Kubva pakutanga kwanhasi kusvika parizvino, nyanzvi dzeJSOC CERT dzakanyora kupararira kwakashata kwehutachiona hweTroldesh encrypting. Kushanda kwayo kwakapamhama kupfuura kungoita kweiyo encryptor: mukuwedzera kune encryption module, inokwanisa kudzora kure nzvimbo yekushandira uye kudhawunirodha mamwe mamodule. Muna March wegore rino tatova nezve denda reTroldesh - ipapo hutachiona hwakavhara kuendesa kwayo uchishandisa IoT zvishandiso. Ikozvino, vhezheni dzisina njodzi dzeWordPress uye iyo cgi-bin interface inoshandiswa kune izvi.
Iyo yekutumira inotumirwa kubva kune akasiyana kero uye ine mumutumbi wetsamba chinongedzo kune yakakanganiswa zviwanikwa zvewebhu zvine WordPress zvikamu. Iyo link ine archive ine script muJavascript. Nekuda kwekuitwa kwayo, iyo Troldesh encryptor inotorwa uye kutangwa.
Maemail ane hutsinye haaonekwe nematurusi mazhinji ekuchengetedza nekuti ane chinongedzo kune chiri pamutemo webhu sosi, asi iyo ransomware pachayo ikozvino yaonekwa nevazhinji vanogadzira antivirus software. Ongorora: sezvo iyo malware ichitaurirana neC&C maseva ari paTor network, zvinokwanisika kudhawunirodha mamwe ekunze mutoro modules kumuchina une hutachiona unokwanisa "kupfumisa" iwo.
Zvimwe zvezvakajairwa zvetsamba ino zvinosanganisira:
(1) muenzaniso wenyaya yetsamba - "Nezve kuodha"
(2) zvese zvinongedzo zvakafanana kunze - zvine mazwi akakosha /wp-mukati/ uye /doc/, semuenzaniso:
Horsesmouth[.]org/wp-content/themes/InspiredBits/images/dummy/doc/doc/
[.]org/wp-content/themes/campus/mythology-core/core-assets/mifananidzo/social-icons/refu-mumvuri/doc/
chestnutplacejp[.]com/wp-content/ai1wm-backups/doc/
(3) iyo malware inowana akasiyana maseva ekudzora kuburikidza neTor
(4) faira rakagadzirwa Filename: C:ProgramDataWindowscsrss.exe, yakanyoreswa mune registry muSOFTWAREMicrosoftWindowsCurrentVersionRun bazi (parameter zita - Client Server Runtime Subsystem).
Isu tinokurudzira kuve nechokwadi chekuti anti-virus software dhatabhesi yako yazvino, tichifunga kuzivisa vashandi nezve kutyisidzira uku, uye zvakare, kana zvichibvira, kusimbisa kutonga pamusoro pemabhii anouya ane zviratidzo zviri pamusoro.
Source: www.habr.com