Tawm tsam keeb kwm yav dhau los ntawm tus mob coronavirus pandemic, muaj kev xav tias muaj kev sib kis loj loj hauv digital tau tawg ua ke nrog nws. . Tus nqi ntawm kev loj hlob ntawm tus naj npawb ntawm phishing qhov chaw, spam, kev dag ntxias, malware thiab kev ua phem zoo sib xws ua rau muaj kev txhawj xeeb loj. Qhov ntsuas ntawm qhov tsis raug cai tsis tu ncua yog qhia los ntawm cov xov xwm uas "extortionists cog lus tias yuav tsis tawm tsam cov tsev kho mob" . Yog lawm, qhov ntawd yog txoj cai: cov neeg uas tiv thaiv tib neeg lub neej thiab kev noj qab haus huv thaum lub sijhawm muaj tus kabmob kis thoob qhov txhia chaw kuj raug cuam tshuam los ntawm malware, ib yam li hauv Czech koom pheej, qhov twg CoViper ransomware cuam tshuam kev ua haujlwm ntawm ntau lub tsev kho mob. .
Muaj lub siab xav nkag siab tias ransomware siv lub ntsiab lus coronavirus yog dab tsi thiab vim li cas lawv thiaj li tshwm sim sai. Cov qauv Malware tau pom nyob rau hauv lub network - CoViper thiab CoronaVirus, uas tawm tsam ntau lub khoos phis tawj, suav nrog hauv tsev kho mob pej xeem thiab chaw kho mob.
Ob leeg ntawm cov ntaub ntawv executable no yog nyob rau hauv Portable Executable hom ntawv, uas qhia tias lawv yog tsom rau Windows. Lawv kuj muab tso ua ke rau x86. Nws yog ib qho tseem ceeb uas lawv zoo ib yam li ib leeg, tsuas yog CoViper sau rau hauv Delphi, raws li muaj pov thawj los ntawm hnub muab tso ua ke ntawm Lub Rau Hli 19, 1992 thiab cov npe ntu, thiab CoronaVirus hauv C. Ob leeg yog cov neeg sawv cev ntawm encryptors.
Ransomware los yog ransomware yog cov kev pab cuam uas, ib zaug ntawm tus neeg raug tsim txom lub computer, encrypt cov neeg siv cov ntaub ntawv, cuam tshuam cov txheej txheem khau raj ntawm lub operating system, thiab qhia rau tus neeg siv tias nws yuav tsum them nyiaj rau cov neeg tawm tsam kom decrypt nws.
Tom qab launching qhov kev pab cuam, nws tshawb rau cov neeg siv cov ntaub ntawv nyob rau hauv lub computer thiab encrypts lawv. Lawv ua kev tshawb fawb siv tus qauv API ua haujlwm, piv txwv ntawm kev siv uas tuaj yeem pom tau yooj yim ntawm MSDN .
Fig.1 Nrhiav rau cov neeg siv cov ntaub ntawv
Tom qab ib pliag, lawv rov pib lub computer thiab tso cov lus zoo sib xws txog lub computer raug thaiv.
Fig.2 Thaiv cov lus
Txhawm rau cuam tshuam cov txheej txheem khau raj ntawm lub operating system, ransomware siv cov txheej txheem yooj yim ntawm kev hloov kho cov ntaub ntawv khau raj (MBR) siv Windows API.
Fig.3 Hloov kho cov ntaub ntawv khau raj
Txoj kev no ntawm exfiltrating lub computer yog siv los ntawm ntau lwm yam ransomware: SmartRansom, Maze, ONI Ransomware, Bioskits, MBRlock Ransomware, HDDCryptor Ransomware, RedBoot, UselessDisk. Qhov kev siv ntawm MBR rov sau dua yog muaj rau cov pej xeem sawv daws nrog cov tsos ntawm cov lis dej num rau cov kev pab cuam xws li MBR Locker online. Kev lees paub qhov no ntawm GitHub Koj tuaj yeem pom ntau qhov chaw khaws cia nrog cov lej lossis cov phiaj xwm npaj ua tiav rau Visual Studio.
Sau cov lej no los ntawm GitHub , qhov tshwm sim yog ib qho kev pab cuam uas cuam tshuam tus neeg siv lub computer hauv ob peb feeb. Thiab nws yuav siv li tsib lossis kaum feeb los sib sau ua ke.
Nws hloov tawm hais tias txhawm rau sib sau cov malware tsis zoo koj tsis tas yuav muaj kev txawj ntse lossis cov peev txheej; leej twg, nyob qhov twg tuaj yeem ua tau. Cov cai muaj pub dawb nyob hauv Is Taws Nem thiab tuaj yeem tsim tau yooj yim hauv cov kev pab cuam zoo sib xws. Qhov no ua rau kuv xav. Qhov no yog ib qho teeb meem loj uas yuav tsum tau muaj kev cuam tshuam thiab siv qee yam kev ntsuas.
Tau qhov twg los: www.hab.com