Kuyambira lero mpaka pano, akatswiri a JSOC CERT alemba kufalitsa koyipa kwa kachilombo ka Troldesh encrypting. Ntchito yake ndi yotakata kuposa ya encryptor: kuwonjezera pa gawo la encryption, imatha kuwongolera patali ndikutsitsa ma module owonjezera. Mu March chaka chino ife kale
Makalata amatumizidwa kuchokera ku ma adilesi osiyanasiyana ndipo ali m'chikalatacho ulalo wazinthu zomwe zasokonekera ndi WordPress. Ulalowu uli ndi zosunga zakale zomwe zili ndi script mu Javascript. Chifukwa cha kuphedwa kwake, Troldesh encryptor imatsitsidwa ndikuyambitsidwa.
Maimelo oyipa samazindikiridwa ndi zida zambiri zachitetezo chifukwa ali ndi ulalo wopezeka patsamba lovomerezeka, koma ransomware yokha imadziwika ndi ambiri opanga mapulogalamu a antivayirasi. Zindikirani: popeza pulogalamu yaumbanda imalumikizana ndi ma seva a C&C omwe ali pa netiweki ya Tor, ndizotheka kutsitsa ma module owonjezera akunja pamakina omwe ali ndi kachilombo omwe "amalemeretsa".
Zina mwazinthu zomwe zili mukalatayi ndi izi:
(1) chitsanzo cha nkhani zamakalata - "Za kuyitanitsa"
(2) maulalo onse ndi ofanana kunja - ali ndi mawu osakira / wp-content/ ndi /doc/, mwachitsanzo:
Horsesmouth[.]org/wp-content/themes/InspiredBits/images/dummy/doc/doc/
chestnutplacejp[.]com/wp-content/ai1wm-backups/doc/
(3) pulogalamu yaumbanda imapeza ma seva osiyanasiyana owongolera kudzera pa Tor
(4) fayilo imapangidwa Dzina la Fayilo: C:ProgramDataWindowscsrss.exe, yolembetsedwa mu registry mu nthambi ya SOFTWAREMicrosoftWindowsCurrentVersionRun (dzina la parameter - Client Server Runtime Subsystem).
Tikukulimbikitsani kuwonetsetsa kuti mapulogalamu anu odana ndi ma virus asinthidwa, poganizira zodziwitsa antchito za chiwopsezochi, komanso, ngati n'kotheka, kulimbikitsa kuwongolera zilembo zomwe zikubwera ndi zizindikiro pamwambapa.
Source: www.habr.com