{"id":3596,"date":"2025-02-21T16:26:54","date_gmt":"2025-02-21T08:26:54","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=3596"},"modified":"2025-02-21T16:37:33","modified_gmt":"2025-02-21T08:37:33","slug":"ransomhub-%e5%86%8d%e9%80%b2%e5%8c%96%ef%bc%9a%e5%85%a8%e9%9d%a2%e6%94%bb%e6%93%8a-windows%e3%80%81esxi%e3%80%81linux-%e8%88%87-freebsd%e4%bd%9c%e6%a5%ad%e7%b3%bb%e7%b5%b1","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=3596","title":{"rendered":"RansomHub \u518d\u9032\u5316\uff1a\u5168\u9762\u653b\u64ca Windows\u3001ESXi\u3001Linux \u8207 FreeBSD\u4f5c\u696d\u7cfb\u7d71"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

RansomHub \u52d2\u7d22\u8edf\u9ad4\u96c6\u5718\u8fc5\u901f\u5d1b\u8d77\uff0c\u6210\u70ba 2024\u20132025 \u5e74\u5ea6\u6700\u7316\u7357\u7684\u7db2\u8def\u72af\u7f6a\u7d44\u7e54\u4e4b\u4e00\u3002\u8a72\u7d44\u7e54\u900f\u904e\u64f4\u5c55\u653b\u64ca\u7bc4\u570d\uff0c\u9396\u5b9a Windows\u3001VMware ESXi\u3001Linux \u53ca FreeBSD \u4f5c\u696d\u7cfb\u7d71\uff0c\u767c\u52d5\u5168\u7403\u6027\u653b\u64ca\u3002<\/p>\n\n\n\n

\u9ad8\u5ea6\u9032\u5316\u7684\u653b\u64ca\u624b\u6cd5<\/strong><\/p>\n\n\n\n

RansomHub \u52d2\u7d22\u8edf\u9ad4\u96c6\u5718\u904b\u7528\u5148\u9032\u7684\u898f\u907f\u6280\u8853\u3001\u8de8\u5e73\u53f0\u52a0\u5bc6\u6a5f\u5236\uff0c\u4e26\u91dd\u5c0d\u4f01\u696d\u57fa\u790e\u67b6\u69cb\u6f0f\u6d1e\u9032\u884c\u653b\u64ca\u3002\u6839\u64da Group-IB \u7684\u8abf\u67e5<\/a>\uff0c\u8a72\u96c6\u5718\u5df2\u6210\u529f\u5165\u4fb5\u8d85\u904e 600 \u5bb6\u7d44\u7e54\uff0c\u6db5\u84cb\u91ab\u7642\u3001\u91d1\u878d\u53ca\u95dc\u9375\u57fa\u790e\u8a2d\u65bd\u7b49\u7522\u696d\u3002<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

2\u670816\u65e5\uff0c\u7ae3\u76df\u79d1\u6280<\/a>\u767c\u73feRansomHub\u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u8072\u7a31\u5c0d\u4f4d\u65bc\u53f0\u5317\u5e02\u7684\u4e0a\u5e02\u8a18\u61b6\u9ad4\u5927\u5ee0\u767c\u52d5\u4e86\u7db2\u8def\u653b\u64ca\u3002\u8a72\u7d44\u7e54\u8072\u7a31\u5df2\u7aca\u53d6 74GB \u7684\u6a5f\u5bc6\u6578\u64da\uff0c\u4e26\u5a01\u8105\u5982\u679c\u672a\u80fd\u6eff\u8db3\u5176\u8981\u6c42\uff0c\u5c07\u65bc 2025 \u5e74 2 \u6708 28 \u65e5\u516c\u958b\u9019\u4e9b\u6578\u64da\u3002RansomHub \u4ee5\u96d9\u91cd\u52d2\u7d22\u6a21\u5f0f\u8457\u7a31\uff0c\u9664\u4e86\u52a0\u5bc6\u53d7\u5bb3\u8005\u6578\u64da\uff0c\u9084\u5a01\u8105\u516c\u958b\u6d29\u9732\uff0c\u4ee5\u65bd\u58d3\u4f01\u696d\u652f\u4ed8\u8d16\u91d1\u3002\u8a72\u7d44\u7e54\u81ea 2024 \u5e74 2 \u6708\u6d3b\u8e8d\u4ee5\u4f86\uff0c\u8fc5\u901f\u5d1b\u8d77\uff0c\u4e26\u8207 ALPHV \u548c LockBit \u7b49\u77e5\u540d\u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u7684<\/a>\u524d\u9644\u5c6c\u6210\u54e1\u5408\u4f5c\uff0c\u91dd\u5c0d\u91ab\u7642\u3001\u653f\u5e9c\u6a5f\u69cb\u53ca\u88fd\u9020\u696d\u7b49\u5927\u578b\u4f01\u696d\u767c\u52d5\u653b\u64ca\uff0c\u6210\u70ba\u7576\u524d\u7db2\u8def\u72af\u7f6a\u9818\u57df\u7684\u6d3b\u8e8d\u5a01\u8105\u3002<\/p>\n\n\n\n

\u591a\u4f5c\u696d\u7cfb\u7d71\u52a0\u5bc6\u80fd\u529b<\/strong><\/p>\n\n\n\n

RansomHub \u91dd\u5c0d\u4e0d\u540c\u74b0\u5883\u958b\u767c\u5c08\u5c6c\u52d2\u7d22\u8edf\u9ad4\u8b8a\u7a2e\uff0c\u4e26\u4f9d\u5e73\u53f0\u8abf\u6574\u6307\u4ee4\u53c3\u6578\u8207\u52a0\u5bc6\u6a5f\u5236\u3002<\/p>\n\n\n\n

powershell RansomHub.exe -pass <SHA256> -fast -disable-net -skip-vm “VM1”<\/p>\n\n\n\n

\u5728\u57f7\u884c\u671f\u9593\uff0c\u52d2\u7d22\u8edf\u9ad4\u6703\u89e3\u5bc6 JSON \u8a2d\u5b9a\u6a94\uff0c\u5176\u4e2d\u5305\u542b\u767d\u540d\u55ae\u76ee\u9304\u3001\u9032\u7a0b\u8207\u670d\u52d9\u7d42\u6b62\u5217\u8868\uff0c\u4ee5\u53ca\u6a6b\u5411\u79fb\u52d5\u6240\u9700\u7684\u6191\u8b49\u3002<\/p>\n\n\n\n