Potengera kuyambika kwa mliri wa coronavirus, pali kumverera kuti mliri waukulu kwambiri wa digito wabuka mofananira nawo.
Mafayilo onsewa ali mu Portable Executable format, zomwe zikusonyeza kuti ali ndi Windows. Amapangidwiranso x86. Ndizochititsa chidwi kuti iwo ali ofanana kwambiri kwa wina ndi mzake, CoViper yekha amalembedwa ku Delphi, monga umboni ndi tsiku lophatikiza la June 19, 1992 ndi mayina a zigawo, ndi CoronaVirus mu C. Onsewa ndi oimira encryptors.
Ransomware kapena ransomware ndi mapulogalamu omwe, kamodzi pa kompyuta ya wozunzidwa, amabisa mafayilo ogwiritsira ntchito, amasokoneza machitidwe a boot oyendetsa, ndikudziwitsa wogwiritsa ntchito kuti akuyenera kulipira omwe akuukirawo kuti asinthe.
Pambuyo poyambitsa pulogalamuyo, imasaka mafayilo ogwiritsira ntchito pakompyuta ndikuwasunga. Amafufuza pogwiritsa ntchito ntchito za API, zitsanzo zogwiritsira ntchito zomwe zimapezeka mosavuta pa MSDN
Fig.1 Sakani mafayilo a ogwiritsa ntchito
Patapita kanthawi, amayambiranso kompyuta ndikuwonetsa uthenga wofanana ndi woti kompyutayo yatsekedwa.
Fig.2 Kuletsa uthenga
Kusokoneza dongosolo la boot la opareshoni, ransomware imagwiritsa ntchito njira yosavuta yosinthira mbiri ya boot (MBR)
Fig.3 Kusintha kwa mbiri ya boot
Njira iyi yotulutsira kompyuta imagwiritsidwa ntchito ndi zina zambiri zowombola: SmartRansom, Maze, ONI Ransomware, Bioskits, MBRlock Ransomware, HDDCryptor Ransomware, RedBoot, UselessDisk. Kukhazikitsidwa kwa kulembanso kwa MBR kumapezeka kwa anthu wamba ndi mawonekedwe a magwero a mapulogalamu monga MBR Locker pa intaneti. Kutsimikizira izi pa GitHub
Kulemba code iyi kuchokera ku GitHub
Zikuwonekeratu kuti kuti mupange pulogalamu yaumbanda yoyipa simuyenera kukhala ndi luso kapena zida zazikulu; aliyense, kulikonse angachite. Khodiyi imapezeka kwaulere pa intaneti ndipo imatha kupangidwanso mosavuta pamapulogalamu ofanana. Izi zimandipangitsa kuganiza. Ili ndi vuto lalikulu lomwe limafuna kulowererapo komanso kuchitapo kanthu.
Source: www.habr.com