문득 이상한 파일이 있어 보니 8/2자 날짜로 저장돼 있는 KRAB-DECRYPT.txt 입니다. 아래 같은내용으로...
윈10, 카스퍼스키 깔려 있는데, D, E 드라이브 root에 아래 같은 파일이 존재하더군요. 근데, 저는 사실 아무 변화? 없이 두달 동안 잘 사용하고 있었습니다.
카스퍼가 막은 것인가요? 암튼 전산팀에 오늘에야 발견하고 신고 했더니... 잔말 말고 포맷하라고... 이미지 떠 놓은 것도 좀 비실비실한 상태였던 거라 이참에 포맷하려고 하느데, 검색해 보니 Fake 랜섬은 아니더군요.
혹시 이런 상황(불행 중 다행입니다만) 설명해 주실 분 계신지요.
고맙습니다.
-----------------KRAB-DECRYPT.txt 내용 -------------------------------------------------
---= GANDCRAB V4 =---
Attention!
All your files, documents, photos, databases and other important files are encrypted and have the extension: .KRAB
The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.
The server with your key is in a closed network TOR. You can get there by the following ways:
----------------------------------------------------------------------------------------
| 0. Download Tor browser - https://www.torproject.org/
| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/8abc99065aaf7930
| 4. Follow the instructions on this page
----------------------------------------------------------------------------------------
On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.
ATTENTION!
IN ORDER TO PREVENT DATA DAMAGE:
* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW
---BEGIN GANDCRAB KEY---
lAQAADLI/O+UWzuF/6P61/heX/T892OXUW50vUcITPyjFGx+ucXAK47mEVVWamsuGkcp/YXF55tnPOlF62JNZnKnOqDwgmkqvhMVe1zGMH9Z6xZX1mTyOaX6+FpL4ALsVB26EaZy48ClPh/hh3UvhDE2BwFH8MOhQ9aJGyQlAkloyYb7yexA08/X720mLMr3Jj91rPZGA0zHg58YwvlT8gtTh5S9auYrE+Z+k+siupgUoMqDhJomq+J4eBmOCWlY6/DOdOUj451C/7Nt62kStrVVduBdEIgMskR4nn8BMB/0NsBrpIiGgLyipPlOFByRm6VsuQWJ+Y3bv04vKpXQ/0dIpYYCNCi7WMLaevy8BE1/bpLz6ATR1hWzfuIw4L2qQL+NspM81LqFoizz3Y5ntrQ388tqSe4L8Do+eZ62LdkqjN4yaN17m3Gvj6IYxAgWL6ZSwco0FqNIHj0Kc691anbjfA67vAmMWbZ+C1Xyi+81EPQW+NevKe96CnQkb5U3X3S3LJMzNugva579C3wsegmuekJTYFBH0fvnrKc//SE2xh9mSTELzDiesLVBNNi8dDOQMjsPHw1I/QLKErUTv7l6GtV09nt43+qskkrJg5CN+JU8YuE9Inrg7I0qriUYPDXXKf6+KlxjW1olc6ALlsaSZMh23eAEUQRsG78RV/vSvbiHBZp0rUr4A5v6szLLqpN32tj1xBfSnMHotba/sZ3QGnAYY5GglXPqFbXRFKiClfzhZYuby7jaIJLp4n9RdPExAL6R88NlPiHOdnXpX8YZsMCA+itQZQOlwzT5Fzw26XKzNklvj/j0TV2sl37NnZTt2GGsRI3FQPWO1sDjBZJFAnPH+V5s1wlB7OD4CwAUQJKwjnk6XFuj2691FrsC21y0iZJGg4yWJxM9KxJlb3hhAlGw85yTYGtKwDW/n8VsLIcXeparZj22hCg6nEZtkqGmudK0hmPKbZKAzNG2WCBfm8Al/ZJpqJkc5px6COc2BgKVEfSoG11+iYYlG1SQrCVj7j3jGhYtz7iQaFeW00sKx1bX4JHDwu3ur8WImWjT8ZnAdOpJj2Qo9V+7YKWdhcBxJyOxTQ/EJUi5H+HwbTwpfGIH9GwvML8CD4LgAJ6YgWEa2zdErXHQF5oT5X4rETGrCrZ6x0LA53L0qvErCzfdUDd4wbOMX8q/nsslCks17N6LQ8QpFjyL4526NkXfFCWVFLkreqsKxjSXkm+eRIF4m1rtKX8VPuP1SJDvUplVcLd3DKlrKFWvDgcdKJPYlkOCBcb1ngxPR/sLit2DuZfz6RpRdPryz/3RvmYnTZwnRACJZHBnzoe+O5pQXo8Uwx2Rnf1nhNdc8dBWs9vJPcxllmR9YARIupxxbK6xPmQkj90h9ZPsHDROJDXR4H+Bfog7MxQzf8s/mNzXaWuraLphn6kZ/SJlgwjPjW5tjZMW+gOLm4RCmcsk/JWIy6Sp19Duj4Xo0Y25aqv5yp/zf7AQbuaBw/JIuSq3yDGw34f5OnAn+FEjcPYqmt+YC8rDQvqaAjVufZPDlQ0Z30wCl0mLV9i9EmmbC1V28E3UYXXnTXTZU7OAX6ihZMToUCO5I7x+r1rILRQgC53KoedmBN99w09IIsHVN2fJ5pEoTEXETnaEINezY0dTONnWb+zLNn2mDwovc3G1IOXjpfK2OLAXoeoT6PN2W5s8iaTjbKi48qYetzlLrRipvEx8dEPdC5wxmFtm9NZz8fORUBR/xY3RJUW6FgZSZ/fxqaNORyT2Iza9iRsfHWCgEv6e6nqQq3JxmbOesUur1ASOIic9UzKWblZ496JbcwhPhbZCm+SjlFW8leS3j6BVFuxKkl7zh4kYra0CfzvyXyyR4Pt0DKyNT6IO3GsQ6UIcin877+XRmeY7VXZadIDeCjvJidrEP6ldkyA8ThV5FijsW6ABqLotpAkX5tuhOuIGU5u1E+Vqud/wF2Ope/B+FWOBKRsCH3wXkXsNTNPEYhQw/S51rqdVhSXPHxBcQMUWHZdwXmNikCYi01tMzCDwVLbLkD3PGENsZPdtUrQnV6dDd7NEdHywbrdzdrt12C78JLpUjMw+M935nvI0AyycdXGYzYhq+uf7vWIuqhE1mPdg6vJGkqkn6GqezCpiORdCR1F6Vq+QMNb70edLBX1Yi9oOzoU7YeEwj2QWejd+9+sSq2zwIXayiOUIN5F5uLm9WjRyUksiVqce/bMTa/6VeZAOIacWBrufq+jVXyI=
---END GANDCRAB KEY---
---BEGIN PC DATA---
wfKD6iudumBkmpL8IRr4U+Z2TYDF8D3t3jxjOpv1xlYovOuWNx4WYYldz5ZdTphRsXYR7mdWq7faTHWH5R5YBLDzo9Mu7+n6TUGEDBbiCpJj89LFMP/fmBOoBJAGLoqj/Px82WjxHJK0ip6hCUS4AqkAxrZKOPCX8LmabVUkcnQybcSWqsC4YYlYBKSExt8pE45r28KAR1KIZBdV4APFuUncZiJ92P2MZ0OQMJQPkYpNLF2TNJxXmtEoWXZvP+o/CfqF1shzlzbajcJAFXgll55nRd1rCDYxfQ7cDMQr7n1+SmjFHw+tkbsta9iVqcCnrbr95/tivLExkSfBsuL9/yI2HOtuGt1YaFqVBmXt/BGIEZob/idP4ra4Yqa1Y8ZyYYzy2SmikpQSTWYqblO5JIcJ8pE5wIQoAxPBnKw+Cu5JAOef2WFig6FrWw3jxHhKuQ6fZlrpfREi3vTLM+ar1wIZN3QTRlWKfznV1lPgcH8NmVffniz2QU5nm7Ivlsiw63IKVYrpeDf8fAgcCMBpPwBN+38+QwTCr6YtEuHtKkipBYBMapH1HpMOdL/KRdAPool+V7zu5LPJzMH9PXYCh8kz7exNRfttXf/Ybj/WouJkXppeRdRS9CphT1Kp2tFgkGnbLVMzkAsBfmD5HmFciTgEzbIBT7jbCwFzKdv/zDNsdHM3u24NfaiU43JgLfS8Uh0YXfIDE9YvjSbfmwqIwmcu1sV4mOTgkIqgOnBtESt+DiZI4BsYYF0C8rwBZhQyr8sbO8ilfU/VrqtOlo8nQ+7Dgu6+4+vlvy373JlhOvnU5+g1lMo=
---END PC DATA---
¼³¸íÀÌ ÇÊ¿ä¾øÀ»ÅÙµ¥¿ä. º»ÀÎ ºÎÁÖÀÇ - °¨¿°, ³¡.
Æú´õ ¸¶´Ù CRAB-DECRYPT.txt ÆÄÀϵéÀ» ½É¾îµÎ¾ú´Âµ¥, ÆÄÀϵ鿡 ´ëÇÑ ¾Ïȣȴ ÁøÇàµÇÁö ¾Ê¾Ò½À´Ï´Ù.
ÆÄÀϵéÀ» ¾ÏÈ£È ÇÏ´Â ·£¼¶À̾ú´Ù¸é ÀÌ¹Ì ¾ÏÈ£È ¿Ï·áµÇ¾úÀ» ÅÍÀε¥, ¸ÖÂÄÇÏ¿´½À´Ï´Ù.
»ç¿ëÇÏ´Â ¹é½ÅÀº V3¿Í AntiLansumWare ÀÔ´Ï´Ù.
C µå¶óÀ̹ö´Â °í½ºÆ® À̹ÌÁö¸¦ Ç®¾î¼ º¹¿øÇß°í, µ¥ÀÌŸ µå¶óÀ̹ö¿¡´Â ¹«´Ü ¼³Ä¡µÈ ÆÄÀϵéÀ» °Ë»öÇؼ ¸ðÁ¶¸® »èÁ¦ÇÏ¿´½À´Ï´Ù.
µ¥ÀÌŸ ÆÄÀÏÀ» ¹é¾÷ ÇصРº°µµ µð½ºÅ©´Â ÀÖ¾úÁö¸¸, ±äÀå »óŸ¦ À¯ÁöÇÏ¸é¼ °è¼Ó »ç¿ëÇغôµ¥, ´õ ÀÌ»óÀÇ º°´Ù¸¥ ¿À·ù´Â ¹ß»ýÄ¡ ¾Ê¾Ò½À´Ï´Ù.
³ª Ȧ·Î ÀÛ¾÷Çϴ ȯ°æÀ̶ó À§ÇèÇÑ ¸ðÇèÀ» °¨ÇàÇغ» °ÍÀÌÁö¸¸, ´Ù¸¥ »ç¿ëÀÚµé°ú °°ÀÌ ÀÛ¾÷Çϴ ȯ°æÀ̶ó¸é ±ú²ýÇÏ°Ô Æ÷¸ËÇÏ´Â °ÍÀÌ ÇÊ¿äÇϸ®¶ó »ý°¢ÇÕ´Ï´Ù.
CRAB-DECRYPT.txt ÆÄÀÏÀÇ ³»¿ëÀÔ´Ï´Ù.
---= GANDCRAB V2.1 =---
Attention!
All your files documents, photos, databases and other important files are encrypted and have the extension: .CRAB
The only method of recovering files is to purchase a private key. It is on our server and only we can recover your files.
The server with your key is in a closed network TOR. You can get there by the following ways:
0. Download Tor browser - https://www.torproject.org/
1. Install Tor browser
2. Open Tor Browser
3. Open link in TOR browser: http://gandcrab2pie73et.onion/fbb50603be68046e
4. Follow the instructions on this page
If Tor/Tor browser is locked in your country or you can not install it, open one of the following links in your regular browser:
0. https://gandcrab2pie73et.onion.rip/fbb50603be68046e
1. https://gandcrab2pie73et.onion.plus/fbb50603be68046e
2. https://gandcrab2pie73et.onion.to/fbb50603be68046e
ATTENTION! Use regular browser only to contact us. Buy decryptor only through TOR browser link or Jabber Bot!
On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.
The alternative way to contact us is to use Jabber messanger. Read how to:
0. Download Psi-Plus Jabber Client: https://psi-im.org/download/
1. Register new account: http://sj.ms/register.php
0) Enter "username": fbb50603be68046e
1) Enter "password": your password
2. Add new account in Psi
3. Add and write Jabber ID: ransomware@sj.ms any message
4. Follow instruction bot
It is a bot! It's fully automated artificial system without human control!
To contact us use TOR links. We can provide you all required proofs of decryption availibility anytime. We are open to conversations.
You can read instructions how to install and use jabber here http://www.sfu.ca/jabber/Psi_Jabber_PC.pdf
DANGEROUS!
Do not try to modify files or use your own private key - this will result in the loss of your data forever!