Ngokuchasene nemvelaphi yobhubhani we-coronavirus, kukho imvakalelo yokuba ubhubhani wedijithali olinganayo uqhambuke ngokuhambelana nawo.
Zombini ezi fayile ziphunyezwayo zikwifomathi eSebenzayo eSebenzayo, ecebisa ukuba zijolise kwiWindows. Zikwadityaniselwe i-x86. Kuyaphawuleka ukuba zifana kakhulu omnye komnye, kuphela i-CoViper ibhalwe eDelphi, njengoko kuboniswa ngumhla wokuhlanganiswa kwe-Juni 19, i-1992 kunye namagama amacandelo, kunye ne-CoronaVirus kwi-C. Bobabini ngabameli be-encryptors.
I-Ransomware okanye i-ransomware ziiprogram ezithi, kanye kwikhompyutheni yexhoba, zifihla iifayile zomsebenzisi, ziphazamise inkqubo ye-boot yesiqhelo yenkqubo yokusebenza, kwaye yazise umsebenzisi ukuba kufuneka ahlawule abahlaseli ukuba bayikhuphe.
Emva kokusungula inkqubo, ikhangela iifayile zomsebenzisi kwikhompyuter kwaye ifihlakele. Benza ukukhangela usebenzisa imisebenzi ye-API eqhelekileyo, imizekelo yokusetyenziswa enokufumaneka lula kwi-MSDN
Umzobo.1 Khangela iifayile zabasebenzisi
Emva kwexesha, baqala kwakhona ikhompyuter kwaye babonise umyalezo ofanayo malunga nekhompyuter evaliweyo.
Fig.2 Ukuvala umyalezo
Ukuphazamisa inkqubo yokuqalisa inkqubo, iransomware isebenzisa indlela elula yokuguqula irekhodi yesiqalo (MBR)
Fig.3 Uhlengahlengiso lwerekhodi yokuqalisa
Le ndlela yokukhupha ikhomputha isetyenziswa ngamanye amaninzi e-ransomware: SmartRansom, Maze, ONI Ransomware, Bioskits, MBRlock Ransomware, HDDCryptor Ransomware, RedBoot, UselessDisk. Ukuphunyezwa kokubhalwa kwakhona kwe-MBR kuyafumaneka kuluntu ngokubanzi kunye nenkangeleko yeekhowudi zomthombo kwiinkqubo ezifana ne-MBR Locker kwi-intanethi. Ukuqinisekisa oku kwi-GitHub
Ukuqulunqa le khowudi ukusuka kwi-GitHub
Kuye kwavela ukuba ukuze udibanise i-malware enobungozi akudingeki ukuba ube nezakhono ezinkulu okanye izixhobo; nabani na, naphi na angayenza. Ikhowudi ifumaneka ngokukhululekileyo kwi-Intanethi kwaye inokuphinda iveliswe ngokulula kwiinkqubo ezifanayo. Oku kundenza ndicinge. Le yingxaki enkulu efuna ungenelelo kunye nokuthatha amanyathelo athile.
umthombo: www.habr.com