Fjern SNS Locker og gendannelse .RSNSLocked AES-256 filer - Hvordan, Teknologi og pc-sikkerhed Forum | SensorsTechForum.com
TRUSSEL FJERNELSE

Fjern SNS Locker og gendannelse .RSNSLocked AES-256 filer

SNSLocker-Tapet-sensorstechforum2Malware forskere har opdaget en ny ransomware, kalder sig SNS Locker. Den nye kryptografering malware krypterer filer med .RSNSLocked filtype og bruger en stærk AES-256 kryptering algoritme til at indkode en bred vifte af filer på kompromitteret computer. The ransomware then changes the wallpaper of the user with a random scary pic, notifying him to pay money to get his files back. The ransomware asks for 0.66 bitcoins which are approximately 300$.

Trussel Summary

NavnSNS Locker
TypeRansomware
Kort beskrivelseThe ransomware encrypts files with the RSA algorithm and AES cipher and asks a ransom for decryption.
SymptomerFilerne er krypteret og bliver utilgængelige. A ransom note with instructions for paying the ransom shows as Wallpaper and a notification window.
DistributionsmetodeSpam e-mails, Vedhæftede filer, Fildeling Networks.
Værktøj Detection See If Your System Has Been Affected by SNS Locker

Hent

Værktøj til fjernelse af malware

BrugererfaringTilmeld dig vores forum til Discuss SNS Locker.
Data Recovery ToolWindows Data Recovery af Stellar Phoenix Varsel! Dette produkt scanner dine drev sektorer til at gendanne mistede filer, og det kan ikke komme sig 100% af de krypterede filer, men kun få af dem, afhængigt af situationen og uanset om du har omformateret drevet.

SNS Locker – Distribution

Malware forsker Mosh at Nyxbone.com has researched the ransomware and has established that In order to be successfully distributed out into the open SNS Locker is believed to be spread out via an SNS Locker.exe and SNSLOcker2.exe files med følgende parametre:

→ "Filnavn: SNSLocker.exe / Størrelse: 635.0 KB / VT
MD5: c3cd8168f96e89998cab52b436c24b7d
SHA1: 3cbe96abba5269eb69093ebc07dd82e3091f0d3d
SHA256: 503b7d7a1348c3f03c789a5faca481bcd340e9be7cc602175fcbe513e864ffb8
Filnavn: SNSLOcker2.exe / Størrelse: 796.0 KB / VT MD5: 3a27b49845a3ae4671fa69c2051c2cb6 SHA1: 71caed58a603d1ab2a52d02e0822b1ab8f1a9095 SHA256: 597a14a76fc4d6315afa877ef87b68401de45d852e38f98c2f43986b4dca1c3a”Source: Nyxbone.com

Denne eksekverbare may assume different names to be undetected manually, for eksempel:

  • {tilfældigt navn}.exe
  • svchost.exe
  • notepad.exe
  • Your Confirmation.exe
  • Receipt.exe

It may be spread out via game cracks, other keygens, aktivatorer, malicious email messages sent out as spam and even by malicious links that have come up as a result of an adware causing redirects to them, såsom DNS Unlocker, for eksempel.

SNS Locker Ransomware In Detail

Forskere ved Nyxbone blog have established that the SNS Locker ransomware heavily modifies the computers it infects. For startere, once executed, the ransomware connects to the following C&C(Kommando og kontrol) IP-adresse:

→ 5.9.82.18

The address appears to be based in Germany, and after SNS Locker connects to it, it immediately sends the following information from the infected computer:

  • Customly generated 8 character ID of the victim. (For eksempel – yas9yc92)
  • Maskine navn.
  • Brugernavn.
  • Offentlig IP-adresse.
  • Mac-adresse.
  • Dato.

The ransomware then begins to encrypt the files of the infected computer. It is reported to look for the following file types to encode:

→ .1dog, .3dm, .3g2, .3gp, .AAF, .accdb, .AEP, .aepx, .AET, .til, .til, .aif, .aif, .som, .AS3, .ASF, .asp, .ASX, .avi, .Bik, .bmp , .c, .cal, .cdr, .cdt, .CDX, .CGN, .klasse, .CLK, .CMX, .cnt, .cpp, .CPT, .CPX, .cs, .CSL, .csv, .cur, .hvilken, .db, .dbf, .af, .af, .doc, .docb, .docm, .docx, .punktum, .dotm, .dotx, .DRW, .DS4, .DSF, .dwg, .dwg, .dxf, .EFX, .EPS, .EPS, .ende, .fla, .flv, .fmv, .FPX, .FPX, .fx0, .FX1, .FXR, .perle, .gif, .gif, .h, .IDML, .IFF, .IIf , .IMG, .indb, .indd, .indl, .indt, .dette, .INX, .iso, .krukke, .java, .jpeg, .jpg”, .js, .LGB, .M3U, .M3U8, .m4u, .mac, .max, .CIS, .mødte, .mid, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .Mx0, .lur, .nd, .klappe, .PCD, .pct, .PCX, .bps, .pdf, .PFB, .php, .pic, .PLB, .PLT, .PMD, .png, .gryde, .veje, .potx, .PP4, .PP5, .PPAM, .PPF, .RPM, .pps, .PPSM, .ppsx, .ppt, .ppt, .pptm, .pptx, .Prel, .prn, .prn, .prproj, .ps, .ps, .ps, .PSD, .psp, .PTB, .py, .altoverskyggende, .QBB, .QBI, .QBM, .QBO, .qbp, .ICBm'ere , .QBW, .qbx, .qby , .qpd, .QSM, .QSS, .QST, .qwc, .ud, .rar .raw, .rå, .rb, .ref, .rtf, .RTP, .sct, .hjemløse, .dens, .sæt, .SHW, .sldm, .sldx, .sql, .svg, .svg, .swf, .swf, .tga, .tif, .tiff, .pcs, .pcs, .ttf, .txt, .txt, .txt, .V30, .VCF, .vob, .VSD, .VSD, .wav, .wav, .WebM, .wi, .WK3, .wk4, .wma, .wmf, .wmv, .WPD, .WPD, .WPG, .WPS, .XCF, .XLA, .xlam, .XII, .XLM, .xls, .xls, .xlsb, .xlsm, .xlsm, .XLSX, .XLSX, .XLT, .xltm, .xltx, .xlw, .xml, .XPM, .XQX, .XQX, .zip Source:Nyxbone

The discovered files are encoded immediately with two of the most powerful ciphers in the world:

  • AES cipher to encrypt the files on the compromised computer.
  • RSA algorithm to encode the public AES key which is being sent to the criminals’ IP address.

The malicious software then changes the wallpaper image of the victim user to a terrifying picture, that may look like the following:

SNSLocker-Wallpaper-sensorstechforumSource:Nyxbone

Efter dette er sket, SNS Locker may automatically open a window with the ransom note and a method to decrypt the files by paying in BitCoin. Det ligner følgende:

SNSLocker-Ransom-note-sensorstechforumSource:Nyxbone

SNS Locker also shows the user his own unique identification number which is most likely made to help the cyber-criminals identify multiple devices easily. Along with the number there is a button which may directly transfer the user to a payment page:

SNSLocker-unique-ID-sensorstechforumSource:Nyxbone

The payment page is rather simply created. It features the bitcoin address of the cyber-criminals in an electronic invoice which the user can pay online, from distance:

SNSLocker-payment-page-sensorstechforumSource:Nyxbone

After the funds have been paid, the user may receive a link from the malicious domain of the cyber-criminals where he or she can find his private and public keys and click on the “Decypher” button to decrypt them:

decypher-sensorstechforum-snslocker

SNS Locker – Conclusion, Fjernelse, and Decryption Alternatives

The bottom line for SNS Locker is that it is basically a highly sophisticated ransomware which aims to basify the payment method for infected users, by being more “user-friendly”. This is a very effective method and it may have already made the cyber-criminals behind SNS Locker a lot of money. Trods denne, malware researchers strongly advise hopeless users IKKE at betale nogen løsesum penge due to the following possibilities:

  • You fund the cyber-crooks to infect even more computers.
  • Du må ikke få dine filer tilbage 100%.

For at fjerne denne ransomware effektivt fra din computer, we advise following the Manual or Automatic removal steps below. Experts also advise downloading a reputable anti-malware program which will automatically take care of the SNS Locker files for you.

Vedrørende fil restaurering, be advised that we have prepared some alternative methods in step “3” below that you may try while we investigate any decrypters which are publicly released and working. As soon as there is a solution, expect an update on this article’s web page.

Ventsislav Krastev

Ventsislav har dækket de nyeste malware, software og nyeste tech udviklinger på SensorsTechForum for 3 år nu. Han startede som en netværksadministrator. Have uddannet Marketing samt, Ventsislav har også passion for opdagelsen af ​​nye skift og innovationer i cybersikkerhed, der bliver spillet skiftere. Efter at have studeret Value Chain Management og derefter Network Administration, han fandt sin passion inden cybersecrurity og er en stærk tilhænger af grunduddannelse for alle brugere mod online sikkerhed.

Flere indlæg - Websted

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...