Hunt 勒索软件锁定受害者系统

在检查新的文件样本时，我们的研究团队发现了一款名为 Hunt 的恶意软件，该软件属于 Dharma 勒索软件组织。该软件专门用于加密本地和网络共享文件，目的是勒索用户支付解密费用。

在我们对测试平台的评估中，Hunt 加密了文件并更改了文件名。原始文件名被附加了一个独特的标识符、网络罪犯的电子邮件地址和“.hunt”扩展名。例如，名为“1.jpg”的文件被转换为“1.jpg.id-9ECFA84E.[bughunt@keemail.me].hunt”。

加密过程结束后，勒索软件会通过弹出窗口和标有“info-hunt.txt”的文本文件显示赎金通知。文本文件仅通知受害者其文件已被加密，并建议他们联系犯罪者进行恢复。同时，弹出窗口提供了有关勒索软件感染的更多详细信息，暗示需要支付赎金才能恢复数据。

在满足这些要求之前，受害者最多可以对三个文件进行解密测试，这些文件的大小不超过 5 MB，并且缺少关键或有价值的内容。该通知还详细说明了寻求第三方帮助的风险。

寻找赎金票据全文

亨特提供的赎金纸条全文如下：

All your files have been encrypted!

Don't worry, you can return all your files!
If you want to restore them, write to the mail: bughunt@keemail.me YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:bughunt@airmail.cc

We strongly recommend that you do not use the services of intermediaries and first check the prices and conditions directly with us
The use of intermediaries may involve risks such as:
Overcharging: Intermediaries may charge inflated prices, resulting in improper additional costs to you.

Unjustified debit: There is a risk that your money may be stolen by intermediaries for personal use and they may claim that we did it.

Rejection of the transaction and termination of communication: Intermediaries may refuse to cooperate for personal reasons, which may result in termination of communication and make it difficult to resolve issues.

We understand that data loss can be a critical issue, and we are proud to provide you with encrypted data recovery services. We strive to provide you with the highest level of confidence in our abilities and offer the following guarantees:
Recovery demo: We provide the ability to decrypt up to three files up to 5 MB in size on a demo basis.

Please note that these files should not contain important and critical data.

Demo recovery is intended to demonstrate our skills and capabilities.

Guaranteed Quality: We promise that when we undertake your data recovery, we will work with the utmost professionalism and attention to detail to ensure the best possible results.

We use advanced technology and techniques to maximize the likelihood of a successful recovery.

Transparent communication: Our team is always available to answer your questions and provide you with up-to-date information about the data recovery process.

We appreciate your participation and feedback.

Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

如何主动保护您的数据免遭勒索软件的攻击？

您可以采取几个主动步骤来保护您的数据免遭勒索软件的攻击：

定期更新软件：确保所有操作系统、应用程序和安全软件都已安装最新补丁和更新。过时软件中的漏洞经常被勒索软件攻击者利用。

使用防病毒和反恶意软件：在所有设备上安装信誉良好的防病毒和反恶意软件程序并保持更新。这些工具可以检测和预防勒索软件感染。

实施安全最佳实践：实施强密码策略，尽可能启用多因素身份验证，并将用户权限限制为必要的权限。此外，考虑实施网络分段以限制勒索软件在网络中的传播。

定期备份数据：定期将重要文件和数据备份到外部存储设备或基于云的备份服务。确保您的备份处于离线状态并与网络断开连接，以防止它们被勒索软件加密。

实施电子邮件和网络过滤：使用电子邮件和网络过滤解决方案来阻止可能包含勒索软件或其他恶意软件的恶意附件、链接和网站。

监控网络流量：监控网络流量，查看是否存在可能表明勒索软件感染的异常活动。入侵检测和预防系统可以帮助检测并阻止勒索软件，防止其造成损害。