Mai ka hoʻomaka ʻana o kēia lā a hiki i kēia manawa, ua hoʻopaʻa ka poʻe loea ʻo JSOC CERT i kahi puʻupuʻu hewa nui o ka Troldesh encrypting virus. ʻOi aku ka laulā o kāna hana ma mua o ka mea hoʻopunipuni: ma kahi o ka module encryption, hiki iā ia ke hoʻokele mamao i kahi hale hana a hoʻoiho i nā modula hou. Ma Malaki o kēia makahiki mākou
Hoʻouna ʻia ka leka uila mai nā ʻōlelo aʻoaʻo a loaʻa i loko o ke kino o ka leka kahi loulou i nā kumuwaiwai pūnaewele ʻae ʻia me nā mea WordPress. Aia ka loulou i kahi waihona i loaʻa kahi palapala ma Javascript. Ma muli o kāna hoʻokō ʻana, hoʻoiho ʻia ka Troldesh encryptor a hoʻokuʻu ʻia.
ʻAʻole ʻike ʻia nā leka uila maikaʻi ʻole e ka hapa nui o nā mea hana palekana no ka mea aia lākou i kahi loulou i kahi punawelewele kūpono, akā ʻo ka ransomware ponoʻī ke ʻike ʻia e ka hapa nui o nā mea hana polokalamu antivirus. E hoʻomaopopo: no ka mea e kamaʻilio ana ka malware me nā kikowaena C&C aia ma ka pūnaewele Tor, hiki ke hoʻoiho i nā modula hoʻouka waho waho i ka mīkini maʻi i hiki ke "hoʻonui" iā ia.
ʻO kekahi o nā hiʻohiʻona maʻamau o kēia nūpepa ʻo:
(1) laʻana o kahi kumuhana nūhou - "No ke kauoha ʻana"
(2) like nā loulou a pau - aia nā huaʻōlelo /wp-content/ a me /doc/, no ka laʻana:
Horsesmouth[.]org/wp-content/themes/InspiredBits/images/dummy/doc/doc/
chestnutplacejp[.]com/wp-content/ai1wm-backups/doc/
(3) komo ka malware i nā kikowaena mana like ʻole ma o Tor
(4) hana ʻia kahi faila Filename: C:ProgramDataWindowscsrss.exe, i hoʻopaʻa inoa ʻia ma ka papa inoa ma ka lālā SOFTWAREMicrosoftWindowsCurrentVersionRun (inoa parameter - Client Server Runtime Subsystem).
Manaʻo mākou e hōʻoia i kāu ʻikepili polokalamu anti-virus i kēia lā, e noʻonoʻo ana e hoʻomaopopo i nā limahana e pili ana i kēia hoʻoweliweli, a inā hiki, e hoʻoikaika i ka mana ma luna o nā leka e hiki mai ana me nā hōʻailona ma luna.
Source: www.habr.com