怎么判断病毒所属呢?
1、通过勒索信息文件、加密后文件后缀等勒索特征判断勒索病毒家族。
2、选择对应家族(如有版本也应选择对应版本)的解密工具;
3、解密前需对重要的数据进行备份(即使处于被加密状态),以防止解密失败造成损失;
4、解密前需确保系统中的勒索病毒已被清除,否则可能遭到重复加密;
5、部分解密工具可能需要特定的解密环境(如在原始受感染的主机上进行解密、需要同时提供加密文件和原文件等),具体请参考工具中的说明。
6、解密工具可能只对某些家族的特定版本生效。
自动识别病毒样本 的站点
#勒索信息综合性查询网站
深信服EDR查询
https://edr.sangfor.com.cn/#/information/ransom_search
启明星辰勒索病毒搜索引擎
https://lesuo.venuseye.com.cn/
botfrei.de网站
https://www.botfrei.de/de/ransomware/galerie.html
2综合性解密工具
卡巴斯基:勒索软件解密工具集
https://noransom.kaspersky.com/
Avast:勒索软件解密工具集
https://www.avast.com/zh-cn/ransomware-decryption-tools
Trendmicro:勒索软件解密方案
https://esupport.trendmicro.com/solution/zh-cn/1115118.aspx
MalwareHunterTeam:勒索软件解密工具集
https://id-ransomware.malwarehunterteam.com/
nomoreransom:勒索软件解密工具集
https://www.nomoreransom.org/zh/index.html
Emsisoft:勒索软件解密工具集
https://www.emsisoft.com/ransomware-decryption-tools/free-download
3
勒索病毒解密工具
[Apocalypse勒索软件解密工具]
https://www.pcrisk.com/removal-guides/10111-apocalypse-ransomware
[Alcatrazlocker勒索软件解密工具]
https://files.avast.com/files/decryptor/avast_decryptor_alcatrazlocker.exe
[Alma勒索软件解密工具]
https://info.phishlabs.com/blog/alma-ransomware-analysis-of-a-new-ransomware-threat-and-a-decrypter
[Alpha勒索软件解密工具]
https://dl.360safe.com/Decryptor_AlphaDecrypter.cab
[AL-Namrood勒索软件解密工具]
https://www.pcrisk.com/removal-guides/10535-al-namrood-ransomware
[Apocalypse 勒索病毒解密工具]
http://blog.emsisoft.com/2016/06/29/apocalypse-ransomware-which-targets-companies-through-insecure-rdp/
[Autolocky勒索软件解密工具]
https://www.bleepingcomputer.com/news/security/decrypted-the-new-autolocky-ransomware-fails-to-impersonate-locky/
[Bart勒索病毒解密工具]
http://phishme.com/rockloader-downloading-new-ransomware-bart/
[BitDtak勒索软件解密工具]
https://download.bleepingcomputer.com/demonslay335/BitStakDecrypter.zip
[BarRax勒索软件解密工具]
https://blog.checkpoint.com/wp-content/uploads/2017/03/BarRaxDecryptor.zip
[CryptON 勒索病毒解密工具]
http://blog.emsisoft.com/2017/03/07/emsisoft-releases-free-decrypter-for-crypton-ransomware/
[CoinVault勒索软件解密工具]
https://www.bleepingcomputer.com/virus-removal/coinvault-ransomware-information
[CryptXXX勒索病毒解密工具]
http://www.bleepingcomputer.com/virus-removal/cryptxxx-ransomware-help-information
[Crypt0勒索软件解密工具]
https://download.bleepingcomputer.com/demonslay335/Crypt0Decrypter.zip
https://www.pcrisk.com/removal-guides/10478-crypt0-ransomware
[Crypt38Keygen勒索软件解密工具]
https://download.bleepingcomputer.com/demonslay335/Crypt38Keygen.zip
[Crypren勒索软件解密工具]
https://github.com/pekeinfo/DecryptCrypren
http://www.nyxbone.com/malware/Crypren.html
[CryptComsole勒索软件解密工具]
https://download.bleepingcomputer.com/demonslay335/CryptConsoleDecrypter.zip
[Crytomix勒索软件解密工具]
https://files.avast.com/files/decryptor/avast_decryptor_cryptomix.exe
[CryptoHostKeygen勒索软件解密工具]
https://github.com/Demonslay335/CryptoHostKeygen
[Cry9勒索软件解密工具]
https://www.pcrisk.com/removal-guides/11199-cry9-ransomware
http://blog.emsisoft.com/2017/04/04/remove-cry9-ransomware-with-emsisofts-free-decrypter/
[CoinVault勒索软件解密工具]
https://www.nomoreransom.org/uploads/CoinVaultDecryptor.zip
[Cryptinfinite勒索软件解密工具]
https://www.pcrisk.com/removal-guides/9568-cryptinfinite-ransomware
[CrazyCrypt勒索密钥生成工具]
https://edr.sangfor.com.cn/file/tool/CrazyCrypt_Password.rar
[DXXD勒索病毒解密工具]
http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-14-2016-exotic-lockydump-comrade-and-more/
[DoNotOpen勒索软件解密工具]
https://download.bleepingcomputer.com/demonslay335/DoNotOpenDecrypter.zip
[Decrypt Protect[mbl advisory]勒索病毒解密工具]
http://www.malwareremovalguides.info/decrypt-files-with-decrypt_mblblock-exe-decrypt-protect/
[Enigma勒索软件解密工具]
https://www.im-infected.com/ransomware/remove-enigma-ransomware-virus-removal.html
[EduCrypt勒索软件解密工具]
https://www.bleepingcomputer.com/news/security/the-educrypt-ransomware-tries-to-teach-you-a-lesson/
[GhostCrypt勒索病毒解密工具]
http://www.bleepingcomputer.com/forums/t/614197/ghostcrypt-z81928819-help-support-topic-read-this-filetxt/
[GhostCrypt勒索软件解密工具]
https://download.bleepingcomputer.com/demonslay335/GhostCryptDecrypter.zip
[Gomasom勒索软件解密工具]
https://www.bleepingcomputer.com/news/security/gomasom-crypt-ransomware-decrypted/
[GandCrab勒索软件解密工具]
https://www.bleepingcomputer.com/news/security/fbi-releases-master-decryption-keys-for-gandcrab-ransomware/
[Hidden tear勒索软件解密工具]
https://files.avast.com/files/decryptor/avast_decryptor_hiddentear.exe
https://download.bleepingcomputer.com/demonslay335/hidden-tear-decrypter.zip
[HydraCrypt/UmbreCrypt勒索病毒解密工具]
http://blog.emsisoft.com/2016/02/12/decrypter-for-hydracrypt-and-umbrecrypt-available/
[HydraCrypt勒索软件解密工具]
https://tmp.emsisoft.com/fw/decrypt_hydracrypt.exe
[Hidden Tear勒索软件解密工具]
https://www.cyber.nj.gov/threat-profiles/ransomware-variants/hidden-tear
[InsaneCrypt勒索软件解密工具]
https://download.bleepingcomputer.com/demonslay335/InsaneCryptDecrypter.zip
[Ims00rry勒索软件解密工具]
https://securityaffairs.co/wordpress/88376/malware/ims00rry-ransomware-decryptor.html
https://www.emsisoft.com/decrypter/ims00rry
[Jigsaw勒索软件解密工具]
https://www.bleepingcomputer.com/news/security/jigsaw-ransomware-becomes-cryptohitman-with-porno-extension/
[JuicyLemon勒索软件解密工具]
https://dl.360safe.com/Decryptor_JuicyLemonDecoder.cab
[JigSaw勒索软件解密工具]
https://download.bleepingcomputer.com/demonslay335/JigSawDecrypter.zip
[Lockcrypt勒索软件解密工具]
https://labs.bitdefender.com/wp-content/uploads/downloads/lockcrypt-ransomware-decryptor/
[Legion勒索病毒解密工具]
http://botcrawl.com/legion-ransomware/
[LockedIn勒索软件解密工具]
https://download.bleepingcomputer.com/demonslay335/LockedInDecrypter.zip
[MirCop勒索软件解密工具]
https://download.bleepingcomputer.com/demonslay335/MirCopDecrypter.zip
[Mblblock勒索软件解密工具]
https://tmp.emsisoft.com/fw/decrypt_mblblock.exe
[Marlboro勒索软件解密工具]
https://www.bleepingcomputer.com/news/security/marlboro-ransomware-defeated-in-one-day/
[Nullbyte勒索软件解密工具]
https://www.bleepingcomputer.com/news/security/the-nullbyte-ransomware-pretends-to-be-the-necrobot-pokemon-go-application/
[NullByte勒索软件解密工具]
https://download.bleepingcomputer.com/demonslay335/NullByteDecrypter.zip
[Nanolocker勒索软件解密工具]
https://github.com/Cyberclues/nanolocker-decryptor
[NMoreira勒索软件解密工具]
https://www.pcrisk.com/removal-guides/10689-nmoreira-ransomware
[NanoLocker勒索病毒解密工具]
http://blog.malwareclipboard.com/2016/01/nanolocker-ransomware-analysis.html
[OpenToYou 勒索病毒解密工具]
http://blog.emsisoft.com/2016/12/30/emsisoft-releases-free-decrypter-for-opentoyou-ransomware/
[Odcodc勒索病毒解密工具]
http://www.nyxbone.com/malware/odcodc.html
[ODCODCDecoder勒索软件解密工具]
https://dl.360safe.com/Decryptor_ODCODCDecoder.cab
[Pclock勒索软件解密工具]
https://www.bleepingcomputer.com/forums/t/561970/new-pclock-cryptolocker-ransomware-discovered/
[PopCorn勒索软件解密工具]
https://www.elevenpaths.com/downloads/RecoverPopCorn.zip
[Ransom.Cryakl勒索病毒解密工具]
http://blog.checkpoint.com/2015/11/04/offline-ransomware-encrypts-your-data-without-cc-communication/
[Shade勒索软件解密工具]
https://blog.kaspersky.com/shade-decryptor/12661/
[SanSam勒索软件解密工具]
https://download.bleepingcomputer.com/demonslay335/SamSamStringDecrypter.zip
[Unlock92勒索软件解密工具]
https://download.bleepingcomputer.com/demonslay335/Unlock92Decrypter.zip
[Unlocker勒索软件解密工具]
https://github.com/kyrus/crypto-un-locker
[Wildfire勒索软件解密工具]
https://downloadcenter.mcafee.com/products/mcafee-avert/wildfiredecrypt/wildfiredecrypt.exe
5、 防范方法
1:关闭服务进程(杜绝445端口)
2:注册表关闭勒索病毒服务
3:开启防火墙,防微杜渐过滤危险端口
4:组策略安全设置、ip安全策略