關於勒索病毒的常見問題與說明(內詳) - 6/2更新

bluesystem wrote:
每次都要講一次, ...(恕刪)

紫皇院 wrote:
這篇我也給個贊
太細心了
剛剛去巴哈看
你也有發在那 棒
--------------------
至於另外一篇 勒索教學文
因為爭議太大 我不敢轉發
本來還希望更多人看到 哀......
--------------------
這篇完全無爭議
觀念也很正確
也希望樓主能繼續推廣

y2hxp wrote:
雖然還沒中過勒索病毒，但很感謝樓主的用心整理

小敏江 wrote:
以下內容為個人這段...(恕刪)

In order to scan files on the fly and provide constant protection for the computer, an antivirus solution has to penetrate relatively deeply into the kernel of the system. It will always penetrate the same levels. Technically speaking, an antivirus program has to install interceptors of system events deep inside the protected system and transmit the results to the antivirus engine in order that intercepted files, network packets and other potentially dangerous objects can be scanned.

I have been using Bitdefender Total Security and Malwarebytes Premium for years without any issues. There is no need to disable the Malwarebytes real-time protection. Both Bitdefender and Malwarebytes play nicely in the same sandbox! :)

In September 2016, we noticed that operators of the updated CRYSIS ransomware family (detected as RANSOM_CRYSIS) were targeting Australia and New Zealand businesses via remote desktop (RDP) brute force attacks.

Knowledge and the ability to use it is the best defensive tool anyone could have. An uninformed user can be their own worst enemy when acting in ignorance.

megakotaro wrote:
整理得很好，已給分 

看完後補充如下：

A2與A5

需要注意，根據尤金卡巴斯基的說明，裝兩款防毒軟體技術上是不可行的


In order to scan files on the fly and provide constant protection for the computer, an antivirus solution has to penetrate relatively deeply into the kernel of the system. It will always penetrate the same levels. Technically speaking, an antivirus program has to install interceptors of system events deep inside the protected system and transmit the results to the antivirus engine in order that intercepted files, network packets and other potentially dangerous objects can be scanned.



意即：為了能順利掃瞄檔案並提供完整保護，防毒軟體幾乎會寫到系統核心內。若某個檔案被認定是有問題的，由於防毒軟體安裝了中斷點，可以傳回防毒引擎上來中斷這些檔案存取、網路封包或其他可疑行為。然而，有時是無法很輕易地安裝兩個中斷點在核心中，因此造成防毒軟體之間的不相容，使得第二組防毒軟體無法中斷系統事件，或當兩者同時中斷卻造成系統崩潰。

雖然無法裝兩個防毒軟體，但使用者是可以安裝一個「防毒軟體」和一個防「惡意軟體」的程式
根據bleeping computer使用者表示，使用bitdefender和malwarebytes，兩者完好地互相搭配使用中


I have been using Bitdefender Total Security and Malwarebytes Premium for years without any issues. There is no need to disable the Malwarebytes real-time protection. Both Bitdefender and Malwarebytes play nicely in the same sandbox! :)



A3 開啟遠端連線功能也會中標，例如CRYSIS破解從遠端連線入侵電腦


In September 2016, we noticed that operators of the updated CRYSIS ransomware family (detected as RANSOM_CRYSIS) were targeting Australia and New Zealand businesses via remote desktop (RDP) brute force attacks.



A4 最重要的是進行「權限控管」，讓「一般使用者」的權限降低，防止勒索軟體寫入系統檔

A4 第4點，根據pcdvd「野口隆史」表示，「擋廣告套件原理只是把你不要的網頁元素隱藏，實際上都已經經過瀏覽器解析了」，所以效用不大，因此「建議用支援http scan的防毒軟體會比較適合」

A4 第6點，防毒軟體可搭配防勒索軟體的工具使用，推薦如下：
Kaspersky Anti-Ransomware Tool for Business
Bitdefender Anti-Ransomware Tool

正在用的軟體，和PTT的簡易腳本工具很像，偵測到加密行為時會跳框並阻止

Cybereason RansomFree

Q8，Dr.Web有推出解密服務，如果是使用Dr.Web產品的情況下被加密，Dr.Web會免費負責解密(如果可以的話)
如果沒有安裝Dr.Web產品，但可以解密的話，需要支付一筆費用
請使用英文與Dr.Web溝通

KevinYu0504 wrote:
寫得非常好 ~ 等...(恕刪)

如果這網站顯示出 無法辨識，則是因為你中的勒索病毒是新的變種，
尚無更多資料，這就沒辦法了 汗

megakotaro wrote:
該網站作者為demonslay335，如果有問題可以在Bleeping Computer發問並寫私訊給他
是說把英文搞好百利而無一害的