Hi, please view here: http://pastebin.com/raw/jtSjmJz
for information on how to obtain your files!
如果你在服务器看到上面的信息,恭喜你被勒索了
如果你还没有见过上面的信息,希望你以后也不要遇到
今天同事照常登录系统,准备继续搞事,刚登录上就弹出:
Hi, please view here: http://pastebin.com/raw/jtSjmJzS for information on how to obtain your files!
心凉一截
进入上面给的链接查看下:
YOU HAVE BEEN INFECTED WITH RANSOMWARE | YOU HAVE BEEN INFECTED WITH RANSOMWARE You have been hacked. When you were hacked, your files were sent to a server that we control and removed from you. You must pay 0.25 BITCOIN to get your files back and prevent them from being leaked to this address: 14z9Rbpw5SozMuMRRrdwcKaSs4PsxiEHRE We are the only ones in the world that can provide your files for you! When you have sent payment, send e-mail to aariz@airmail.cc with: 2) SERVER IP ADDRESS 3) BTC TRANSACTION ID FBI SUGGEST TO JUST PAY: https://www.tripwire.com/state-of-security/latest-security-news/ransomware-victims-should-just-pay-the-ransom-says-the-fbi/ When you pay, you will receive an FTP account where you can retrieve your files and delete all your data from us. If you do not pay, at end of the month we will collect all data that remains on server and leak it. HOW TO PURCHASE BITCOIN: You can purchase bitcoin from following: http://localbitcoins.com http://kraken.com http://okcoin.com http://coinbase.com You can message aariz@airmail.cc for support, but we will not respond to questions such as "can i see files first?" because we do not have time for this When you have sent payment, put [PAID] in email subject so we can attend to you before others!
果然,要币,而且要的真特么人性化啊
1、告诉你,你被黑了
2、付币,恢复文件,不付,月末删除文件,,FBI那个下面再说
3、付完后联系方式
4、没有币,没关系,还给你提供几个购买币的渠道
其中有一条是让看一下FBI提供的建议,,
我建议大家遇到这种情况不要支付,据不完全可靠消息说:攻击者并没有留存受害者的文件,只是骗受害者去付钱,详细信息见下链接:
当然如果你的文件比较重要的话可以Try一下
当然如果你非常Rich的话也可以Try一下
当然FBI的建议下面的还是可以听取的
备份很重要
最差也要定期备、按时备,最好就是实时备份
这个云机器上主要的服务有MySQL、NGINX、ES和Redis且服务的端口全部是开放的
在上面的链接中也可以看到这是是
Redis引起的安全事故
下面链接是对此进行的详细说明:
可以看到,最好不要把Redis发布到公网上去
因为这样可以使攻击者通过Redis获取到服务器的最高权限
处理方法
建议重置系统,然后设置严谨的端口发布规则,建立完整备份体系