Kutyisidzira kwakasiyana siyana uchishandisa coronavirus themes inoramba ichionekwa online. Uye nhasi tinoda kugovera ruzivo nezve imwe inonakidza chiitiko chinoratidza zvakajeka chishuwo chevanorwisa kuti vawedzere purofiti yavo. Kutyisidzira kubva kuchikamu che "2-in-1" chinozvidaidza kuti CoronaVirus. Uye ruzivo rwakadzama nezve malware iri pasi pekuchekwa.
Kushandiswa kweiyo coronavirus theme kwakatanga kupfuura mwedzi wapfuura. Varwi vacho vakatora mukana wekufarira kweveruzhinji ruzivo nezve kupararira kwedenda uye matanho akatorwa. Huwandu hukuru hwevazivisi vakasiyana, mashandisirwo akasarudzika uye nzvimbo dzenhema dzakaonekwa paInternet izvo zvinokanganisa vashandisi, kuba data, uye dzimwe nguva encrypt zviri mukati memudziyo uye kuda rudzikinuro. Izvi ndizvo chaizvo zvinoitwa neCoronavirus Tracker mobile app, ichivharira kupinda muchina uye ichida rudzikinuro.
Imwe nyaya yakaparadzana yekupararira kwemalware yaive kuvhiringidzika nematanho ekutsigira mari. Munyika dzakawanda, hurumende yakavimbisa rubatsiro nerutsigiro kuvagariwo zvavo nevamiriri vemabhizinesi panguva yedenda. Uye anenge hapana kwese kuri kugamuchira rubatsiro urwu nyore uye pachena. Uyezve, vakawanda vanotarisira kuti vachabatsirwa nemari, asi havazivi kuti vakabatanidzwa here pandandanda yevaya vachawana rubatsiro rwehurumende kana kuti kwete. Uye avo vakatogamuchira chimwe chinhu kubva kuhurumende havakwanisi kuramba rubatsiro rwakawedzerwa.
Izvi ndizvo chaizvo zvinotorwa nevanorwisa. Vanotumira matsamba vakamiririra mabhanga, vezvemari uye zviremera zvekuchengetedzwa kwevanhu, vachipa rubatsiro. Iwe unongoda kutevedzera iyo link ...
Hazvina kuoma kufungidzira kuti mushure mekudzvanya pane inokahadzika kero, munhu anopedzisira ave pane phishing saiti kwaanokumbirwa kuisa ruzivo rwake rwemari. Kazhinji, panguva imwe chete nekuvhura webhusaiti, vanorwisa vanoedza kukanganisa komputa nechirongwa cheTrojan chakanangana nekubira data rega uye, kunyanya, ruzivo rwemari. Dzimwe nguva email yekubatanidza inosanganisira password-yakachengetedzwa faira ine "ruzivo rwakakosha nezve mawaniro aungaite rubatsiro rwehurumende" nenzira yespyware kana ransomware.
Uye zvakare, nguva pfupi yadarika zvirongwa kubva muchikamu cheInfostealer zvakatangawo kupararira pasocial network. Semuyenzaniso, kana uchida kudhaunirodha zviri pamutemo zvekushandisa Windows, iti wisecleaner[.]zvakanakisa, Infostealer inogona kuuya yakasungwa nazvo. Nekudzvanya pane chinongedzo, mushandisi anogamuchira anodhawunirodha iyo inodhawunirodha malware pamwe nekushandisa, uye yekurodha inosarudzwa zvichienderana nekugadziriswa kwekombuta yemunhu anenge abatwa.
Coronavirus 2022
Nei takapfuura nemurwendo rwese urwu? Icho chokwadi ndechekuti iyo malware nyowani, vagadziri vayo vasina kufunga zvakanyanya nezve zita, ichangotora zvese zvakanakisa uye inonakidza munhu akabatwa nemhando mbiri dzekurwiswa kamwechete. Kune rimwe divi, iyo encryption chirongwa (CoronaVirus) inotakurwa, uye kune imwe, KPOT infostealer.
CoronaVirus ransomware
Iyo ransomware pachayo idiki faira rinoyera 44KB. Kutyisidzira kuri nyore asi kunoshanda. Iyo faira inoteedzera inozvikopa pachayo pasi pezita risingaite kuti %AppData%LocalTempvprdh.exe, uye zvakare inoisa kiyi mune registry WindowsCurrentVersionRun. Kana kopi yaiswa, yekutanga inodzimwa.
Kufanana neransomware yakawanda, CoronaVirus inoedza kudzima mabhapu emunharaunda uye kudzima mumvuri wefaira nekumhanyisa inotevera system mirairo:
C:Windowssystem32VSSADMIN.EXE Delete Shadows /All /Quiet
C:Windowssystem32wbadmin.exe delete systemstatebackup -keepVersions:0 -quiet
C:Windowssystem32wbadmin.exe delete backup -keepVersions:0 -quiet
Tevere, software inotanga kunyora mafaira. Zita reimwe encrypted faira rinenge riine [email protected]__ pakutanga, uye zvimwe zvose zvinongoramba zvakadaro.
Uye zvakare, iyo ransomware inoshandura zita reiyo C drive kuita CoronaVirus.
Mudhairekitori rega rega rakakwanisa kubatwa nehutachiona uhu, faira reCoronaVirus.txt rinobuda, rine mirairo yekubhadhara. Rudzikinuro ingori 0,008 bitcoins kana inenge madhora makumi matanhatu. Ndinofanira kutaura, ichi chimiro chine mwero kwazvo. Uye pano poindi ndeyekuti munyori haana kuzviisa chinangwa chekupfuma zvakanyanya ... kana, pane kudaro, akafunga kuti iyi yaive mari yakanakisa iyo mushandisi wese akagara pamba achizvimiririra aigona kubhadhara. Bvumirana, kana iwe usingakwanise kuenda kunze, saka madhora makumi matanhatu kuti komputa yako ishande zvakare haina kuwanda.
Pamusoro pezvo, iyo Ransomware nyowani inonyora diki DOS faira rekuita mune yenguva faira folda uye inoinyoresa mune registry pasi peBootExecute kiyi kuitira kuti mirairo yekubhadhara iratidzwe nguva inotevera apo komputa inotangwazve. Zvichienderana nemagadzirirwo ehurongwa, iyi meseji inogona kusaoneka. Nekudaro, mushure mekuvharirwa kwemafaira ese kwapera, komputa inozotangazve.
KPOT infostealer
Iyi Ransomware inouyawo neKPOT spyware. Uyu infostealer anogona kuba makuki uye mapassword akachengetwa kubva kune akasiyana mabhurawuza, pamwe nemitambo yakaiswa paPC (kusanganisira Steam), Jabber uye Skype vatumwa pakarepo. Nzvimbo yake yekufarira inosanganisirawo ruzivo rwekuwana FTP uye VPN. Yaita basa rayo uye yabira zvese zvainogona, musori inozvibvisa nemurairo unotevera:
cmd.exe /c ping 127.0.0.1 && del C:tempkpot.exe
Haisi kungoti Ransomware zvakare
Kurwiswa uku, kwakasungirirwa zvakare kune dingindira redenda rekoronavirus, zvakare zvinoratidza kuti ransomware yemazuva ano inotsvaga kuita zvinopfuura kungovharira mafaera ako. Muchiitiko ichi, munhu akabatwa ane njodzi yekuve nemapassword kunzvimbo dzakasiyana siyana uye maportal akabiwa. Mapoka ecybercriminal akarongeka zvakanyanya seMaze neDoppelPaymer ave nehunyanzvi hwekushandisa zvakabiwa data remunhu kune vashandisi venhema kana vasingade kubhadhara kudzoreredza faira. Chokwadi, kamwe kamwe hazvina kukosha zvakanyanya, kana mushandisi ane backup system isingatambudzike kurwiswa neRansomware.
Zvisinei nekureruka kwayo, iyo itsva CoronaVirus inoratidza pachena kuti matsotsi ari kutsvagawo kuwedzera mari yavanotambira uye vari kutsvaga dzimwe nzira dzekuita mari. Iro zano pacharo harisi idzva - kwemakore akati wandei ikozvino, vaongorori veAcronis vanga vachiona kurwiswa kweransomware inodyarawo Trojans yemari pakombuta yemunhu akabatwa. Zvakare, mumamiriro ezvinhu emazuva ano, kurwiswa kwerudzikinuro kunogona kuita sekuparadza kuitira kutsausa pfungwa kubva kuchinangwa chikuru chevanorwisa - kuburitswa kwedata.
Imwe nzira kana imwe, kudzivirirwa pakutyisidzira kwakadaro kunogona kuwanikwa chete uchishandisa nzira yakabatana yekudzivirira kwecyber. Uye masisitimu edziviriro emazuva ano anovhara nyore kutyisidzira kwakadaro (uye zvese zviri zviviri zvikamu) kunyangwe vasati vatanga kushandisa heuristic algorithms vachishandisa muchina kudzidza matekinoroji. Kana yakabatanidzwa negadziriro yeparutivi / njodzi yekudzorera, mafaira ekutanga akakuvadzwa achadzorerwa pakarepo.
Kune avo vanofarira, hash sums yeIoC mafaera:
CoronaVirus Ransomware: 3299f07bc0711b3587fe8a1c6bf3ee6bcbc14cb775f64b28a61d72ebcb8968d3
Kpot infostealer: a08db3b44c713a96fe07e0bfc440ca9cf2e3d152a5d13a70d6102c15004c4240
Vashandisi vakanyoresa chete ndivo vanogona kutora chikamu muongororo. , Munogamuchirwa.
Wakambosangana nekuvharirwa panguva imwe chete uye kubiwa kwedata here?
-
19,0%Hongu4
-
42,9%No9
-
28,6%Tichafanira kungwarira zvikuru6
-
9,5%Handina kana kumbofunga nezvazvo2
21 vashandisi vakavhota. 5 vashandisi vakaramba.
Source: www.habr.com