Dangane da yanayin cutar sankara na coronavirus, ana jin cewa kwatankwacin bullar cutar ta dijital ta barke a layi daya da ita. . Adadin girma a cikin adadin rukunin yanar gizo na phishing, spam, albarkatun yaudara, malware da makamantan ayyukan mugunta suna haifar da damuwa mai tsanani. An nuna girman rashin bin doka da oda ta hanyar labarai cewa "masu kwace sun yi alkawarin ba za su kai hari kan cibiyoyin kiwon lafiya ba" . Ee, hakan yayi daidai: wadanda ke kare rayukan mutane da lafiyar mutane yayin bala'in suma suna fuskantar hare-haren malware, kamar yadda ya faru a Jamhuriyar Czech, inda CoViper ransomware ya rushe ayyukan asibitoci da yawa. .
Akwai sha'awar fahimtar abin da ransomware ke amfani da jigon coronavirus shine kuma me yasa suke bayyana da sauri. An sami samfuran malware akan hanyar sadarwar - CoViper da CoronaVirus, waɗanda suka kai hari kan kwamfutoci da yawa, ciki har da asibitocin gwamnati da cibiyoyin kiwon lafiya.
Duk waɗannan fayilolin da za a iya aiwatarwa suna cikin tsari mai ɗaukar nauyi, wanda ke nuna cewa ana nufin Windows ne. Hakanan ana tattara su don x86. Abin lura ne cewa sun yi kama da juna sosai, CoViper kawai aka rubuta a Delphi, kamar yadda aka tabbatar ta ranar tattarawar Yuni 19, 1992 da sunayen sashe, da CoronaVirus a cikin C. Dukansu wakilan encryptors ne.
Ransomware ko ransomware su ne shirye-shirye waɗanda, sau ɗaya a kan kwamfutar wanda aka azabtar, suna ɓoye fayilolin mai amfani, suna rushe tsarin taya na yau da kullun na tsarin aiki, kuma suna sanar da mai amfani cewa yana buƙatar biyan maharan don cirewa.
Bayan ƙaddamar da shirin, yana bincika fayilolin masu amfani a kwamfutar kuma yana ɓoye su. Suna yin bincike ta amfani da daidaitattun ayyukan API, misalan amfani waɗanda za a iya samun su cikin sauƙi akan MSDN .
Hoto 1 Bincika fayilolin mai amfani
Bayan wani lokaci, sai su sake kunna kwamfutar kuma suna nuna irin wannan sako game da yadda kwamfutar ke toshe.
Hoto.2 Saƙon toshewa
Don tarwatsa tsarin taya na tsarin aiki, ransomware yana amfani da dabara mai sauƙi na gyara rikodin taya (MBR) amfani da Windows API.
Hoto 3 Gyaran rikodin taya
Wannan hanyar fitar da kwamfuta ana amfani da ita ta hanyar wasu kayan fansho da yawa: SmartRansom, Maze, ONI Ransomware, Bioskits, MBRlock Ransomware, HDDCryptor Ransomware, RedBoot, UselessDisk. Aiwatar da sake rubuta MBR yana samuwa ga jama'a tare da bayyanar lambobin tushe don shirye-shirye kamar MBR Locker akan layi. Tabbatar da wannan akan GitHub za ku iya samun adadi mai yawa na wuraren ajiya tare da lambar tushe ko shirye-shiryen da aka yi don Kayayyakin Kayayyakin Kayayyakin Kayayyakin.
Haɗa wannan lambar daga GitHub , sakamakon shine shirin da ke kashe kwamfutar mai amfani a cikin 'yan dakiku. Kuma yana ɗaukar kamar minti biyar ko goma kafin a haɗa shi.
Ya bayyana cewa don haɗa malware mara kyau ba kwa buƙatar samun ƙwarewa ko albarkatu; kowa, ko'ina yana iya yin sa. Ana samun lambar kyauta akan Intanet kuma ana iya bugawa cikin sauƙi a cikin shirye-shirye iri ɗaya. Wannan ya sa na yi tunani. Wannan babbar matsala ce da ke buƙatar shiga tsakani da ɗaukar wasu matakai.
source: www.habr.com