![\"\"](\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/04\/Ransomeware-380x380.jpg\")
<\/figure><\/div>\n\n\n\n\u4e00\u6ce2\u65b0\u7684\u91dd\u5c0d\u6027\u653b\u64ca\u5229\u7528\u65b0\u52d2\u7d22\u75c5\u6bd2\u611f\u67d3\u4e86\u6578\u5bb6\u53f0\u7063\u4f01\u696d\uff0c\u6211\u5011\u5c07\u9019\u96bb\u52d2\u7d22\u75c5\u6bd2\u7a31\u70ba ColdLock\u3002\u9019\u6ce2\u653b\u64ca\u5e36\u6709\u7834\u58de\u6027\uff0c\u56e0\u70ba\u52d2\u7d22\u75c5\u6bd2\u4f3c\u4e4e\u6703\u91dd\u5c0d\u8cc7\u6599\u5eab\u548c\u90f5\u4ef6\u4f3a\u670d\u5668\u9032\u884c\u52a0\u5bc6\u3002<\/p>\n\n\n\n
\u6211\u5011\u6240\u6536\u96c6\u7684\u8cc7\u6599\u986f\u793a\u9019\u6ce2\u653b\u64ca\u57285\u6708\u521d\u958b\u59cb\u653b\u64ca\u4f01\u696d\u3002\u5206\u6790\u60e1\u610f\u8edf\u9ad4\u986f\u793aColdLock\u8207\u4e4b\u524d\u7684\u52d2\u7d22\u75c5\u6bd2\u5bb6\u65cfLockergoga\uff0cFreezing\u4ee5\u53caEDA2\u201c\u6559\u5b78\u7528\u201d\u52d2\u7d22\u75c5\u6bd2\u5957\u4ef6\u9593\u6709\u76f8\u4f3c\u4e4b\u8655\u3002\u6c92\u6709\u8de1\u8c61\u986f\u793a\u9019\u6ce2\u52d2\u7d22\u75c5\u6bd2\u653b\u64ca\u4e86\u76ee\u6a19\u4e4b\u5916\u7684\u7d44\u7e54\u3002\u6211\u5011\u4e0d\u8a8d\u70ba\u9019\u652f\u75c5\u6bd2\u5bb6\u65cf\u73fe\u5728\u6709\u88ab\u5ee3\u6cdb\u7684\u4f7f\u7528\u3002<\/p>\n\n\n\n
\u8da8\u52e2\u79d1\u6280\u4f7f\u7528\u8005\u5df2\u7d93\u80fd\u5920\u62b5\u79a6\u6b64\u5a01\u8105\uff0c\u6211\u5011\u5c07\u5176\u5075\u6e2c\u70baRansom.MSIL.COLDLOCK.YPAE-A\u548cRansom.PS1.COLDLOCK.YPAE-A\u3002\u5e95\u4e0b\u7684\u6587\u7ae0\u6703\u63cf\u8ff0\u6b64\u5a01\u8105\u7684\u884c\u70ba\uff0c\u4e26\u63cf\u8ff0\u5b83\u8207\u5176\u4ed6\u52d2\u7d22\u75c5\u6bd2\u5a01\u8105\u7684\u95dc\u806f\u3002<\/p>\n\n\n\n\n\n\n\n
\u62b5\u9054\u5a92\u4ecb<\/em><\/strong><\/h3>\n\n\n\n\u6211\u5011\u76ee\u524d\u5c1a\u672a\u5f97\u77e5\u6b64\u5a01\u8105\u4e00\u958b\u59cb\u9032\u5165\u6f5b\u5728\u53d7\u5bb3\u8005\u7db2\u8def\u7684\u62b5\u9054\u5a92\u4ecb\u3002\u4f46\u6211\u5011\u8a8d\u70ba\u653b\u64ca\u8005\u7528\u4e86\u67d0\u7a2e\u65b9\u6cd5\u53d6\u5f97\u76ee\u6a19\u7d44\u7e54\u7684Active Directory\u4f3a\u670d\u5668\u6b0a\u9650\u3002\u6b64\u6642\u4ed6\u5011\u53ef\u4ee5\u8a2d\u5b9a\u7fa4\u7d44\u539f\u5247\uff0c\u5c0e\u81f4\u52d2\u7d22\u75c5\u6bd2\u6a94\u6848\u88ab\u4e0b\u8f09\u4e26\u5728\u53d7\u5f71\u97ff\u7db2\u57df\u5167\u7684\u96fb\u8166\u4e0a\u57f7\u884c\u3002<\/p>\n\n\n\n
\u60e1\u610f\u6a94\u6848\u4ee5.NET\u57f7\u884c\u6a94\uff08.DLL\u6a94\uff09\u7684\u5f62\u5f0f\u62b5\u9054\uff0c\u4e26\u4f7f\u7528ConfuserEx<\/a>\u52a0\u6bbc\u5668\u9032\u884c\u58d3\u7e2e\/\u4fdd\u8b77\u3002\u5b83\u4f7f\u7528PowerShell\u53cd\u5c04\u8f09\u5165.NET\u57f7\u884c\u6a94\u4f86\u57f7\u884c\u4e0a\u8ff0\u7684.DLL\u6a94\uff1a<\/p>\n\n\n\n![\"\"\/](\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/05\/coldlock-1.png\")
\u57161. \u53cd\u5c04\u8f09\u5165.DLL\u6a94<\/em> <\/figcaption><\/figure>\n\n\n\n<\/p>\n\n\n\n
\u5b83\u9084\u6703\u9032\u884c\u5169\u9805\u6aa2\u67e5\u4f86\u78ba\u8a8d\u81ea\u5df1\u662f\u5426\u6b63\u5728\u57f7\u884c\u3002\u9996\u5148\uff0c\u5b83\u6703\u6aa2\u67e5\u7528\u65bc\u52d2\u8d16\u901a\u77e5\u7684%System\nRoot%\\ProgramData\\readme.tmp<\/em>\u662f\u5426\u5b58\u5728\u3002\u6b64\u6aa2\u67e5\u53ef\u9632\u6b62\u7cfb\u7d71\u88ab\u91cd\u8907\u611f\u67d3\uff1a<\/p>\n\n\n\n![\"\"\/](\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/05\/coldlock-2.png\")
\u57162. \u6aa2\u67e5\u52d2\u8d16\u901a\u77e5<\/em> <\/figcaption><\/figure>\n\n\n\n<\/p>\n\n\n\n
\u6bd4\u8f03\u4e0d\u5c0b\u5e38\u7684\u662f\u5b83\u6703\u6aa2\u67e5\u7cfb\u7d71\u6642\u9418\u3002\u53ea\u6703\u5728\u6307\u5b9a\u65e5\u671f\u7684\u4e0b\u534812:10\u6216\u4e4b\u5f8c\u57f7\u884c\uff1b\u5982\u679c\u6642\u9593\u6c92\u5230\uff0c\u5b83\u6703\u4f11\u772015\u79d2\u9418\uff0c\u76f4\u5230\u904e\u4e86\u4e0a\u8ff0\u6642\u9593\u3002<\/p>\n\n\n\n![\"\"\/](\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/05\/coldlock-3.png\")
\u57163. \u7a0b\u5f0f\u78bc\u5167\u8a2d\u5b9a\u7684\u5b9a\u6642\u70b8\u5f48<\/em> <\/figcaption><\/figure>\n\n\n\n<\/p>\n\n\n\n
<\/div>\n\n\n\n\u52a0\u5bc6\u52d5\u4f5c<\/em><\/strong><\/h3>\n\n\n\n\u5728\u52a0\u5bc6\u4efb\u4f55\u6a94\u6848\u524d\uff0c\u52d2\u7d22\u75c5\u6bd2\u9084\u6703\u57f7\u884c\u4e00\u4e9b\u6e96\u5099\u52d5\u4f5c\u3002\u9996\u5148\uff0c\u5982\u679c\u4e0b\u5217\u670d\u52d9\u6b63\u5728\u57f7\u884c\u4e2d\u5c31\u6703\u52a0\u4ee5\u7d42\u6b62\u4ee5\u9632\u6b62\u51fa\u73fe\u62d2\u7d55\u6a94\u6848\u5b58\u53d6\uff1a<\/p>\n\n\n\n
- mariadb<\/li>
- msexchangeis<\/li>
- mssql<\/li>
- mysql<\/li>
- oracleservice<\/li><\/ul>\n\n\n\n
\u9019\u4e9b\u662f\u5404\u8cc7\u6599\u5eab\u53caExchange\u90f5\u4ef6\u4f3a\u670d\u5668\u6240\u7528\u7684\u670d\u52d9\u540d\u7a31\u3002\u5b83\u9084\u6703\u7d42\u6b62Outlook<\/em>\u7a0b\u5e8f\u3002<\/p>\n\n\n\n![\"\"](\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2020\/05\/Figure4-1024x362.png\")
\u57164. \u7d42\u6b62\u670d\u52d9\u548c\u7a0b\u5e8f<\/em> <\/figcaption><\/figure>\n\n\n\n<\/p>\n\n\n\n
\u5b83\u9084\u6703\u6aa2\u67e5\u7cfb\u7d71\u4e0a\u7684Windows\u7248\u672c\u3002\u5982\u679c\u7684\u662fWindows 10\uff0c\u5b83\u6703\u57f7\u884c\u6578\u500bWindows 10\u7279\u5b9a\u7684\u52d5\u4f5c\u3002\u6703\u505c\u7528Windows Defender\uff0c\u4e14\u7121\u6cd5\u5411Microsoft\u50b3\u9001\u53cd\u994b\/\u60e1\u610f\u8edf\u9ad4\u6a23\u672c\u3002\u63a8\u9001\u901a\u77e5\u4e5f\u88ab\u505c\u7528\u3002<\/p>\n\n\n\n![\"\"\/](\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/05\/coldlock-5.png\")
\u57165. \u505c\u7528Windows Defender<\/em> <\/figcaption><\/figure>\n\n\n\n<\/p>\n\n\n\n
\u5b83\u7684\u52a0\u5bc6\u884c\u70ba\u6709\u4e9b\u7279\u5225\u3002\u8cc7\u6599\u593e\u5167\u7684\u6a94\u6848\u662f\u5426\u88ab\u52a0\u5bc6\u53d6\u6c7a\u4ee5\u4e0b\u7684\u4e09\u500b\u689d\u4ef6\uff1a<\/p>\n\n\n\n
- \u76ee\u6a19\u8cc7\u6599\u593e\u5167\u7684\u6a94\u6848\u6578\u91cf\u5c11\u65bc100<\/li>
- \u8cc7\u6599\u593e\u7684\u4e0a\u6b21\u5beb\u5165\u6642\u9593\u665a\u65bc2018\u5e741\u67081\u65e5\u3002<\/li>
- \u8cc7\u6599\u593e\u540d\u7a31\u4e0d\u5305\u542b\u4ee5\u4e0b\u5b57\u4e32\uff1a
- .git<\/li><\/ul>
- appdata<\/li><\/ul>
- cache<\/li><\/ul>
- image<\/li><\/ul>
- lib<\/li><\/ul>
- log<\/li><\/ul>
- logs<\/li><\/ul>
- microsoft<\/li><\/ul>
- reference<\/li><\/ul>
- res<\/li><\/ul>
- resource<\/li><\/ul>
- script<\/li><\/ul>
- setup<\/li><\/ul>
- skin<\/li><\/ul>
- temp<\/li><\/ul>
- theme<\/li><\/ul>
- third_party<\/li><\/ul>
- thirdparty<\/li><\/ul><\/li><\/ul>\n\n\n\n
\u5982\u679c\u6eff\u8db3\u4ee5\u4e0a\u6240\u6709\u689d\u4ef6\uff0c\u5b83\u6703\u52a0\u5bc6\u6307\u5b9a\u8cc7\u6599\u593e\u5167\u7684\u6240\u6709\u6a94\u6848\uff0c\u4f46\u4f7f\u7528\u4ee5\u4e0b\u526f\u6a94\u540d\u7684\u6a94\u6848\u9664\u5916\uff1a<\/p>\n\n\n\n
- .avi<\/li>
- .dll<\/li>
- .gif<\/li>
- .iso<\/li>
- .m2ts<\/li>
- .mkv<\/li>
- .mov<\/li>
- .mp3<\/li>
- .msi<\/li>
- .ocx<\/li>
- .tmp<\/li>
- .wmv<\/li><\/ul>\n\n\n\n
\u800c\u5982\u679c\u6c92\u6709\u6eff\u8db3\u5168\u90e8\u689d\u4ef6\u6642\uff0c\u5b83\u53ea\u6703\u52a0\u5bc6\u4f7f\u7528\u4ee5\u4e0b\u526f\u6a94\u540d\u7684\u6a94\u6848\uff1a<\/p>\n\n\n\n
- .7z<\/li>
- .aspx<\/li>
- .bak<\/li>
- .cpp<\/li>
- .csv<\/li>
- .doc<\/li>
- .docx<\/li>
- .gz<\/li>
- .hwp<\/li>
- .java<\/li>
- .jpg<\/li>
- .jsp<\/li>
- .lnk<\/li>
- .odt<\/li>
- .one<\/li>
- .php<\/li>
- .ppt<\/li>
- .pptx<\/li>
- .pst<\/li>
- .rar<\/li>
- .sh<\/li>
- .sql<\/li>
- .txt<\/li>
- .xls<\/li>
- .xlsx<\/li>
- .xml<\/li>
- .zip<\/li><\/ul>\n\n\n\n
![\"\"\/](\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/05\/coldlock-6.png\")
\u57166. \u767d\u540d\u55ae\/\u9ed1\u540d\u55ae\u7a0b\u5f0f\u78bc<\/em> <\/figcaption><\/figure>\n\n\n\n<\/p>\n\n\n\n
\u52a0\u5bc6\u7a0b\u5e8f\u4f7f\u7528AES\u7684CBC\u6a21\u5f0f\u3002\u5b83\u6703\u7528\u9e7d\u503c\uff08salt\uff09\u548c\u5bc6\u9470\uff08secret key\uff09\u7522\u751f\u6240\u9700\u7684\u91d1\u9470\u548c\u521d\u59cb\u5411\u91cf\uff08IV\uff09\uff1b\u9e7d\u503c\u5167\u5d4c\u5728\u7a0b\u5f0f\u78bc\u88e1\uff0c\u800c\u5bc6\u9470\u662f\u52d5\u614b\u7528SHA-256\u96dc\u6e4a\u96a8\u6a5f\u7522\u751f\u768432\u4f4d\u5143\u9577\u5ea6\u5b57\u4e32\u3002\u7136\u5f8c\u7528\u5beb\u6b7b\u7684RSA\u516c\u9470\u5c0d\u6b64\u9032\u884c\u52a0\u5bc6\uff0c\u7136\u5f8c\u5d4c\u5165\u5230\u52d2\u8d16\u901a\u77e5\u88e1\u3002\u52a0\u5bc6\u904e\u7684\u6a94\u6848\u6703\u52a0\u4e0a.locked\u526f\u6a94\u540d\u3002<\/p>\n\n\n\n![\"\"\/](\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/05\/coldlock-7.png\")
\u57167. AES\u52a0\u5bc6\u7a0b\u5f0f\u78bc<\/em> <\/figcaption><\/figure>\n\n\n\n<\/p>\n\n\n\n![\"\"\/](\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/05\/coldlock-8.png\")
\u57168. \u7522\u751f\u5bc6\u9470<\/em> <\/figcaption><\/figure>\n\n\n\n<\/p>\n\n\n\n
\u52d2\u8d16\u901a\u77e5\u6703\u88ab\u5b58\u653e\u5728\u7cfb\u7d71\u7684\u4e0b\u5217\u4f4d\u7f6e\uff1a<\/p>\n\n\n\n
- %Desktop%\\How To Unlock\nFiles.Txt<\/li>
- %System\nRoot%\\ProgramData\\readme.tmp<\/li>
- %User Startup%\\How To Unlock\nFiles.Txt<\/li>
- {Encrypted Drive}:\\How To\nUnlock Files.Txt<\/li><\/ul>\n\n\n\n
\u5176\u5167\u5bb9\u8207\u5176\u4ed6\u52d2\u7d22\u75c5\u6bd2\u985e\u4f3c\uff1a<\/p>\n\n\n\n![\"\"\/](\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/05\/coldlock-9.png\")
\u57169. \u52d2\u8d16\u901a\u77e5<\/em> <\/figcaption><\/figure>\n\n\n\n<\/p>\n\n\n\n
\u63a5\u8457\u52d2\u7d22\u75c5\u6bd2\u6703\u66ff\u6240\u6709\u4f7f\u7528\u8005\u66f4\u63db\u7cfb\u7d71\u684c\u5e03\uff1b\u5305\u542b\u4e86\u4e00\u500b\u8b80\u53d6\u6587\u5b57\u6a94\uff08\u52d2\u8d16\u901a\u77e5\uff09\u7684\u6307\u4ee4\u3002\u5b83\u900f\u904e\u8b8a\u66f4\u5e7e\u500b\u767b\u9304\u6a94\u8a2d\u5b9a\u505a\u5230\u9019\u4e00\u9ede\u3002<\/p>\n\n\n\n![\"\"\/](\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/05\/coldlock-10.png\")
\u571610. \u88ab\u66f4\u63db\u7684\u7cfb\u7d71\u684c\u5e03<\/em> <\/figcaption><\/figure>\n\n\n\n<\/p>\n\n\n\n
<\/div>\n\n\n\n\u8207\u5176\u4ed6\u52d2\u7d22\u75c5\u6bd2\u5bb6\u65cf\u7684\u95dc\u806f<\/em><\/strong><\/h3>\n\n\n\n\u9019\u6ce2\u5a01\u8105\u4e4d\u770b\u4f3c\u4e4e\u8ddfLockergoga\u6709\u95dc\uff0c\u56e0\u70ba\u90fd\u7528\u4e00\u6a23\u7684\u526f\u6a94\u540d\uff08.locked\uff09\u4f86\u52a0\u5bc6\u6a94\u6848\u3002\u4e0d\u904e\u4e5f\u6709\u5176\u4ed6\u7684\u52d2\u7d22\u75c5\u6bd2\u4f7f\u7528\u76f8\u540c\u526f\u6a94\u540d\uff0c\u6240\u4ee5\u9019\u500b\u95dc\u806f\u6027\u5f88\u8584\u5f31\u3002\u800c\u8ddfFreeze\u52d2\u7d22\u75c5\u6bd2\u5c31\u5b58\u5728\u8457\u66f4\u52a0\u5408\u7406\u7684\u95dc\u806f\u3002\u90fd\u4f7f\u7528\u985e\u4f3c\u7684\u65b9\u6cd5\u5728\u7db2\u8def\u5167\u6563\u64ad\uff08\u5165\u4fb5AD\u4f3a\u670d\u5668\uff09\u3001\u4f7f\u7528\u53cd\u5c04\u6ce8\u5165\u6280\u8853\u548c\u5167\u90e8\u6a21\u7d44\u67b6\u69cb\u3002<\/p>\n\n\n\n
\u5b83\u7684\u7a0b\u5f0f\u78bc\u9084\u8ddf\u958b\u653e\u539f\u59cb\u78bc\u7684EDA2\u52d2\u7d22\u75c5\u6bd2\u5957\u4ef6\u6709\u76f8\u4f3c\u4e4b\u8655\u3002\u5728\u597d\u5e7e\u5e74\u524d<\/a>\u5c31\u6709\u5be6\u969b\u5728\u5916\u8086\u8650\u7684\u52d2\u7d22\u75c5\u6bd2\u662f\u57fa\u65bc\u9019\u64da\u7a31\u50c5\u7528\u65bc\u201d\u6559\u5b78\u201d\u76ee\u7684\u7684EDA2\u3002<\/p>\n\n\n\n<\/div>\n\n\n\n\u8da8\u52e2\u79d1\u6280\u89e3\u6c7a\u65b9\u6848<\/em><\/strong><\/h3>\n\n\n\n\u52d2\u7d22\u75c5\u6bd2\u4ecd\u662f\u500b\u63ee\u4e4b\u4e0d\u53bb\u7684\u5a01\u8105\uff0c\u7576\u6211\u5011\u770b\u5230\u6240\u5075\u6e2c\u52d2\u7d22\u75c5\u6bd2\u6578\u91cf\u5f9e2018\u5e74\u76845,500\u842c\u4e0a\u5347\u52302019\u5e74\u76846,100\u842c\u5f8c\u5728\u6700\u65b0\u7684\u5e74\u5ea6\u8cc7\u5b89\u7d9c\u5408\u5831\u544a<\/a>\u88e1\u63d0\u5230\u4e86\u9019\u4e00\u9ede\u3002\u9019\u4e00\u6b21\u7684\u5a01\u8105\u53c8\u66f4\u52a0\u5371\u96aa\uff0c\u56e0\u70ba\u6703\u5165\u4fb5\u4f01\u696d\u7cfb\u7d71\u7684\u5a01\u8105\u66f4\u52a0\u5bb9\u6613\u5728\u4f01\u696d\u7db2\u8def\u5167\u90e8\u6563\u64ad\u3002<\/p>\n\n\n\n\u5e95\u4e0b\u662f\u4e00\u4e9b\u4f7f\u7528\u8005\u53ef\u4ee5\u63a1\u7528\u4fdd\u8b77\u7cfb\u7d71\u62b5\u79a6\u52d2\u7d22\u75c5\u6bd2\u5371\u5bb3\u7684\u6700\u4f73\u505a\u6cd5<\/a>\uff1a<\/p>\n\n\n\n- \u9075\u5faa3-2-1 \u539f\u5247<\/a>\u4f86\u5b9a\u671f\u5099\u4efd\u6a94\u6848\u3002\u6b64\u539f\u5247\u8981\u6c42\u4ee5\u5169\u7a2e\u4e0d\u540c\u683c\u5f0f\u5efa\u7acb\u4e09\u500b\u5099\u4efd\uff0c\u4e26\u5728\u7570\u5730\u5132\u5b58\u4e00\u500b\u5099\u4efd\u3002<\/li>
- \u5b9a\u671f\u4fee\u88dc\u548c\u66f4\u65b0\u61c9\u7528\u7a0b\u5f0f\u3001\u8edf\u9ad4\u548c\u4f5c\u696d\u7cfb\u7d71\u4f86\u6d88\u9664\u53ef\u80fd\u88ab\u5229\u7528\u7684\u6f0f\u6d1e\u3002\u5c0d\u65bc\u96f6\u6642\u5dee\u6f0f\u6d1e<\/a>\uff0c\u8acb\u5584\u7528\u865b\u64ec\u4fee\u88dc\u6280\u8853<\/a>\u3002<\/li>
- \u555f\u7528\u6c99\u7bb1\u5206\u6790\u3002\u56e0\u70ba\u662f\u5728\u9694\u96e2\u7684\u74b0\u5883\u5167\u57f7\u884c\u60e1\u610f\u6a94\u6848\uff0c\u6240\u4ee5\u53ef\u4ee5\u5b89\u5168\u7684\u9032\u884c\u76e3\u63a7\u3002<\/li><\/ul>\n\n\n\n
\u70ba\u4e86\u66f4\u6709\u6548\u3001\u66f4\u4e3b\u52d5\u5730\u9632\u79a6\u52d2\u7d22\u75c5\u6bd2\uff0c\u5efa\u8b70\u63a1\u7528\u4ee5\u4e0b\u8da8\u52e2\u79d1\u6280\u89e3\u6c7a\u65b9\u6848\uff1a<\/p>\n\n\n\n
\u70ba\u4e86\u66f4\u6709\u6548\u3001\u66f4\u4e3b\u52d5\u5730\u9632\u79a6\u52d2\u7d22\u75c5\u6bd2\uff0c\u5efa\u8b70\u63a1\u7528\u4ee5\u4e0b\u8da8\u52e2\u79d1\u6280\u89e3\u6c7a\u65b9\u6848\uff1a<\/p>\n\n\n\n
- \u8da8\u52e2\u79d1\u6280XDR for Users<\/a> \u2013 \u61c9\u7528AI\u548c\u5206\u6790\u529f\u80fd\u4f86\u9023\u7d50\u7aef\u9ede\u53ca\u5176\u4ed6\u7cfb\u7d71\u5c64\u9762\u63d0\u4f9b\u6709\u6548\u7684\u65e9\u671f\u5075\u6e2c<\/li>
- \u8da8\u52e2\u79d1\u6280Apex One™<\/a> \u2013 \u63d0\u4f9b\u53ef\u63a1\u53d6\u884c\u52d5\u7684\u5206\u6790\u3001\u66f4\u8c50\u5bcc\u7684\u8abf\u67e5\u529f\u80fd\u4ee5\u53ca\u5c0d\u6574\u500b\u7db2\u8def\u96c6\u4e2d\u638c\u63e1\u80fd\u529b\u3002<\/li>
- \u8da8\u52e2\u79d1\u6280 Deep Discovery Email Inspector <\/a> \u2013 \u900f\u904e\u5ba2\u88fd\u5316\u6c99\u7bb1\u53ca\u5176\u4ed6\u5075\u6e2c\u6280\u8853\u4f86\u5075\u6e2c\u3001\u5c01\u9396\u548c\u5206\u6790\u60e1\u610f\u90f5\u4ef6\u9644\u4ef6\u6a94<\/li><\/ul>\n\n\n\n
<\/p>\n\n\n\n
<\/div>\n\n\n\n\u5165\u4fb5\u6307\u6a19<\/em><\/strong><\/h3>\n\n\n\n
<\/p>\n\n\n\n
\u5b83\u9084\u6703\u9032\u884c\u5169\u9805\u6aa2\u67e5\u4f86\u78ba\u8a8d\u81ea\u5df1\u662f\u5426\u6b63\u5728\u57f7\u884c\u3002\u9996\u5148\uff0c\u5b83\u6703\u6aa2\u67e5\u7528\u65bc\u52d2\u8d16\u901a\u77e5\u7684%System\nRoot%\\ProgramData\\readme.tmp<\/em>\u662f\u5426\u5b58\u5728\u3002\u6b64\u6aa2\u67e5\u53ef\u9632\u6b62\u7cfb\u7d71\u88ab\u91cd\u8907\u611f\u67d3\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n \u6bd4\u8f03\u4e0d\u5c0b\u5e38\u7684\u662f\u5b83\u6703\u6aa2\u67e5\u7cfb\u7d71\u6642\u9418\u3002\u53ea\u6703\u5728\u6307\u5b9a\u65e5\u671f\u7684\u4e0b\u534812:10\u6216\u4e4b\u5f8c\u57f7\u884c\uff1b\u5982\u679c\u6642\u9593\u6c92\u5230\uff0c\u5b83\u6703\u4f11\u772015\u79d2\u9418\uff0c\u76f4\u5230\u904e\u4e86\u4e0a\u8ff0\u6642\u9593\u3002<\/p>\n\n\n\n <\/p>\n\n\n\n \u5728\u52a0\u5bc6\u4efb\u4f55\u6a94\u6848\u524d\uff0c\u52d2\u7d22\u75c5\u6bd2\u9084\u6703\u57f7\u884c\u4e00\u4e9b\u6e96\u5099\u52d5\u4f5c\u3002\u9996\u5148\uff0c\u5982\u679c\u4e0b\u5217\u670d\u52d9\u6b63\u5728\u57f7\u884c\u4e2d\u5c31\u6703\u52a0\u4ee5\u7d42\u6b62\u4ee5\u9632\u6b62\u51fa\u73fe\u62d2\u7d55\u6a94\u6848\u5b58\u53d6\uff1a<\/p>\n\n\n\n \u9019\u4e9b\u662f\u5404\u8cc7\u6599\u5eab\u53caExchange\u90f5\u4ef6\u4f3a\u670d\u5668\u6240\u7528\u7684\u670d\u52d9\u540d\u7a31\u3002\u5b83\u9084\u6703\u7d42\u6b62Outlook<\/em>\u7a0b\u5e8f\u3002<\/p>\n\n\n\n <\/p>\n\n\n\n \u5b83\u9084\u6703\u6aa2\u67e5\u7cfb\u7d71\u4e0a\u7684Windows\u7248\u672c\u3002\u5982\u679c\u7684\u662fWindows 10\uff0c\u5b83\u6703\u57f7\u884c\u6578\u500bWindows 10\u7279\u5b9a\u7684\u52d5\u4f5c\u3002\u6703\u505c\u7528Windows Defender\uff0c\u4e14\u7121\u6cd5\u5411Microsoft\u50b3\u9001\u53cd\u994b\/\u60e1\u610f\u8edf\u9ad4\u6a23\u672c\u3002\u63a8\u9001\u901a\u77e5\u4e5f\u88ab\u505c\u7528\u3002<\/p>\n\n\n\n <\/p>\n\n\n\n \u5b83\u7684\u52a0\u5bc6\u884c\u70ba\u6709\u4e9b\u7279\u5225\u3002\u8cc7\u6599\u593e\u5167\u7684\u6a94\u6848\u662f\u5426\u88ab\u52a0\u5bc6\u53d6\u6c7a\u4ee5\u4e0b\u7684\u4e09\u500b\u689d\u4ef6\uff1a<\/p>\n\n\n\n \u5982\u679c\u6eff\u8db3\u4ee5\u4e0a\u6240\u6709\u689d\u4ef6\uff0c\u5b83\u6703\u52a0\u5bc6\u6307\u5b9a\u8cc7\u6599\u593e\u5167\u7684\u6240\u6709\u6a94\u6848\uff0c\u4f46\u4f7f\u7528\u4ee5\u4e0b\u526f\u6a94\u540d\u7684\u6a94\u6848\u9664\u5916\uff1a<\/p>\n\n\n\n \u800c\u5982\u679c\u6c92\u6709\u6eff\u8db3\u5168\u90e8\u689d\u4ef6\u6642\uff0c\u5b83\u53ea\u6703\u52a0\u5bc6\u4f7f\u7528\u4ee5\u4e0b\u526f\u6a94\u540d\u7684\u6a94\u6848\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n \u52a0\u5bc6\u7a0b\u5e8f\u4f7f\u7528AES\u7684CBC\u6a21\u5f0f\u3002\u5b83\u6703\u7528\u9e7d\u503c\uff08salt\uff09\u548c\u5bc6\u9470\uff08secret key\uff09\u7522\u751f\u6240\u9700\u7684\u91d1\u9470\u548c\u521d\u59cb\u5411\u91cf\uff08IV\uff09\uff1b\u9e7d\u503c\u5167\u5d4c\u5728\u7a0b\u5f0f\u78bc\u88e1\uff0c\u800c\u5bc6\u9470\u662f\u52d5\u614b\u7528SHA-256\u96dc\u6e4a\u96a8\u6a5f\u7522\u751f\u768432\u4f4d\u5143\u9577\u5ea6\u5b57\u4e32\u3002\u7136\u5f8c\u7528\u5beb\u6b7b\u7684RSA\u516c\u9470\u5c0d\u6b64\u9032\u884c\u52a0\u5bc6\uff0c\u7136\u5f8c\u5d4c\u5165\u5230\u52d2\u8d16\u901a\u77e5\u88e1\u3002\u52a0\u5bc6\u904e\u7684\u6a94\u6848\u6703\u52a0\u4e0a.locked\u526f\u6a94\u540d\u3002<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n \u52d2\u8d16\u901a\u77e5\u6703\u88ab\u5b58\u653e\u5728\u7cfb\u7d71\u7684\u4e0b\u5217\u4f4d\u7f6e\uff1a<\/p>\n\n\n\n \u5176\u5167\u5bb9\u8207\u5176\u4ed6\u52d2\u7d22\u75c5\u6bd2\u985e\u4f3c\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n \u63a5\u8457\u52d2\u7d22\u75c5\u6bd2\u6703\u66ff\u6240\u6709\u4f7f\u7528\u8005\u66f4\u63db\u7cfb\u7d71\u684c\u5e03\uff1b\u5305\u542b\u4e86\u4e00\u500b\u8b80\u53d6\u6587\u5b57\u6a94\uff08\u52d2\u8d16\u901a\u77e5\uff09\u7684\u6307\u4ee4\u3002\u5b83\u900f\u904e\u8b8a\u66f4\u5e7e\u500b\u767b\u9304\u6a94\u8a2d\u5b9a\u505a\u5230\u9019\u4e00\u9ede\u3002<\/p>\n\n\n\n <\/p>\n\n\n\n \u9019\u6ce2\u5a01\u8105\u4e4d\u770b\u4f3c\u4e4e\u8ddfLockergoga\u6709\u95dc\uff0c\u56e0\u70ba\u90fd\u7528\u4e00\u6a23\u7684\u526f\u6a94\u540d\uff08.locked\uff09\u4f86\u52a0\u5bc6\u6a94\u6848\u3002\u4e0d\u904e\u4e5f\u6709\u5176\u4ed6\u7684\u52d2\u7d22\u75c5\u6bd2\u4f7f\u7528\u76f8\u540c\u526f\u6a94\u540d\uff0c\u6240\u4ee5\u9019\u500b\u95dc\u806f\u6027\u5f88\u8584\u5f31\u3002\u800c\u8ddfFreeze\u52d2\u7d22\u75c5\u6bd2\u5c31\u5b58\u5728\u8457\u66f4\u52a0\u5408\u7406\u7684\u95dc\u806f\u3002\u90fd\u4f7f\u7528\u985e\u4f3c\u7684\u65b9\u6cd5\u5728\u7db2\u8def\u5167\u6563\u64ad\uff08\u5165\u4fb5AD\u4f3a\u670d\u5668\uff09\u3001\u4f7f\u7528\u53cd\u5c04\u6ce8\u5165\u6280\u8853\u548c\u5167\u90e8\u6a21\u7d44\u67b6\u69cb\u3002<\/p>\n\n\n\n \u5b83\u7684\u7a0b\u5f0f\u78bc\u9084\u8ddf\u958b\u653e\u539f\u59cb\u78bc\u7684EDA2\u52d2\u7d22\u75c5\u6bd2\u5957\u4ef6\u6709\u76f8\u4f3c\u4e4b\u8655\u3002\u5728\u597d\u5e7e\u5e74\u524d<\/a>\u5c31\u6709\u5be6\u969b\u5728\u5916\u8086\u8650\u7684\u52d2\u7d22\u75c5\u6bd2\u662f\u57fa\u65bc\u9019\u64da\u7a31\u50c5\u7528\u65bc\u201d\u6559\u5b78\u201d\u76ee\u7684\u7684EDA2\u3002<\/p>\n\n\n\n \u52d2\u7d22\u75c5\u6bd2\u4ecd\u662f\u500b\u63ee\u4e4b\u4e0d\u53bb\u7684\u5a01\u8105\uff0c\u7576\u6211\u5011\u770b\u5230\u6240\u5075\u6e2c\u52d2\u7d22\u75c5\u6bd2\u6578\u91cf\u5f9e2018\u5e74\u76845,500\u842c\u4e0a\u5347\u52302019\u5e74\u76846,100\u842c\u5f8c\u5728\u6700\u65b0\u7684\u5e74\u5ea6\u8cc7\u5b89\u7d9c\u5408\u5831\u544a<\/a>\u88e1\u63d0\u5230\u4e86\u9019\u4e00\u9ede\u3002\u9019\u4e00\u6b21\u7684\u5a01\u8105\u53c8\u66f4\u52a0\u5371\u96aa\uff0c\u56e0\u70ba\u6703\u5165\u4fb5\u4f01\u696d\u7cfb\u7d71\u7684\u5a01\u8105\u66f4\u52a0\u5bb9\u6613\u5728\u4f01\u696d\u7db2\u8def\u5167\u90e8\u6563\u64ad\u3002<\/p>\n\n\n\n \u5e95\u4e0b\u662f\u4e00\u4e9b\u4f7f\u7528\u8005\u53ef\u4ee5\u63a1\u7528\u4fdd\u8b77\u7cfb\u7d71\u62b5\u79a6\u52d2\u7d22\u75c5\u6bd2\u5371\u5bb3\u7684\u6700\u4f73\u505a\u6cd5<\/a>\uff1a<\/p>\n\n\n\n \u70ba\u4e86\u66f4\u6709\u6548\u3001\u66f4\u4e3b\u52d5\u5730\u9632\u79a6\u52d2\u7d22\u75c5\u6bd2\uff0c\u5efa\u8b70\u63a1\u7528\u4ee5\u4e0b\u8da8\u52e2\u79d1\u6280\u89e3\u6c7a\u65b9\u6848\uff1a<\/p>\n\n\n\n \u70ba\u4e86\u66f4\u6709\u6548\u3001\u66f4\u4e3b\u52d5\u5730\u9632\u79a6\u52d2\u7d22\u75c5\u6bd2\uff0c\u5efa\u8b70\u63a1\u7528\u4ee5\u4e0b\u8da8\u52e2\u79d1\u6280\u89e3\u6c7a\u65b9\u6848\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n\u52a0\u5bc6\u52d5\u4f5c<\/em><\/strong><\/h3>\n\n\n\n
\u8207\u5176\u4ed6\u52d2\u7d22\u75c5\u6bd2\u5bb6\u65cf\u7684\u95dc\u806f<\/em><\/strong><\/h3>\n\n\n\n
\u8da8\u52e2\u79d1\u6280\u89e3\u6c7a\u65b9\u6848<\/em><\/strong><\/h3>\n\n\n\n
\u5165\u4fb5\u6307\u6a19<\/em><\/strong><\/h3>\n\n\n\n