Tichipesana nekumashure kwedenda rekoronavirus, pane manzwiro ekuti denda rakakura kwazvo redhijitari rakabuda mukuwirirana nazvo. . Chiyero chekukura kwenhamba yenzvimbo dzephishing, spam, zviwanikwa zvehunyengeri, malware uye zvakafanana zviitiko zvakashata zvinomutsa kunetseka kwakanyanya. Kukura kwekusateerera mutemo kuri kuramba kuchiitika kunoratidzwa nenhau dzekuti βmakororo anovimbisa kusarwisa zvipataraβ . Hongu, ndizvozvo: avo vanochengetedza hupenyu hwevanhu uye hutano panguva yedenda zvakare vari pasi pekurwiswa nemarware, sezvakaitika kuCzech Republic, uko CoViper ransomware yakakanganisa basa rezvipatara zvakati wandei. .
Pane chishuwo chekunzwisisa kuti chii chinonzi ransomware chiri kushandisa iyo coronavirus theme uye nei vari kuoneka nekukurumidza. Sampuli dzeMalware dzakawanikwa panetiweki - CoViper neCoronaVirus, iyo yakarwisa makomputa mazhinji, kusanganisira muzvipatara zveveruzhinji nenzvimbo dzekurapa.
Mafaira ese ari maviri anogona kuitiswa ari muPortable Executable fomati, ayo anoratidza kuti akanangana neWindows. Izvo zvakare zvakagadzirirwa x86. Zvinokosha kuziva kuti dzakafanana zvikuru kune mumwe nemumwe, chete CoViper yakanyorwa muDelphi, sezvinopupurirwa nezuva rekubatanidza raJune 19, 1992 uye mazita echikamu, uye CoronaVirus muC. Vose vari vaviri vamiririri veencryptors.
Ransomware kana ransomware zvirongwa izvo, kamwe pakombuta yemunhu akabatwa, encrypt mafaera emushandisi, kukanganisa yakajairwa bhutsu maitiro eiyo inoshanda sisitimu, uye kuzivisa mushandisi kuti anofanirwa kubhadhara vanomurwisa kuti vabvise.
Mushure mekutangisa chirongwa, inotsvaga mafaera emushandisi pakombuta uye inoanyora. Ivo vanoita tsvakiridzo vachishandisa yakajairwa API mabasa, mienzaniso yekushandisa iyo inogona kuwanikwa zviri nyore paMSDN .
Fig.1 Tsvaga mafaira emushandisi
Mushure mechinguva, vanotangazve komputa uye vanoratidza meseji yakafanana nezve komputa yakavharwa.
Fig.2 Kuvharisa meseji
Kuvhiringidza maitiro ebhoot ye sisitimu yekushandisa, ransomware inoshandisa nzira yakapusa yekugadzirisa boot rekodhi (MBR) uchishandisa Windows API.
Fig.3 Kugadziriswa kwebhoti rekodhi
Iyi nzira yekuburitsa komputa inoshandiswa nemamwe akawanda akawanda ekudzikinura: SmartRansom, Maze, ONI Ransomware, Bioskits, MBRlock Ransomware, HDDCryptor Ransomware, RedBoot, UselessDisk. Kuitwa kweMBR kunyorazve kunowanikwa kune veruzhinji nekuonekwa kwemakodhi makodhi ezvirongwa zvakaita seMBR Locker online. Kusimbisa izvi paGitHub iwe unogona kuwana huwandu hukuru hwema repositori ane kodhi kodhi kana akagadzirira-akagadzirwa mapurojekiti eVisual Studio.
Kunyora iyi kodhi kubva kuGitHub , mhedzisiro chirongwa chinodzima komputa yemushandisi mumasekonzi mashoma. Uye zvinotora anenge maminitsi mashanu kana gumi kuti iunganidze.
Zvinoitika kuti kuti uunganidze yakaipa malware haufanirwe kuve nehunyanzvi hunyanzvi kana zviwanikwa; chero munhu, chero kupi anogona kuzviita. Iyo kodhi inowanikwa pachena paInternet uye inogona kudhindwa zvakare mumapurogiramu akafanana. Izvi zvinoita kuti ndifunge. Iri idambudziko rakakura rinoda kupindira uye kutora mamwe matanho.
Source: www.habr.com