Tichipesana nekumashure kwedenda rekoronavirus, pane manzwiro ekuti denda rakakura kwazvo redhijitari rakabuda mukuwirirana nazvo.
Mafaira ese ari maviri anogona kuitiswa ari muPortable Executable fomati, ayo anoratidza kuti akanangana neWindows. Izvo zvakare zvakagadzirirwa x86. Zvinokosha kuziva kuti dzakafanana zvikuru kune mumwe nemumwe, chete CoViper yakanyorwa muDelphi, sezvinopupurirwa nezuva rekubatanidza raJune 19, 1992 uye mazita echikamu, uye CoronaVirus muC. Vose vari vaviri vamiririri veencryptors.
Ransomware kana ransomware zvirongwa izvo, kamwe pakombuta yemunhu akabatwa, encrypt mafaera emushandisi, kukanganisa yakajairwa bhutsu maitiro eiyo inoshanda sisitimu, uye kuzivisa mushandisi kuti anofanirwa kubhadhara vanomurwisa kuti vabvise.
Mushure mekutangisa chirongwa, inotsvaga mafaera emushandisi pakombuta uye inoanyora. Ivo vanoita tsvakiridzo vachishandisa yakajairwa API mabasa, mienzaniso yekushandisa iyo inogona kuwanikwa zviri nyore paMSDN
Fig.1 Tsvaga mafaira emushandisi
Mushure mechinguva, vanotangazve komputa uye vanoratidza meseji yakafanana nezve komputa yakavharwa.
Fig.2 Kuvharisa meseji
Kuvhiringidza maitiro ebhoot ye sisitimu yekushandisa, ransomware inoshandisa nzira yakapusa yekugadzirisa boot rekodhi (MBR)
Fig.3 Kugadziriswa kwebhoti rekodhi
Iyi nzira yekuburitsa komputa inoshandiswa nemamwe akawanda akawanda ekudzikinura: SmartRansom, Maze, ONI Ransomware, Bioskits, MBRlock Ransomware, HDDCryptor Ransomware, RedBoot, UselessDisk. Kuitwa kweMBR kunyorazve kunowanikwa kune veruzhinji nekuonekwa kwemakodhi makodhi ezvirongwa zvakaita seMBR Locker online. Kusimbisa izvi paGitHub
Kunyora iyi kodhi kubva kuGitHub
Zvinoitika kuti kuti uunganidze yakaipa malware haufanirwe kuve nehunyanzvi hunyanzvi kana zviwanikwa; chero munhu, chero kupi anogona kuzviita. Iyo kodhi inowanikwa pachena paInternet uye inogona kudhindwa zvakare mumapurogiramu akafanana. Izvi zvinoita kuti ndifunge. Iri idambudziko rakakura rinoda kupindira uye kutora mamwe matanho.
Source: www.habr.com