Dangane da yanayin cutar sankara na coronavirus, ana jin cewa kwatankwacin bullar cutar ta dijital ta barke a layi daya da ita.
Duk waɗannan fayilolin da za a iya aiwatarwa suna cikin tsari mai ɗaukar nauyi, wanda ke nuna cewa ana nufin Windows ne. Hakanan ana tattara su don x86. Abin lura ne cewa sun yi kama da juna sosai, CoViper kawai aka rubuta a Delphi, kamar yadda aka tabbatar ta ranar tattarawar Yuni 19, 1992 da sunayen sashe, da CoronaVirus a cikin C. Dukansu wakilan encryptors ne.
Ransomware ko ransomware su ne shirye-shirye waɗanda, sau ɗaya a kan kwamfutar wanda aka azabtar, suna ɓoye fayilolin mai amfani, suna rushe tsarin taya na yau da kullun na tsarin aiki, kuma suna sanar da mai amfani cewa yana buƙatar biyan maharan don cirewa.
Bayan ƙaddamar da shirin, yana bincika fayilolin masu amfani a kwamfutar kuma yana ɓoye su. Suna yin bincike ta amfani da daidaitattun ayyukan API, misalan amfani waɗanda za a iya samun su cikin sauƙi akan MSDN
Hoto 1 Bincika fayilolin mai amfani
Bayan wani lokaci, sai su sake kunna kwamfutar kuma suna nuna irin wannan sako game da yadda kwamfutar ke toshe.
Hoto.2 Saƙon toshewa
Don tarwatsa tsarin taya na tsarin aiki, ransomware yana amfani da dabara mai sauƙi na gyara rikodin taya (MBR)
Hoto 3 Gyaran rikodin taya
Wannan hanyar fitar da kwamfuta ana amfani da ita ta hanyar wasu kayan fansho da yawa: SmartRansom, Maze, ONI Ransomware, Bioskits, MBRlock Ransomware, HDDCryptor Ransomware, RedBoot, UselessDisk. Aiwatar da sake rubuta MBR yana samuwa ga jama'a tare da bayyanar lambobin tushe don shirye-shirye kamar MBR Locker akan layi. Tabbatar da wannan akan GitHub
Haɗa wannan lambar daga GitHub
Ya bayyana cewa don haɗa malware mara kyau ba kwa buƙatar samun ƙwarewa ko albarkatu; kowa, ko'ina yana iya yin sa. Ana samun lambar kyauta akan Intanet kuma ana iya bugawa cikin sauƙi a cikin shirye-shirye iri ɗaya. Wannan ya sa na yi tunani. Wannan babbar matsala ce da ke buƙatar shiga tsakani da ɗaukar wasu matakai.
source: www.habr.com