2022/1/19 Ransomware Terminator
The .520 suffix ransomware is a new virus spread by the well-known BeijingCrypt ransomware family abroad. It has evolved step by step from this year's .dragon ransomware and .file ransomware. Since the outbreak of this virus at the end of September this year, we have received many consultations and requests for help from businesses infected with encrypted data every day.
What is . 520 ransomware?
The .520 virus is an encryption virus based on ransomware code. This threat has been found in active attacks. There are various distribution techniques to deliver malicious files to the target operating system, such as remote desktop brute force attacks, spam, corrupted software installers, torrent files, fake software update notifications, and hacked websites.
After the .520 ransomware enters a computer in some way, it changes the Windows registry, deletes shadow copies, opens/writes/copies system files, generates the factura.exe process running in the background, loads various modules, etc.
After encrypting data, the ransomware also contacts the command and control server to send an RSA private key (needed to decrypt files) to each victim. Finally, the malware encrypts images, documents, databases, videos, and other files, only retaining system data, with a few exceptions.
Once the .520 ransomware program performs on the target system, it triggers the first phase of the attack. Once the 520 file virus has made initial malicious modifications, it can activate its built-in encryption module, starting the data encryption process. During this phase of the attack, the .520 virus scans and encrypts target files in all system drives.
. 520 How does the .520 ransomware spread and infect?
Remote desktop password brute force
Disable remote desktop, or change the default user administrator.
Database weak password attack
Check the password complexity of the database's sa user.
Does paying ransom to purchase decryption keys guarantee data recovery?
Answer: Not necessarily. Recently, we have often been contacted by corporate clients infected with the .520 suffix ransomware. Some clients had already paid ransom to buy decryption tools, but were unable to decrypt their database files successfully after running the decryption tool, thus suffering double losses. These clients sought our help, hoping to see if the data could be rescued. So, if you indeed plan to purchase decryption keys for recovery, it's recommended to first seek professional data recovery company assistance for a professional inspection of the database files to ensure successful recovery after purchasing the keys, to avoid secondary losses for the company.
Infected with. 520 suffix ransomware files, how to recover?
Most ransomware uses very sophisticated encryption algorithms, Considering factors such as the time, cost, and risk required for data recovery, if the data is not very important, it's recommended to directly perform a full disk scan for viruses and then format and reinstall the system, and subsequently do a good job in system security protection. If the infected data indeed has recovery value and necessity, you can directly add our technical WeChat or contact us by phone on the right side of this page for free virus sample testing and provide related data recovery help.
.360 suffix ransomware is a new spreading virus from the well-known ransomware family BeijngCrypt. What is .360 suffix ransomware? Like most ransomware, .360 suffix ransomware prevents access to files through encryption, changes file names, and provides victims with instructions on how to recover their files. The ransomware encrypts files and appends "..." to the file names.
Belgium's Ministry of Defense acknowledged attackers accessed its computer networks through a Log4j vulnerability Belgium's Ministry of Defense suffered a cyberattack because criminals exploited a vulnerability in Log4j. This attack marks the first time a NATO country's defense department became a victim of these vulnerabilities. A spokesperson for Belgium's Ministry of Defense said: "The Ministry of Defense discovered its computer network was subjected to a cyberattack, swiftly took measures to isolate the affected section. The primary task is to maintain the availability of the defense network."
Portland beer bar chain McMenamins suffers ransomware attack Oregon's Portland hotel and beer bar chain McMenamins stated the company was hit by a ransomware attack, which may have compromised employee personal information, but customer payment information seems unaffected. McMenamins claimed it verified and blocked the ransomware attack on December 12th, notified the Federal Bureau of Investigation (FBI), and hired...
Monday to Sunday 8:00-22:00
15203845779
to start a conversation
Copyright©2018- 2024 Zhengzhou Shemo Information Technology Co., Ltd. All rights reserved
