Potengera kuyambika kwa mliri wa coronavirus, pali kumverera kuti mliri waukulu kwambiri wa digito wabuka mofananira nawo. . Kuchulukirachulukira kwa mawebusayiti achinyengo, sipamu, zinthu zachinyengo, pulogalamu yaumbanda ndi zoyipa zofananira zimabweretsa nkhawa. Kukula kwa kusayeruzika kosalamulirika kukusonyezedwa ndi nkhani yakuti βolanda amalonjeza kuti sadzaukira zipatalaβ . Inde, ndiko kulondola: iwo omwe amateteza miyoyo ndi thanzi la anthu panthawi ya mliri amakhalanso ndi vuto la pulogalamu yaumbanda, monga momwe zinalili ku Czech Republic, komwe CoViper ransomware idasokoneza ntchito ya zipatala zingapo. .
Pali chikhumbo chomvetsetsa chomwe chiwombolo chikugwiritsa ntchito mutu wa coronavirus ndi chifukwa chake zikuwonekera mwachangu. Zitsanzo za pulogalamu yaumbanda zidapezeka pa netiweki - CoViper ndi CoronaVirus, zomwe zidaukira makompyuta ambiri, kuphatikiza mzipatala zaboma ndi zipatala.
Mafayilo onsewa ali mu Portable Executable format, zomwe zikusonyeza kuti ali ndi Windows. Amapangidwiranso x86. Ndizochititsa chidwi kuti iwo ali ofanana kwambiri kwa wina ndi mzake, CoViper yekha amalembedwa ku Delphi, monga umboni ndi tsiku lophatikiza la June 19, 1992 ndi mayina a zigawo, ndi CoronaVirus mu C. Onsewa ndi oimira encryptors.
Ransomware kapena ransomware ndi mapulogalamu omwe, kamodzi pa kompyuta ya wozunzidwa, amabisa mafayilo ogwiritsira ntchito, amasokoneza machitidwe a boot oyendetsa, ndikudziwitsa wogwiritsa ntchito kuti akuyenera kulipira omwe akuukirawo kuti asinthe.
Pambuyo poyambitsa pulogalamuyo, imasaka mafayilo ogwiritsira ntchito pakompyuta ndikuwasunga. Amafufuza pogwiritsa ntchito ntchito za API, zitsanzo zogwiritsira ntchito zomwe zimapezeka mosavuta pa MSDN .
Fig.1 Sakani mafayilo a ogwiritsa ntchito
Patapita kanthawi, amayambiranso kompyuta ndikuwonetsa uthenga wofanana ndi woti kompyutayo yatsekedwa.
Fig.2 Kuletsa uthenga
Kusokoneza dongosolo la boot la opareshoni, ransomware imagwiritsa ntchito njira yosavuta yosinthira mbiri ya boot (MBR) pogwiritsa ntchito Windows API.
Fig.3 Kusintha kwa mbiri ya boot
Njira iyi yotulutsira kompyuta imagwiritsidwa ntchito ndi zina zambiri zowombola: SmartRansom, Maze, ONI Ransomware, Bioskits, MBRlock Ransomware, HDDCryptor Ransomware, RedBoot, UselessDisk. Kukhazikitsidwa kwa kulembanso kwa MBR kumapezeka kwa anthu wamba ndi mawonekedwe a magwero a mapulogalamu monga MBR Locker pa intaneti. Kutsimikizira izi pa GitHub mutha kupeza nkhokwe zambiri zomwe zili ndi magwero kapena mapulojekiti okonzeka a Visual Studio.
Kulemba code iyi kuchokera ku GitHub , zotsatira zake ndi pulogalamu yomwe imalepheretsa kompyuta ya wogwiritsa ntchito mumasekondi angapo. Ndipo zimatenga pafupifupi mphindi zisanu kapena khumi kuti asonkhanitse.
Zikuwonekeratu kuti kuti mupange pulogalamu yaumbanda yoyipa simuyenera kukhala ndi luso kapena zida zazikulu; aliyense, kulikonse angachite. Khodiyi imapezeka kwaulere pa intaneti ndipo imatha kupangidwanso mosavuta pamapulogalamu ofanana. Izi zimandipangitsa kuganiza. Ili ndi vuto lalikulu lomwe limafuna kulowererapo komanso kuchitapo kanthu.
Source: www.habr.com