Ko Ryuk tētahi o ngā momo pūmanawa ransomware rongonui rawa atu o ngā tau kua taha ake nei. Mai i tōna putanga tuatahi i te raumati o te tau 2018, kua kohia e ia , inā koa i roto i te taiao pakihi, koinei te tino kaupapa o ana whakaeke.
1. nga korero whanui
Kei roto i tēnei tuhinga he tātaritanga o tētahi momo pūmanawa kino Ryuk, me te taputapu uta e utaina ana te pūmanawa kino ki roto i te pūnaha.
I puta tuatahi mai te pūmanawa kino Ryuk i te raumati o te tau 2018. Ko tētahi o ngā rerekētanga i waenga i a Ryuk me ētahi atu pūmanawa kino ko tana whāinga he whakaeke i ngā taiao umanga.
I waenganui o te tau 2019, i whakaekea e ngā rōpū taihara ipurangi te tini o ngā kamupene Pāniora mā te whakamahi i tēnei pūmanawa utu-kore.
Pikitia 1: He wāhanga mai i El Confidencial e pā ana ki te whakaekenga a Ryuk ransomware [1]
Pikitia 2: He wāhanga poto mai i El País mō te whakaekenga i mahia mā te whakamahi i te Ryuk ransomware [2]
I tēnei tau, he maha ngā kamupene kua whakaekea e Ryuk i ngā whenua maha. E kitea ana i ngā tatauranga i raro nei, ko Tiamana, Haina, Algeria, me Īnia ngā mea i tino pāngia.
Ki te whakataurite i te maha o ngā whakaekenga ipurangi, ka kite tātou i pāngia e Ryuk te miriona o ngā kaiwhakamahi, ā, i tukinotia hoki te nui o ngā raraunga, ā, i hua ake he kino nui ki te taha ōhanga.
Pikitia 3: Whakaahua o ngā mahi ā-ao a Ryuk.
Pikitia 4: 16 ngā whenua i tino pāngia e Ryuk
Pikitia 5: Te maha o ngā kaiwhakamahi i whakaekea e Ryuk ransomware (i roto i ngā miriona)
E ai ki te tikanga mō ēnei tūmomo tūmomo riri, i muri i te otinga o te whakamunatanga, ka whakaatuhia e te ransomware he panui utu ki te patunga, me utu ki Bitcoin ki tētahi wāhitau kua tohua hei whakahoki mai i te urunga ki ngā kōnae kua whakamunatia.
Kua rerekē tēnei pūmanawa kino mai i tōna putanga tuatahi.
I kitea te momo tūmomo riri i tātarihia i roto i tēnei pepa i te wā o tētahi ngana whakaeke i te marama o Hānuere 2020.
Nā te uaua o tēnei pūmanawa kino, e kiia ana ko ngā rōpū hara ipurangi kua whakaritea, e mōhiotia ana ko ngā rōpū APT.
He rite tonu ētahi o ngā waehere a Ryuk ki te waehere me te hanganga o tētahi atu kaupapa ransomware rongonui, arā, a Hermes, he maha ngā mahi e mahia ana e ia. Koinei te take i honoa tuatahitia ai a Ryuk ki te rōpū o Kōrea ki te Raki, a Lazarus, i whakapaetia i taua wā ko ia te kaiwhakaara i te ransomware a Hermes.
I muri mai ka kī te ratonga Falcon X a CrowdStrike nā te rōpū WIZARD SPIDER i hanga a Ryuk [4].
He maha ngā taunakitanga hei tautoko i tēnei whakaaro. Tuatahi, i pānuitia tēnei pūmanawa kino i runga i te paetukutuku exploit.in, he mākete pūmanawa kino rongonui o Rūhia i mua i honoa ki ētahi rōpū APT o Rūhia.
Mā tēnei meka ka whakakorehia te ariā e kī ana i whakawhanakehia pea a Ryuk e te rōpū APT, a Lazarus, nā te mea kāore e ōrite ki te momo whakahaere a te rōpū.
I tua atu, i pānuitia a Ryuk hei pūmanawa utu kore e mahi i runga i ngā pūnaha Rūhia, Ukrainian, Belarusian rānei. Nā te mahi i kitea i roto i ētahi putanga o Ryuk tēnei whanonga e tirotiro ana i te reo o te pūnaha e whakahaere ana i te pūmanawa utu kore, ā, ka mutu mēnā kei te whakahaere te pūnaha i te reo Rūhia, Ukrainian, Belarusian rānei. Hei whakamutunga, i whakaatuhia e te tātaritanga a te tohunga i tētahi mīhini i taumanutia e te rōpū WIZARD SPIDER ētahi "taonga tuku iho" i whakamahia pea i roto i te whanaketanga o Ryuk hei momo o te pūmanawa utu kore Hermes.
I tētahi atu taha, i kī ngā tohunga a Gabriela Nicolao rāua ko Luciano Martins, tērā pea nā te rōpū APT CryptoTech i whakawhanake te pūmanawa kino [5].
Nā te mea i ētahi marama i mua i te putanga mai o Ryuk, i whakaputa te rōpū nei i runga i te huinga kōrero o taua pae tukutuku kua whakawhanakehia e rātou he putanga hou o te ransomware Hermes.
He maha ngā kaiwhakamahi o te wānanga i pātai mēnā nā CryptoTech i hanga a Ryuk. I muri mai ka tiaki te rōpū i a rātou anō, ā, i kī he taunakitanga kei a rātou e whakaatu ana i whakawhanakehia e rātou te 100% o te ransomware.
2. Ngā Āhuatanga
Ka tīmata tātou me te pūwhakauta uta, ko tāna mahi he tautuhi i te pūnaha kei roto kia taea ai te whakahaere i te putanga "tika" o te Ryuk ransomware.
Ko te rarangi o te bootloader penei:
MD5 A73130B0E379A989CBA3D695A157A495
SHA256 EF231EE1A2481B7E627921468E79BB4369CCFAEB19A575748DD2B664ABC4F469
Ko tētahi o ngā āhuatanga motuhake o tēnei pūmanawa tango ko te kore o ngā raraunga matua kei roto, arā, kāore ngā kaihanga o tēnei pūmanawa kino i whakauru i tētahi mōhiohio ki roto.
I ētahi wā ka whakaurua e rātou he raraunga hē hei tinihanga i te kaiwhakamahi kia whakaaro kei te whakarewahia e rātou he taupānga tika. Heoi, ka kite tātou i muri mai, ki te kore te mate e hiahia ki te taunekeneke a te kaiwhakamahi (pērā i te take o tēnei pūmanawa kino), kāore ngā kaiwhakaeke e whakaaro he mea tika kia whakamahia he raraunga.
Pikitia 6: Tauira raraunga
I hangaia te tauira ki te hōputu 32-moka kia taea ai te whakahaere i runga i ngā pūnaha 32-moka me te 64-moka.
3. Te wetere uruhanga
I uru mai te tauira e tango ana, e whakahaere ana hoki i a Ryuk ki roto i tā mātou pūnaha mā te hononga mamao, ā, i riro mai ngā tohu mā te whakaeke RDP tuatahi.
Pikitia 7: Rēhita whakaeke
I taea e te kaiwhakaeke te takiuru mamao ki te pūnaha. I muri iho, i hangaia e rātou he kōnae whakahaere kei roto ko tā mātou tauira.
I āraia tēnei kōnae whakahaere e tētahi otinga ārai huaketo i mua i te whakahaeretanga.
Pikitia 8: Te aukati tauira
Pikitia 9: Te aukati tauira
I te raka o te kōnae kino, ka ngana te kaiwhakaeke ki te tango i tētahi putanga whakamuna o te kōnae whakahaere, i rakahia hoki.
Pikitia 10: He huinga tauira i ngana te kaiwhakaeke ki te whakahaere
Hei whakamutunga, ka ngana ia ki te tango i tētahi atu kōnae kino mā te papatohu whakamuna.
I whakamahia a PowerShell hei karo i te parenga ārai huaketo. Engari i āraia hoki.
Pikitia 11: Kua āraia te PowerShell me ngā ihirangi kino
Pikitia 12: Kua āraia te PowerShell me ngā ihirangi kino
4. Kaiuta
Ina oma, ka tuhia he kōnae ReadMe ki te kōpaki % temp%, he mea noa tēnei mō Ryuk. He tuhinga utu tēnei kōnae kei roto he wāhitau īmēra i te rohe protonmail, he mea tino noa i roto i tēnei whānau pūmanawa kino: msiferabem1981@protonmail.com
Pikitia 13: Te tono utu
I a koe e whakahaere ana i te pūmanawa tango, ka kite pea koe ka whakarewahia e ia ētahi kōnae whakahaere me ngā ingoa matapōkere. Kei roto i tētahi kōpaki huna ēnei. Panui, engari ki te kore te kōwhiringa e hohe ana i roto i te pūnaha whakahaere Whakaatuhia ngā kōnae me ngā kōpaki huna, ka noho huna tonu. Heoi anō, he 64-moka te rahi o ēnei kōnae, he rerekē ki te kōnae matua, he 32-moka.
Pikitia 14: Ngā kōnae whakahaere i whakarewahia e te tauira
E kitea ana i te ahua o runga ake nei, ka whakahaerehia e Ryuk te icacls.exe hei whakarerekē i ngā ACL katoa (ngā rārangi mana uru), kia whakarite ai i ngā huringa uru me te haki.
Ka whiwhi urunga katoa i raro i ngā kaiwhakamahi katoa ki ngā kōnae katoa i runga i te pūrere (/T), ahakoa ngā hapa (/C) me te kore e whakaatu i ngā karere (/Q).
Pikitia 15: Ngā tawhā whakatinanatanga o te icacls.exe i whakarewahia e te tauira
He mea nui kia mōhio koe ka tirohia e Ryuk te putanga o Windows e whakahaerehia ana. Hei mahi i tēnei, me
ka whakahaerehia he tirotiro putanga mā te whakamahi i TikinaPutangaExW, e tirotiro ana i te uara o te haki Ngā Mōhiohio Putanga lp, e whakaatu ana mēnā kei muri ake te putanga o nāianei o Windows i Windows XP.
I runga anō i te mea kei te whakamahi koe i tētahi putanga hou atu i te Windows XP, ka tuhi te bootloader ki te kōpaki kaiwhakamahi ā-rohe - i tēnei wā, ko te kōpaki %Iwi%.
Pikitia 17: Te tirotiro i te putanga o te pūnaha whakahaere
Ko Ryuk te kōnae e tuhia ana. Kātahi ka whakahaerehia, ka tukuna tōna ake wāhitau hei tawhā.
Pikitia 18: Te whakahaere i a Ryuk mā ShellExecute
Ko te mahi tuatahi a Ryuk ko te whiwhi i ngā tawhā tāuru. I tēnei wā, e rua ngā tawhā tāuru (ko te kōnae whakahaere tonu me te wāhitau maturuturu), e whakamahia ana hei tango i ōna ake tohu.
Pikitia 19: Te waihanga i tētahi tukanga
Ka taea hoki e koe te kite ina whakahaerehia ana kōnae whakahaere, ka mukua e ia anō, ā, kāore e toe he tohu o tōna aroaro i roto i te kōpaki i whakahaerehia ai.
Pikitia 20: Te muku i tētahi kōnae
5. RYUK
5.1 Te aroaro
Pērā i ētahi atu pūmanawa kino, ka ngana a Ryuk ki te noho ki roto i te pūnaha mō te roa rawa atu. E ai ki te whakaaturanga i runga ake nei, ko tētahi huarahi hei whakatutuki i tēnei ko te waihanga me te whakahaere puku i ngā kōnae whakahaere. Ko te tikanga tino noa mō tēnei ko te whakarerekē i te kī rēhita. PutangaOnāianeiRere.
I tēnei wā, ka kite koe ko te kōnae tuatahi hei whakahaere mō tēnei kaupapa ko VWjRF.exe
(ka hangaia matapōkeretia te ingoa kōnae) ka whakarewahia cmd.exe.
Pikitia 21: Te whakahaere i te kōnae VWjRF.exe
Kātahi ka tāuruhia te whakahau RUN me te ingoa "ngā svchos". Nō reira, ki te tirohia e koe ō kī rēhita i tētahi wā, ka ngaro pea tēnei huringa i a koe, i te mea he rite te ingoa o tēnei ki te svchost. Ka whakamahia e Ryuk tēnei kī hei whakarite kia noho tonu i roto i te pūnaha. Mena kāore anō kia pangia te pūnaha, ka ngana anō te kōnae whakahaere ina tīmata anō koe.
Pikitia 22: Mā te tauira e whakarite kia noho i roto i te kī rēhita
Ka taea hoki e tātou te kite ka mutu ngā ratonga e rua i tēnei whakahaere:
"kaihanga pito ororongo", e ai ki tōna ingoa, e rite ana ki te oro pūnaha,
Pikitia 23: Ka mutu te ratonga oro o te pūnaha i te tauira
и Samss, arā, te ratonga whakahaere pūkete. Ko te whakamutu i ēnei ratonga e rua he āhuatanga o Ryuk. I tēnei wā, ki te hono te pūnaha ki tētahi pūnaha SIEM, ka ngana te ransomware ki te whakamutu i te tuku Kāore he whakatūpato e tukuna ana. Mā tēnei ka tiakina āna mahi e whai ake nei, nā te mea kāore e taea e ētahi ratonga SAM te tīmata tika i muri i te whakahaerenga o Ryuk.
Pikitia 24: Ka mutu te ratonga Samss i te tauira
5.2 Ngā Mana Motuhake
I te nuinga o te wā, ka tīmata a Ryuk mā te neke taha i roto i te whatunga, mā te whakarewatanga rānei e tētahi atu pūmanawa kino pēnei i a ranei , e whakawhiti ana i ēnei mana kua whakanuia ki te pūmanawa utu kino mēnā ka piki ake te mana.
Hei tīmatanga mō te tukanga whakatinanatanga, ka kite tātou i a ia e mahi ana i te tukanga Whakaahua i a Koe Anō, ko te tikanga ka tukuna ngā ihirangi haumarutanga o te tohu urunga ki te awa, ka tikina tonutia e Tikina te Miro o Nāianei.
Pikitia 25: Te Waea ki te Whakaahua i a Koe Anō
Kātahi ka kite tātou ka honoa he tohu urunga ki te rere. Ka kite hoki tātou ko tētahi o ngā haki he Te Urunga e Hiahiatia ana, ka taea te whakamahi hei whakahaere i te urunga ka tukuna ki te miro. I tēnei wā, ko te uara ka riro i a edx me TOKEN_ALL_ACESS i tētahi atu huarahi rānei - TOKEN_WRITE.
Raihi. 26: Te Waihanga i tētahi Tohu Rere
Kātahi ia ka whakamahi Mana Whakamana SeDebug ā, ka waea atu ki te tiki whakaaetanga Patuiro i runga i te miro, ko te mutunga iho, mā te tohu i TUKANGA_WHAKAURU_KĀTOU, ka taea e ia te uru atu ki tētahi tukanga e hiahiatia ana. Nā, i te mea kua whakaritea kētia te awa mō te pūmanawa kino, ko te mea anake e toe ana ko te haere tonu ki te wāhanga whakamutunga.
Pikitia 27: Te mahi karanga me te whakanui mana o SeDebugPrivilege
I tētahi taha, kei a tātou te LookupPrivilegeValueW, e whakarato ana i ngā mōhiohio e tika ana mō ngā mana e hiahia ana tātou ki te whakanui ake.
Pikitia 28: Te tono mōhiohio mō ngā mana mō te whakapikinga
I tētahi atu taha, kei a mātou Ngā Mana Whakahaere TohuWhakatikatika, e āhei ai tātou ki te whiwhi i ngā mana e tika ana mō tā tātou awa. I tēnei wā, ko te mea nui ko Kāwanatanga Hou, mā tōna haki e tuku ngā mana motuhake.
Pikitia 29: Te whakarite i ngā whakaaetanga tohu
5.3 Te Whakatinanatanga
I tēnei wāhanga, ka whakaaturia e mātou te whakahaere a te tauira i te tukanga whakatinanatanga i whakahuatia ake nei i roto i tēnei pūrongo.
Ko te whāinga matua o te tukanga whakatinanatanga, me te whakapiki ake, ko te whai wāhi atu ki ngā tārua atarangiHei mahi i tēnei, me whakahaere i roto i tētahi miro he mana teitei ake i te kaiwhakamahi ā-rohe. Kia whiwhi ia i ēnei mana teitei ake, ka mukua ngā tārua ka whakarerekē i ētahi atu tukanga kia kore ai e taea te hoki ki tētahi pūwāhi whakaora o mua i roto i te pūnaha whakahaere.
E ai ki te tikanga o tēnei momo pūmanawa kino, ka whakamahia e ia he kawenga hei whakahaere i te werohanga. WaihangaUtautaĀwhina32Whakaahua, nō reira ka tangohia he whakaahua o ngā tukanga e whakahaerehia ana i tēnei wā, ā, ka ngana ki te uru atu ki aua tukanga mā te whakamahi TuwheraTuhingaKia uru atu ki te tukanga, ka whakatuwherahia hoki he tohu me ōna mōhiohio hei tiki i ngā tawhā tukanga.
Pikitia 30: Te tiki tukanga mai i te rorohiko
Ka taea e tātou te kite me pēhea tana tiki hihiri i tētahi rārangi o ngā tukanga e rere ana i roto i te kaupapa iti 140002D9C mā te whakamahi i te CreateToolhelp32Snapshot. Kia tikina mai, ka mahi anō i roto i te rārangi, me te ngana ki te whakatuwhera i ia tukanga takitahi mā te whakamahi i te OpenProcess kia angitu rā anō. I tēnei wā, ko te tukanga tuatahi i taea e ia te whakatuwhera ko taskhost.exe.
Pikitia 31: Te whakahaere hihiri o tētahi tukanga hei whiwhi i tētahi tukanga
Ka kite tātou ka pānuihia e ia ngā mōhiohio tohu tukanga i muri mai, nō reira ka karangahia TohuTukangaTuwhera me te tawhā "20008"
Pikitia 32: Ngā mōhiohio tohu mō te tukanga pānui
Ka tirohia hoki kāore te tukanga ka whakatinanahia ki roto i te csrss.exe, explorer.exe, lsaas.exe he huinga mana rānei āna Mana whakahaere o NT.
Pikitia 33: Ngā tukanga kua whakakorehia
Ka taea e tātou te kite hihiri me pēhea tana mahi tuatahi i tētahi tirotiro mā te whakamahi i ngā mōhiohio tohu tukanga i roto i 140002D9C kia kitea ai mēnā ko te pūkete e whakamahia ana ōna mana ki te whakahaere i te tukanga koia te pūkete MANA WHAKAWHĀNUI.
Raihi. 34: Tirotiro MANA NT
Ā muri ake nei, i waho o te tikanga, ka tirohia e ia kāore csrss.exe, explorer.exe ranei lsaas.exe.
Raihi. 35: Tirotiro MANA NT
Kia oti te tango pikitia o ngā tukanga, kia whakatuwheratia ngā tukanga, kia manatokohia kāore tētahi o aua tukanga i tangohia, kua rite ki te tuhi i ngā tukanga hei werohanga ki te mahara.
Hei mahi i tēnei, ka rāhuitia tuatahitia he wāhi i roto i te mahara (VirtualAllocEx), ka tuhi ki roto (MaharaTukangaTuhituhi) ā, ka waihanga i tētahi awa (WaihangaMiro MamaoHei mahi me ēnei mahi, ka whakamahia e ia ngā PID o ngā tukanga kua tīpakohia, i whiwhihia i mua mā te whakamahi i WaihangaUtautaāwhina32Whakaahua.
Pikitia 36: Waehere whakauru
I konei ka taea e tātou te tirotiro hihiri me pēhea te whakamahi i te tukanga PID hei karanga i te mahi VirtualAllocEx.
Pikitia 37: Te karanga i a VirtualAllocEx
5.4 Whakamunatanga
I tēnei wāhanga, ka tirohia te wāhanga whakamunatanga o tēnei tauira. I te pikitia e whai ake nei, ka kite koe i ngā mahi iti e rua e huaina ana ko "Utaina_Whakakōwaea_Ringoa"Ā"Mahi_Whakawaehere", ko rātou te kawenga mō te mahi i te tukanga whakamunatanga.
Pikitia 38: Ngā tukanga whakamunatanga
I te tīmatanga ka kite tātou me pēhea te uta i tētahi aho ka whakamahia hei wetewete i ngā mea katoa e hiahiatia ana: ngā kawemai, ngā DLL, ngā whakahau, ngā kōnae me ngā CSP.
Pikitia 39: Mekameka whakakore i te pōuri
E whakaatu ana te ahua e whai ake nei i te kawemai tuatahi ka wetewetehia i roto i te rēhita R4, Whare Pukapuka UtainaKa whakamahia tēnei ā muri ake nei hei uta i ngā DLL e tika ana. Ka kite anō tātou i tētahi atu aho i roto i te rēhita R12, e whakamahia ana me te aho o mua hei mahi i te whakakore i te pōhēhētanga.
Pikitia 40: Te whakakorenga hihiri
Ka haere tonu te uta i ngā whakahau ka whakahaerehia e ia ā muri ake nei hei whakakore i ngā tārua, ngā pūwāhi whakaora, me ngā aratau whakaara haumaru.
Pikitia 41: Te uta i ngā whakahau
Kātahi ka utaina e ia tētahi wāhi ka whakataka e ia ngā kōnae e 3: Windows.bat, run.sct и tīmata.pēka.
Pikitia 42: Ngā wāhi kōnae
Ka whakamahia ēnei kōnae e toru hei tirotiro i ngā mana o ia wāhi. Mēnā kāore e wātea ana ngā mana e hiahiatia ana, ka whakamutua e Ryuk te whakahaere.
Ka haere tonu te uta i ngā rārangi e pā ana ki ngā kōnae e toru. Ko te tuatahi, NGĀ MŌHIO_WHAKAMĀRAMA.html, kei roto ngā mōhiohio e hiahiatia ana hei whakaora i ngā kōnae. Ko te tuarua, Panui, kei roto ko te kī tūmatanui RSA.
Pikitia 43: Raina wetewete mōhiohio.html
Tuatoru, UNIQUE_ID_KAUA_TANGOHI, kei roto te kī whakamuna ka whakamahia i te mahinga e whai ake nei hei mahi i te whakamunatanga.
Pikitia 44: Tau Ā-Ahurea Kaua e Tangohia te rārangi
Hei whakamutunga, ka utaina ngā whare pukapuka e hiahiatia ana me ngā kawemai me te CSP e hiahiatia ana (RSA Whakarei a Microsoft и Kaiwhakarato Whakamunatanga AES).
Pikitia 45: Te uta i ngā whare pukapuka
Kia oti te whakakore i te pōhēhētanga, ka haere tonu ki te mahi i ngā mahi e hiahiatia ana mō te whakamunatanga: te whakarārangi i ngā puku arorau katoa, te whakahaere i ngā mea i utaina ki te mahi iti o mua, te whakapakari i tōna aroaro i roto i te pūnaha, te whakataka i te kōnae RyukReadMe.html, te whakamunatanga, te whakarārangi i ngā puku whatunga katoa, te huri ki ngā pūrere kua kitea, me te whakamuna i a rātou.
Ka tīmata katoa mā te utaina "cmd.exe" me ngā tuhinga o te kī RSA tūmatanui.
Pikitia 46: Te whakarite mō te whakamunatanga
Kātahi ka whiwhi i ngā puku arorau katoa mā te whakamahi TikinaNgāPukuArorau ā, ka mono i ngā tārua katoa, ngā pūwāhi whakaora, me ngā aratau whakaara haumaru.
Pikitia 47: Te whakakore i ngā taputapu whakaora
Whai muri i tēnei, ka whakakaha ake i tōna aroaro i roto i te pūnaha, e ai ki tā tātou i kite ai i runga ake nei, ā, ka tuhia te kōnae tuatahi RyukReadMe.html в Tita.
Pikitia 48: Te whakaputa i tētahi pānui utu
I roto i te ahua e whai ake nei ka kite koe me pēhea te waihanga i tētahi kōnae, te uta i ngā ihirangi me te tuhi:
Pikitia 49: Te uta me te tuhi i ngā ihirangi o te kōnae
Hei mahi i ngā mahi ōrite i runga i ngā pūrere katoa, ka whakamahia
"icacls.exe", e ai ki tā mātou i whakaatu i runga ake nei.
Pikitia 50: Te whakamahi i te icalcls.exe
Hei whakamutunga, ka tīmata te whakamuna i ngā kōnae, me te kore e whakauru i te *.exe, *.dll, ngā kōnae pūnaha, me ētahi atu wāhi kua tohua i roto i te rārangi mā kua whakamunatia. Hei mahi i tēnei, ka whakamahia ngā kawemai: HoropakiCryptAcquireW (mēnā e tohuhia ana te whakamahinga o te AES me te RSA), KīWhakauruKī, KīWhakauruKī, KīWhakangaromangaCrypt me ētahi atu. Kei te ngana hoki ki te whakawhānui i tana mahi ki ngā taputapu whatunga kua kitea mā te whakamahi i te WNetEnumResourceW, kātahi ka whakamuna i aua taputapu.
Pikitia 51: Te whakamuna i ngā kōnae pūnaha
6. Ngā kawemai me ngā haki e pā ana
Kei raro nei tētahi ripanga e whakarārangi ana i ngā kawemai me ngā haki tino whaitake i whakamahia e te tauira:
7. IOC
tohutoro
- ngā kaiwhakamahiPublicrun.sct
- Tahua TīmataNgā PapatonoWhakaohoTīmata.batTaupāngaRaraungaRoamingMicrosoftWindowsTīmata
- TahuaNgā PapatonoWhakaohoTīmatanga.pēka
Nā ngā tohunga o te taiwhanga ārai huaketo PandaLabs i kohikohi he pūrongo hangarau mō te pūmanawa kino a Ryuk.
8. Hononga
1. “Everis y Prisa Radio sufren un grave ciberataque que secuestra sus sistemas.”https://www. elconfidencial.com/tecnologia/2019-11-04/everis-la-ser-ciberataque-ransomware-15_2312019/, Whakaputanga i te 04/11/2019.
2. "Ko te huaketo o te takenga mai o te take he mea nui ki te ao españolas." https: //elpais.com/tecnologia/2019/11/04/actualidad/1572897654_ 251312.html, Whakaputanga i te 04/11/2019.
3. “Pepa VB2019: Te rapu utu a Shinigami: te hiku roa o te pūmanawa kino a Ryuk.” https://securelist.com/story-of-the-year-2019-cities-under-ransomware-siege/95456/, I whakaputaina i te 11/12/2019
4. “Te Hopu Kēmu Nui me Ryuk: Tētahi Atu Pūmanawa Utu Whai Hua.”https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/, I whakaputaina i te 01/10/2019.
5. “Pepa VB2019: Te rapu utu a Shinigami: te hiku roa o te pūmanawa kino a Ryuk.” https://www.virusbulletin.com/virusbulletin/2019/10/vb2019-paper-shinigamis-revenge-long-tail-r
Source: will.com
