中了Sodinokibi病毒怎么办？后缀变了-readme.txt/Welcome. Again 如

Welcome. Again
Sodinokibi病毒出现，这种病毒类似于GANDCRAB V5.2，文件被感染后，会出现随机后缀，并带有一封xxx-readme.txt的信件！
根据国外安全研究团队的披露，传播Sodinokibi勒索软件的方式，往往是通过Oracle WebLogic Server中的反序列化漏洞（CVE-2019-2725），而经过我们现场取证，发现此次是通过爆破3389端口来进行传播的。

**---=== Welcome. Again. ===---

[+] Whats Happen? [+]

Your files are encrypted, and currently unavailable. You can check it: all files on you computer has expansion 771ch2o9g5.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).

[+] What guarantees? [+]

Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.

[+] How to get access on website? [+]

You have two ways:

1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: https://torproject.org/

勒索病毒如何预防 ：
1、及时给电脑打补丁，修复漏洞。
2、对重要的数据文件定期进行非本地备份。
3、不要点击来源不明的邮件附件，不从不明网站下载软件。
4、尽量关闭不必要的文件共享权限。
5、更改账户密码，设置强密码，避免使用统一的密码，因为统一的密码会导致一台被攻破，多台遭殃。
6、GandCrab勒索软件会利用RDP(远程桌面协议），如果业务上无需使用RDP的，建议关闭RDP
7、找可靠的恢复数据公司解密**

转载于:https://blog.51cto.com/14010823/2402974