, customers and …
And trust me, we exactly know what should we collect in case of NO corporation until the end of the deadline we WILL leak or sell your data, the only way to stop this process is successful corporation.

We have monitored your Backup plans for a whileand they are completely out of access(encrypted)

The only situation for recovering your files is our decryptor, there are many middle man services out there whom will contact us for your caseand add an amount of money on the FIXED price that we gave to them, so be aware of them.

Remember, you can send Upto 3 test files for decrypting, before making payment, we highly recommend to get test files to prevent possible scams.

In order to contact us you can either use following email :

Email address : Default@firemail.de

Or If you weren't able to contact us whitin 24 hours please Email : default1@tutamail.com

Leave subject as your machine id :

If you didn't get any respond within 72 hours use our blog to contact us,
therefore we can create another way for you to contact your cryptor as soon as possible.
TOR BLOG :'