【家族名】
Win32/Ransom.G-Stars
[平臺]? ?/? ?[主類型]??.??[家族名]
平臺類型 :??Win32 Win64
威脅類型 : Ransom
【是否支持解密】
360解密大師：暫不支持
在線解密：暫不支持
【被加密文件】
被加密文件后綴格式： 修改文件后綴為[XXXXXXXX].G-Stars

【勒索提示信息】：
文件名：WE CAN RECOVER YOUR DATA.txt
文件內容 ：
-------------------------------------------------------------------------------
Hello my dear friend
Your data is encrypted
Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted
The only method of recovering files is to purchase decrypt tool and unique key for you.
If you want to recover your files, write us to this e-mail:?Rdp_backup@tutanota.com
In case of no answer in 24 hours write us to this backup e-mail:?rdp.backup@techmail.info
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
Contact us soon, because those who don't have their data leaked in our press release blog and the price they'll have to pay will go up significantly.
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software - it may cause permanent data loss.
We are always ready to cooperate and find the best way to solve your problem.
The faster you write - the more favorable conditions will be for you.
Our company values its reputation. We give all guarantees of your files decryption.
Sensitive data on your system was DOWNLOADED.
If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly.
Data includes:
- Employees personal data, CVs, DL, SSN.
- Complete network map including credentials for local and remote services.
- Private financial information including: clients data, bills, budgets, annual reports, bank statements.
- Manufacturing documents including: datagrams, schemas, drawings in solidworks format
- And more...
-------------------------------------------------------------------------------
【防護建議】
1.多臺機器，不要使用相同的賬號和口令
2.登錄口令要有足夠的長度和復雜性，并定期更換登錄口令
3.重要資料的共享文件夾應設置訪問權限控制，并進行定期備份
4.定期檢測系統(tǒng)和軟件中的安全漏洞，及時打上補丁。
5.定期到服務器檢查是否存在異常。查看范圍包括：
a)是否有新增賬戶
b) Guest是否被啟用
c) Windows系統(tǒng)日志是否存在異常
d)殺毒軟件是否存在異常攔截情況
6.安裝安全防護軟件，并確保其正常運行。
7.從正規(guī)渠道下載安裝軟件。
8.對不熟悉的軟件，如果已經被殺毒軟件攔截查殺，不要添加信任繼續(xù)運行。

轉載于360社區(qū)：

G-Starts勒索軟件家族詳情

https://bbs.#/thread-16075444-1-1.html