客戶文件被添加“.Globeimposter-Alpha865qqz”及“.638-388-C32”后綴

客戶一案例分析

該客戶兩臺服務器中數據被添加異常后綴 ".Globeimposter-Alpha865qqz"，顯示如下：

Your personal ID

略去

⬇ To decrypt, follow theinstructions below.⬇

To recover data you need decrypt tool.
To get the decrypt tool you should:

Send 1 crypted test image or text file or document to China.Helper@aol.comIn the letter include your personal ID (look at thebeginning of this document). Send me this ID in your first email to me.
We will give you free test for decrypt few files (NOT VALUE) and assign theprice for decryption all files.
After we send you instruction how to pay for decrypt tool and after payment youwill receive a decrypt tool and instructions how to use it We can decrypt fewfiles in quality the evidence that we have the decoder.

MOST IMPORTANT!!!

Do not contact other services that promise to decryptyour files, this is fraud on their part! They will buy a decoder from us, andyou will pay more for his services. No one, except China.Helper@aol.com, will decrypt your files.

• Only China.Helper@aol.com can     decrypt your files

• Do not trust anyone besides China.Helper@aol.com

• Antivirus programs can delete this document and     you can not contact us later.

• Attempts to self-decrypting files will result in     the loss of your data

• Decoders other users are not compatible with your     data, because each user's unique encryption key 

客戶二案例分析

該客戶服務器中文件被添加后綴 ".638-388-C32"，顯示如下：

勒索信息如下：

勒索軟件重裝上陣，并且顯露出雙重的勒索傾向：竊取并威脅泄露企業敏感信息；加密并威脅泄露企業珍貴數據。企業需采取積極應對措施，從兩個方面著手，避免遭受勒索病毒攻擊：加強網絡安全建設；制定并實施完善的災備策略，保存定期離線備份。

保存定期離線備份是防范勒索病毒的終極方案

總會有意外的事件發生。防止永久數據丟失的唯一真正保障是離線的備份。企業應定期創建備份，以跟上系統的任何重要更改。并且確保在某個備份受到惡意軟件感染時，可以選擇一個干凈的未被感染的時間段。

鴻萌易備數據備份軟件提供主動防勒索病毒的備份保護機制。支持系統、數據庫、虛擬機以及 Exchange 郵件服務器的備份。支持定期備份以及熱備份。支持詳盡的備份時間計劃。支持多種備份目標位置（本地磁盤、磁帶、NAS、云服務等）。