1. Home > Virus prevention >

Learning platform "brush points" tool to hide ransomware

During the special period of the epidemic, the whole people will go to the next game and insist on self-isolation to eliminate the epidemic; and in the days when they cannot go out at will, it is also a good time for everyone to learn to exercise, improve themselves, and strengthen the weak.
However, just as everyone broke the record on the learning platform "fancy check-in", the ransomware under the banner of scalping began to circulate on the Internet. Recently, 360 Security Brain detected a new ransomware virus, and named the ransomware HackedSecret ransomware based on the email address payfor_hackedsecret@protonmail.com left by the hacker in its ransom message.

According to 360 security brain analysis, it is found that although the ransomware is hidden in a software compression package, the ransomware is fake, and the ransom for encrypted files is Really, netizens who don't know the truth have been recruited. However, the majority of users do not need to worry too much. 360 Security Brain has realized the interception, detection and decryption of the ransomware for the first time.
The ransomware compression package hides the "cancer", and the ransomware self-directed and performed a limited-time "tear ticket" drama
From the 360 ​​security brain analysis data, the hacked secret ransomware compression package for the HackedSecret ransomware is decompressed. There will be as many as 60 files, which makes this software look more "complex" and more "regular".
In fact, none of these library files and resource files is a real scraping tool, not only has no practical effect, but the purpose of existence is only to confuse users to hide the ransomware. Therefore, as you can see in the figure below, among a bunch of English-named files of "Blame", the only program ".exe" with the Chinese characters "Learning" written on the icon is the hacker tried to hide it and can run independently from other files. The real body of the ransomware virus.

After the user is unfortunately recruited, a blackmail message prompt window will appear on the computer screen. 360 Security Brain analyzed the Chinese-English ransomware information, and speculated from Chinglish's Chinese-English text that the ransomware was most likely to come from the hands of Chinese people.
From the content of the ransom message, the ransomware author asked for a ransom of 0.13 Bitcoin or 11 Monero coins. If the ransom is not paid in time, it will enter a 60-minute countdown, declaring that "every hour will be 10,000 files were destroyed!". But in fact, this is just a "tear ticket" scene directed and performed by the author of the ransomware virus, and it will not really destroy the encrypted files.

The HackedSecret ransomware bluffs, 360 Safe Brain has supported decryption recovery
After further research and judgment by 360 Safe Brain, the HackedSecret ransomware itself is not complicated. , But since there are more than 200 types of target encrypted file formats, the threat should not be underestimated. From the perspective of the ransomware encryption process, the ransomware will first lock the target file after being infected with HackedSecret, and then determine whether the file size is less than 10000000 bytes (about 9.5MB), and exclude the directory where the ransomware is located or the C:\Windows directory file , It will encrypt files in other directories.

It is worth mentioning that the encryption algorithm used by the ransomware is a very common AES symmetric encryption algorithm, and even the AES key and IV vector have been built in Among the viruses, it can be seen that the ransomware virus disease is not very complicated. As soon as the HackedSecret ransomware was discovered, 360 Security Brain attacked quickly and has completed its decryption support for the ransomware. If a user accidentally gets hit, you can choose 360 ​​Decryption Master to unlock encrypted files with one key.

Although, learning to punch cards to increase the number of fans should be obtained by struggle and hard work, not by shortcuts; but "false brushing points and real blackmail" The ransomware virus directly infringes on the personal interests and data security of the majority of users, which is extremely abhorrent.
Fortunately, as the world’s largest and most effective ransomware decryption tool, 360 Decryption Master can effectively support the decryption of more than 300 ransomware viruses. Moreover, in response to the increasingly arrogant new ransomware such as HackedSecret, 360 Security Brain gives the following security recommendations:
1. Go to weishi.360.cn to download and install 360 Security Guard, and block all kinds of virus Trojans to protect computer security; br/>2. The shared folder of important information in the computer should be set to access permission control and be backed up regularly;
3. Download all kinds of software from regular channels and use software blocked by anti-virus software with caution;
4. If you are recruited, the user can immediately go to lesuobingdu.360.cn to confirm the type of ransomware, and search for and install the "360 Decryption Master" through the 360 ​​Security Guard "Functions" window, and then click "Scan Now" to restore the Encrypt files.

This article is published by www.internetweblist.com and does not represent the position of www.internetweblist.com/:http://www.internetweblist.com/Virus prevention/20293.html

Contact Us

Online consultation:click here to give a message