如何判断服务器中了勒索病毒呢?勒索病毒区别于其他病毒的明显特
征:加密受害者主机的文档和数据,然后对受害者实施勒索,从中非法谋
取私利。勒索病毒的收益极高,所以大家才称之为“勒索病毒”。
勒索病毒的主要目的既然是为了勒索,那么黑客在植入病毒完成加密
后,必然会提示受害者您的文件已经被加密了无法再打开,需要支付赎金
才能恢复文件。所以,勒索病毒有明显区别于一般病毒的典型特征。如果
服务器出现了以下特征,即表明已经中了勒索病毒。
一、业务系统无法访问
2018年以来,勒索病毒的攻击不再局限于加密核心业务文件;转而
对企业的服务器和业务系统进行攻击,感染企业的关键系统,破坏企业的
日常运营;甚至还延伸至生产线——生产线不可避免地存在一些遗留系统
和各种硬件难以升级打补丁等原因,一旦遭到勒索攻击的直接后果就是生
产线停产。
比如:2018年2月,某三甲医院遭遇勒索病毒,全院所有的医疗系
统均无法正常使用,正常就医秩序受到严重影响;同年8月,台积电在台
湾北、中、南三处重要生产基地,均因勒索病毒入侵导致生产停摆。
但是,当业务系统出现无法访问、生产线停产等现象时,并不能
100%确定是服务器感染了勒索病毒,也有可能是遭到DDoS攻击或是中
了其他病毒等原因所致,所以,还需要结合以下特征来判断。
第一章 如何判断病情
目 录
第一章 如何判断病情 01
·····································
·················································
····················································
····················································
························································
························································
一、业务系统无法访问
二、电脑桌面被篡改
三、文件后缀被篡改
一、正确处置方法
二、错误处置方法
·······················································
·······················································
·······················································
·····························································
一、历史备份还原
二、解密工具恢复
三、专业人员代付
四、重装系统
360天擎敲诈先赔服务
360安服团队
第二章 如何进行自救
·····································
05
第三章 如何恢复系统
·····································
10
16
17
第四章 如何加强防护 13
·····································
·····································
···············································
360安全监测与响应中心 18
···································
·················································
·················································
一、终端用户安全建议
二、政企用户安全建议
01
02
03
05
08
10
10
11
12
13
14
- 01 -