찾아줄게요
GWISIN 파일은 무엇입니까?
-
안녕하세요. 제 컴퓨터에서 GWISIN라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.
-
GWISIN 파일은 GWISIN(귀신) ransomware 입니다. GWISIN ransomware에서 배포한 파일인 것으로 보입니다. 2022-08-04 04:57:14에 처음으로 보고되었으며 2022-08-08 02:41:14에 마지막으로 보고되었습니다.
-
GWISIN 프로그램을 다운로드하여 GWISIN 파일을 열 수 있습니다.
-
GWISIN(귀신) ransomware
-
[MD5:1c9458b64ff31fed8f7c1f403d5e797a]
[Filename:!!!_HOW_TO_UNLOCK_{{COMPANY}}_FILES_!!!.TXT]
[Hex:52b9cf658066f0a2b10a787a437e9267514a217fbf45c1c37c965c75303539357f450aeb]
[Hex:52b9cf658066f0a2b10a787a437e9267514a217fbf45c1c37c965c7530]
[Ransomnote]
Hello {{COMPANY_NAME}},
You have been visited by GWISIN.
Your network has been infiltrated, sensitive data was selectively collected (exfiltrated) and encrypted on your premises.
Infrastructure compromised:
- All critical networks and servers ({{COMPANY_NAME}} AD takeover, HQ (KR) + CN + VN networks)
- Storage appliances and hypervisors (Storage arrays [e.g {{COMPANY_NAME}}-PS6110XV]
The data we have collected (downloaded) includes:
- Business Files (R&D and production data): {{COMPANY_NAME}}-HYPERV01 -> {{COMPANY_NAME}}-FILE01 -> iSCSI storage arrays ({{COMPANY_NAME}}+* | {{COMPANY_NAME}}_*shares, e.g: {{COMPANY_NAME}}_RND_AD)
-- Business data collected includes specs, requests, designs, many AutoDesk files and much more
- ERP (Sales, distribution, other): {{COMPANY_NAME}}_erp / pc_dist / pc_fin / pc_mfg / secom and more (+ CN/VN)
- EKP (DBs and configuration data): PlusWorkFlow, ezPersonal, exApproval_000, ezBoardSTD and more. (all EKP DB were collected)
- Emails: Exchange EDBs (we can generate PSTs for each employee offline, so we have all organization emails)
- Source code: Various source code collected from file shares and build VS VMs
The good news for you is that we can decrypt all files with extension ".{{COMPANY_NAME}}",
We can slow delete all sensitive data that ew have collected from our vaults and not sell or leak it.
You can quickly recover business processes and avoid bad publicity which will damage your reputation with customers, long-term revenue and stock value.
To contact us, follow the instructions:
1.) Download Tor Browser: https://torproject.org/download/
2.) Go to our website: http://{{COMPANY_NAME}}:{{COMPANY_NAME_EN}}@{{ONION_VAR_1}}.onion/
3.) Login with username "{{COMPANY_NAME}}", password "{{PASSWORD}}"
4.) Change password (one time setup)
5.) Setup end-to-end encryption chat password
6.) Read the full instructions and contact us using the message system on the website
Contact us within 72 working hours via our chat system on the website provided.
Do NOT contact law enforcement (no KNPA, KISA or others) as they will prevent you from paying and alow down the recovery process.
They can't help you secure your network or prevent the leakage data, but most importantly, they can't help you recover your data. -
연관 링크 #1: https://twitter.com/cyberwar_15/status/1552168079404445696
-
연관 링크 #2: https://asec.ahnlab.com/ko/37233/
-
-
보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터