過去自己架設網站,通常都會把機器對外(初學者方式)
單純靠軟體防火牆,以前的話可能都還好,放幾個月可能都不會有事情
但現在放個1~3天就會出大事了!
這次出事就是被勒索病毒攻擊,其實中毒前一天,硬碟就轉得非常厲害
其實我應該要有意識到是不是中毒,病毒在掃我們的電腦檔案
基本上他應該已經在把所有檔案加密中
最後桌面丟一個勒索信,點開看如下
+README-WARNING+.txt
::: Greetings :::
Little FAQ:
.1.
Q: Whats Happen?
A: Your files have been encrypted. The file structure was not damaged, we did everything possible so that this could not happen.
.2.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay us.
.3.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities – nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc… not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.
.4.
Q: How to contact with you?
A: You can write us to our mailbox: [email protected]
.5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.
.6.
Q: If I don’t want to pay bad people like you?
A: If you will not cooperate with our service – for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice – time is much more valuable than money.
:::BEWARE:::
DON’T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions – please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.
好在我伺服器剛重灌完,完全沒有什麼重要檔案
原本只是想測試看看,沒想到硬體防火牆還有反向代理都還沒阻擋
不到3天就被攻擊,紀念一下分享一下勒索信內容