ProHoster > Blog > Tsamaiso > Troldesh ka maske a macha: leqhubu le leng la ho romelloa ka bongata ha vaerase ea ransomware

Troldesh ka maske a macha: leqhubu le leng la ho romelloa ka bongata ha vaerase ea ransomware

Ho tloha qalong ea kajeno ho fihlela joale, litsebi tsa JSOC CERT li tlalehile kabo e mpe ea vaerase ea Troldesh encrypting. Ts'ebetso ea eona e pharaletse ho feta ea encryptor: ntle le mojule oa encryption, e na le bokhoni ba ho laola sebaka sa mosebetsi le ho jarolla li-module tse ling. Ka March selemong sena re se re ntse re tsebisitsoe mabapi le seoa sa Troldesh - joale kokoana-hloko e ile ea pata phepelo ea eona e sebelisa lisebelisoa tsa IoT. Hona joale, liphetolelo tse tlokotsing tsa WordPress le sebopeho sa cgi-bin li sebelisetsoa sena.

Troldesh ka maske a macha: leqhubu le leng la ho romelloa ka bongata ha vaerase ea ransomware

Ho romelloa ho tsoa ho liaterese tse fapaneng 'me ka har'a sehlopha sa lengolo ho na le sehokelo sa mehloli ea marang-rang e senyehileng e nang le likarolo tsa WordPress. Sehokelo se na le polokelo e nang le mongolo ho Javascript. Ka lebaka la ts'ebetso ea eona, Troldesh encryptor e jarolleloa le ho qalisoa.

Li-imeile tse kotsi ha li bonoe ke lisebelisoa tse ngata tsa ts'ireletso hobane li na le sehokelo sa mohloli o molaong oa webo, empa ransomware ka boeona hajoale e bonoa ke bahlahisi ba bangata ba li-antivirus. Tlhokomeliso: kaha malware a hokahana le li-server tsa C&C tse fumanehang marang-rang a Tor, ho ka khonahala ho khoasolla li-module tse ling tsa kantle ho mochini o nang le tšoaetso o ka "ruisang".

Tse ling tsa likarolo tse akaretsang tsa leselinyana lena li kenyelletsa:

(1) mohlala oa sehlooho sa koranta - "Mabapi le ho odara"

(2) lihokelo tsohle li tšoana ka ntle - li na le mantsoe a sehlooho /wp-content/ le /doc/, mohlala:
Horsesmouth[.]org/wp-content/themes/InspiredBits/images/dummy/doc/doc/
www.montessori-academy[.]org/wp-content/themes/campus/mythology-core/core-assets/litšoantšo/social-icons/long-shadow/doc/
chestnutplacejp[.]com/wp-content/ai1wm-backups/doc/

(3) malware e fihlella li-server tse fapaneng tsa taolo ka Tor

(4) faele e entsoe Filename: C:ProgramDataWindowscsrss.exe, e ngolisitsoeng ho registry lekaleng la SOFTWAREMicrosoftWindowsCurrentVersionRun (lebitso la paramethara - Client Server Runtime Subsystem).

Re khothaletsa ho etsa bonnete ba hore li-database tsa hau tsa li-anti-virus li ntse li le teng, ho nahana ka ho tsebisa basebetsi ka tšokelo ena, hape, haeba ho khoneha, ho matlafatsa taolo holim'a mangolo a kenang ka matšoao a ka holimo.

Source: www.habr.com

Eketsa ka tlhaloso