Ransomware: Octocrypt, AXLocker e Alice – Novas Ameaças

Postado por

Wesley

novembro 23, 2022

Ativar novembro 23, 2022

[fusion_builder_container type=”flex” hundred_percent=”no” hundred_percent_height=”no” hundred_percent_height_scroll=”no” align_content=”stretch” flex_align_items=”center” flex_justify_content=”flex-start” hundred_percent_height_center_content=”yes” equal_height_columns=”no” container_tag=”div” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” status=”published” border_style=”solid” box_shadow=”no” box_shadow_blur=”10″ box_shadow_spread=”17″ gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” enable_mobile=”no” parallax_speed=”0.3″ background_blend_mode=”none” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” pattern_bg=”none” pattern_bg_style=”default” pattern_bg_opacity=”100″ pattern_bg_blend_mode=”normal” mask_bg=”none” mask_bg_style=”default” mask_bg_opacity=”100″ mask_bg_transform=”left” mask_bg_blend_mode=”normal” absolute=”off” absolute_devices=”small,medium,large” sticky=”off” sticky_devices=”small-visibility,medium-visibility,large-visibility” sticky_transition_offset=”0″ scroll_offset=”0″ animation_direction=”left” animation_speed=”0.3″ filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ background_color=”#ffffff” box_shadow_horizontal=”5px” box_shadow_color=”rgba(0,0,0,0.37)” padding_top=”20px” padding_bottom=”20px” margin_bottom=”30px” margin_top=”-20px” border_sizes_bottom=”1px”][fusion_builder_row][fusion_builder_column type=”3_4″ type=”3_4″ layout=”3_4″ align_self=”center” content_layout=”column” align_content=”center” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” column_tag=”div” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ margin_bottom=”0px” hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ z_index_subgroup=”regular” background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ lazy_load=”avada” background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” sticky=”off” sticky_devices=”small-visibility,medium-visibility,large-visibility” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ transform_type=”regular” transform_scale_x=”1″ transform_scale_y=”1″ transform_translate_x=”0″ transform_translate_y=”0″ transform_rotate=”0″ transform_skew_x=”0″ transform_skew_y=”0″ transform_scale_x_hover=”1″ transform_scale_y_hover=”1″ transform_translate_x_hover=”0″ transform_translate_y_hover=”0″ transform_rotate_hover=”0″ transform_skew_x_hover=”0″ transform_skew_y_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”false” border_position=”all” first=”true” min_height=”” link=””][fusion_title title_type=”text” rotation_effect=”bounceIn” display_time=”1200″ highlight_effect=”circle” loop_animation=”off” highlight_width=”9″ highlight_top_margin=”0″ title_link=”off” link_target=”_self” content_align=”center” size=”3″ text_shadow=”no” text_shadow_blur=”0″ gradient_font=”no” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ style_type=”default” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” font_size=”24px”]Precisa de ajuda com um ataque de malicioso?[/fusion_title][/fusion_builder_column][fusion_builder_column type=”1_4″ type=”1_4″ layout=”1_4″ align_self=”center” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” column_tag=”div” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ z_index_subgroup=”regular” background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ lazy_load=”avada” background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” sticky=”off” sticky_devices=”small-visibility,medium-visibility,large-visibility” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ transform_type=”regular” transform_scale_x=”1″ transform_scale_y=”1″ transform_translate_x=”0″ transform_translate_y=”0″ transform_rotate=”0″ transform_skew_x=”0″ transform_skew_y=”0″ transform_scale_x_hover=”1″ transform_scale_y_hover=”1″ transform_translate_x_hover=”0″ transform_translate_y_hover=”0″ transform_rotate_hover=”0″ transform_skew_x_hover=”0″ transform_skew_y_hover=”0″ animation_direction=”left” animation_speed=”0.3″ margin_bottom=”0px” spacing_left=”0px” last=”true” border_position=”all” first=”false” min_height=”” link=””][fusion_button link=”https://weblaster.top/contato/” target=”_self” color=”default” stretch=”default” icon_position=”left” icon_divider=”no” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” padding_top=”20px” padding_right=”30px” padding_bottom=”20px” padding_left=”30px” alignment=”left” alignment_small=”center”]Fale Conosco[/fusion_button][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container][fusion_builder_container type=”flex” hundred_percent=”no” hundred_percent_height=”no” hundred_percent_height_scroll=”no” align_content=”stretch” flex_align_items=”flex-start” flex_justify_content=”flex-start” hundred_percent_height_center_content=”yes” equal_height_columns=”no” container_tag=”div” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” status=”published” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” enable_mobile=”no” parallax_speed=”0.3″ background_blend_mode=”none” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” pattern_bg=”none” pattern_bg_style=”default” pattern_bg_opacity=”100″ pattern_bg_blend_mode=”normal” mask_bg=”none” mask_bg_style=”default” mask_bg_opacity=”100″ mask_bg_transform=”left” mask_bg_blend_mode=”normal” absolute=”off” absolute_devices=”small,medium,large” sticky=”off” sticky_devices=”small-visibility,medium-visibility,large-visibility” sticky_transition_offset=”0″ scroll_offset=”0″ animation_direction=”left” animation_speed=”0.3″ filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″][fusion_builder_row][fusion_builder_column type=”1_1″ type=”1_1″ layout=”1_1″ align_self=”auto” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” column_tag=”div” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ z_index_subgroup=”regular” background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ lazy_load=”avada” background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” sticky=”off” sticky_devices=”small-visibility,medium-visibility,large-visibility” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ transform_type=”regular” transform_scale_x=”1″ transform_scale_y=”1″ transform_translate_x=”0″ transform_translate_y=”0″ transform_rotate=”0″ transform_skew_x=”0″ transform_skew_y=”0″ transform_scale_x_hover=”1″ transform_scale_y_hover=”1″ transform_translate_x_hover=”0″ transform_translate_y_hover=”0″ transform_rotate_hover=”0″ transform_skew_x_hover=”0″ transform_skew_y_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”true” border_position=”all” first=”true” spacing_left_small=”0″ spacing_right_small=”0″ min_height=”” link=””][fusion_text hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” animation_direction=”left” animation_speed=”0.3″]

A empresa de inteligência de ameaças Cyble anunciou a descoberta de três novas famílias de Ransomware chamadas AXLocker, Octocrypt e Alice Ransomware. Confira abaixo mais detalhes sobre as três variações do vírus cibernético.

[/fusion_text][fusion_title title_type=”text” rotation_effect=”bounceIn” display_time=”1200″ highlight_effect=”circle” loop_animation=”off” highlight_width=”9″ highlight_top_margin=”0″ title_link=”off” link_target=”_self” content_align=”left” size=”1″ text_shadow=”no” text_shadow_blur=”0″ gradient_font=”no” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ style_type=”default” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” letter_spacing=”normal”]

O AXLocker rouba tokens de usuários do Discord

[/fusion_title][fusion_text animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]O ransomware batizado de AXLocker funciona visando certas extensões de arquivo com criptografia AES, antes de extorquir a vítima. No entanto, antes de criptografar os dados, ele rouba os tokens do Discord usados pela plataforma para autenticar os usuários quando estes inserem suas credenciais para fazer login em uma conta.

A análise do código revelou que a função startencryption() implementa a capacidade de pesquisar arquivos enumerando os diretórios disponíveis na unidade C:. O malware visa apenas extensões de arquivo específicas e exclui uma lista de diretórios do processo de criptografia.[/fusion_text][fusion_imageframe custom_aspect_ratio=”100″ lightbox=”no” linktarget=”_self” align_medium=”none” align_small=”none” align=”center” hover_type=”none” caption_style=”off” caption_align_medium=”none” caption_align_small=”none” caption_align=”none” caption_title_tag=”2″ animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ image_id=”4653|full” max_width=”750px”]https://weblaster.top/wp-content/uploads/2022/11/Ransomware-AXTLOCKER.webp[/fusion_imageframe][fusion_text animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

“Depois de criptografar os arquivos da vítima, o ransomware coleta e envia informações confidenciais, como nome do computador, nome de usuário, endereço IP da máquina, UUID do sistema e tokens de discord…” segundo a análise publicada pela Cyble.

[/fusion_text][fusion_text animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

Para roubar tokens do Discord, o malware tem como alvo os seguintes diretórios:

DiscordArmazenamento localleveldb
discordcanaryArmazenamento localleveldb
discordptbleveldb
Opera SoftwareOpera StableArmazenamento Localleveldb
GoogleChromeDados do usuárioPadrãoArmazenamento localleveldb
BraveSoftwareBrave-BrowserUser DataDefaultLocal Storageleveldb
YandexYandexBrowserUser DataDefaultLocal Storageleveldb

Ele usa regex para encontrar os tokens Discord nos arquivos de armazenamento local e os salva na lista e os envia para o servidor Discord junto com outras informações usando o URL abaixo:

[/fusion_text][fusion_text columns=”” rule_size=”” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” margin_top=”0″ margin_right=”0″ margin_bottom=”0″ margin_left=”0″ letter_spacing=”normal”]

hxxps://discord[.]com/api/webhooks/1039930467614478378/N2J80EuPMXSWuIBpizgDJ-75 [Redacted]DJimbA7xriJVmtb14gUP3VCBBZ0AZR

Depois que o malware criptografa os arquivos, ele mostra uma janela pop-up que contém uma nota de resgate com instruções para entrar em contato com os operadores. A nota de resgate não inclui o valor solicitado às vítimas para recuperar seus arquivos.

[/fusion_text][fusion_imageframe custom_aspect_ratio=”100″ lightbox=”no” linktarget=”_self” align_medium=”none” align_small=”none” align=”center” hover_type=”none” caption_style=”off” caption_align_medium=”none” caption_align_small=”none” caption_align=”none” caption_title_tag=”2″ animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ image_id=”4651|full” max_width=”700px”]https://weblaster.top/wp-content/uploads/2022/11/Resgate-AXTLOCKER.webp[/fusion_imageframe][fusion_title title_type=”text” rotation_effect=”bounceIn” display_time=”1200″ highlight_effect=”circle” loop_animation=”off” highlight_width=”9″ highlight_top_margin=”0″ title_link=”off” link_target=”_self” content_align=”left” size=”1″ text_shadow=”no” text_shadow_blur=”0″ gradient_font=”no” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ style_type=”default” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

Octocrypt Ramsomware

[/fusion_title][fusion_text animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

Octocrypt é uma nova variedade de ransomware que tem como alvo todas as versões do Windows. O criador de ransomware, criptografador e descriptografador são escritos em Golang . Os ATs por trás da Octocrypt operam sob o modelo de negócios Ransomware-as-a-Service (RaaS) e surgiram em fóruns de cibercrimes por volta de outubro de 2022 por US$ 400. O ransomware Octocrypt possui uma interface web simples para criar o criptografador e o descriptografador, e o painel da web também exibe os detalhes da vítima infectada.

A imagem abaixo mostra uma postagem feita pelo desenvolvedor do Octocrypt Ransomware em um fórum de crimes cibernéticos

[/fusion_text][fusion_imageframe custom_aspect_ratio=”100″ lightbox=”no” linktarget=”_self” align_medium=”none” align_small=”none” align=”center” hover_type=”none” caption_style=”off” caption_align_medium=”none” caption_align_small=”none” caption_align=”none” caption_title_tag=”2″ animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ image_id=”4650|full” max_width=”700px”]https://weblaster.top/wp-content/uploads/2022/11/Octocrypt-developer-on-Cybercrime-Forum.webp[/fusion_imageframe][fusion_text animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

Com base na análise da Cyble, foi descoberto que o ransomware é um executável binário GoLang de 64 bits baseado em console. Ao ser executado, o ransomware inicialmente garante a conexão do sistema com a internet e, em seguida, verifica a conexão TCP para acessar a URL da API. Depois disso, o malware inicia o processo de criptografia enumerando os diretórios e criptografa os arquivos da vítima usando o algoritmo AES-256-CTR, acrescentando a extensão como “.octo” .

Em seguida, o ransomware coloca a nota de resgate em várias pastas com o nome de arquivo “ INSTRUCTIONS.html ”. Por fim, o ransomware altera o papel de parede da vítima, que exibe uma mensagem que ameaça a vítima enviar um valor de resgate para um endereço específico da carteira Monero, confira na imagem abaixo.

[/fusion_text][fusion_imageframe custom_aspect_ratio=”100″ lightbox=”no” linktarget=”_self” align_medium=”none” align_small=”none” align=”center” hover_type=”none” caption_style=”off” caption_align_medium=”none” caption_align_small=”none” caption_align=”none” caption_title_tag=”2″ animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ image_id=”4649|full” max_width=”750px”]https://weblaster.top/wp-content/uploads/2022/11/Octocrypt-changing-desktop-background.webp[/fusion_imageframe][fusion_title title_type=”text” rotation_effect=”bounceIn” display_time=”1200″ highlight_effect=”circle” loop_animation=”off” highlight_width=”9″ highlight_top_margin=”0″ title_link=”off” link_target=”_self” content_align=”left” size=”1″ text_shadow=”no” text_shadow_blur=”0″ gradient_font=”no” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ style_type=”default” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

Alice Ransowmare

[/fusion_title][fusion_text animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

A terceira e última variação maligna é apelidada de “Alice” também apareceu em fóruns de crimes cibernéticos sob o projeto TAs de “Alice in the Land of Malware” (Alice na Terra do Malware). O ransomware Alice também funciona sob o modelo de negócios Ransomware-as-a-Service (RaaS). Os indicadores de comprometimento dessa variedade de ransomware não estão disponíveis na natureza.

[/fusion_text][fusion_imageframe custom_aspect_ratio=”100″ lightbox=”no” linktarget=”_self” align_medium=”none” align_small=”none” align=”none” hover_type=”none” caption_style=”off” caption_align_medium=”none” caption_align_small=”none” caption_align=”none” caption_title_tag=”2″ animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ image_id=”4648|full”]https://weblaster.top/wp-content/uploads/2022/11/Alice-ransomware-post-shared-by-TA-on-a-Cybercrime-Forum.webp[/fusion_imageframe][fusion_text animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

Os desenvolvedores do malware disponibilizam o Alice por apenas US$600 por mês e, em troca, o comprador obtém suporte responsivo, elementos de personalização e recursos de criptografia mais rápidos. Além disso, também oferece compatibilidade com PCs asiáticos/árabe.

O Alice Ranson vem com um pequeno “extra”, permite que os TAs gerem arquivos binários de ransomware com uma nota de resgate personalizada. Após digitar a mensagem de resgate e clicar no botão “New Build” no construtor de tema, ele irá gerar dois arquivos executáveis chamados “Encryptor.exe” e “Decryptor.exe”, conforme mostrado na imagem:

A execução bem-sucedida criptografa os arquivos da vítima e anexa a extensão como “.alice ”. Além disso, o malware descarta notas de resgate chamadas de “How to Restore Your Files.txt” (Como restaurar seus arquivos.txt) em várias pastas.

[/fusion_text][fusion_imageframe custom_aspect_ratio=”100″ lightbox=”no” linktarget=”_self” align_medium=”none” align_small=”none” align=”center” hover_type=”none” caption_style=”off” caption_align_medium=”none” caption_align_small=”none” caption_align=”none” caption_title_tag=”2″ animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ image_id=”4646|full” max_width=”700px”]https://weblaster.top/wp-content/uploads/2022/11/Encrypted-files-and-dropped-ransom-note-by-Alice-ransomware.webp[/fusion_imageframe][fusion_title title_type=”text” rotation_effect=”bounceIn” display_time=”1200″ highlight_effect=”circle” loop_animation=”off” highlight_width=”9″ highlight_top_margin=”0″ title_link=”off” link_target=”_self” content_align=”left” size=”1″ text_shadow=”no” text_shadow_blur=”0″ gradient_font=”no” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ style_type=”default” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

Como prevenir ataques de Ransomware?

Realize práticas regulares de backup e mantenha esses backups off-line ou em uma rede separada.
Ative o recurso de atualização automática de software em seu computador, celular e outros dispositivos conectados sempre que possível e pragmático.
Use um antivírus confiável e um pacote de software de segurança da Internet em seus dispositivos conectados, incluindo PC, laptop e celular.
Evite abrir links não confiáveis e anexos de e-mail sem verificar sua autenticidade.

O que fazer após um ataque de Ransomware?

[/fusion_title][fusion_text animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

Desanexe dispositivos infectados na mesma rede.
Desconecte os dispositivos de armazenamento externos, se conectados.
Inspecione os logs do sistema em busca de eventos suspeitos.

Impactos que um Ransomware pode ter sob uma empresa

[/fusion_title][fusion_text animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]