Ngokuchasene nemvelaphi yobhubhani we-coronavirus, kukho imvakalelo yokuba ubhubhani wedijithali olinganayo uqhambuke ngokuhambelana nawo. . Izinga lokukhula kwenani leendawo zokurhwaphiliza, i-spam, izixhobo ezinobuqhophololo, i-malware kunye nemisebenzi enobungozi efanayo iphakamisa iinkxalabo ezinzulu. Umkhamo wokuchasβ umthetho oqhubekayo uboniswa ziindaba zokuba βabaphangi bathembisa ukuba abasayi kuhlasela amaziko ezonyangoβ . Ewe, kunjalo: abo bakhusela ubomi kunye nempilo yabantu ngexesha lobhubhani bakwaphantsi kohlaselo lwe-malware, njengoko kwakunjalo kwiRiphabhliki yaseCzech, apho i-CoViper ransomware yaphazamisa umsebenzi wezibhedlele ezininzi. .
Kukho umnqweno wokuqonda ukuba yintoni iransomware exhaphaza umxholo we-coronavirus kwaye kutheni zivela ngokukhawuleza. Iisampuli ze-Malware zifunyenwe kwinethiwekhi - i-CoViper kunye ne-CoronaVirus, ehlasele iikhomputha ezininzi, kubandakanywa nezibhedlele zikawonkewonke kunye namaziko ezonyango.
Zombini ezi fayile ziphunyezwayo zikwifomathi eSebenzayo eSebenzayo, ecebisa ukuba zijolise kwiWindows. Zikwadityaniselwe i-x86. Kuyaphawuleka ukuba zifana kakhulu omnye komnye, kuphela i-CoViper ibhalwe eDelphi, njengoko kuboniswa ngumhla wokuhlanganiswa kwe-Juni 19, i-1992 kunye namagama amacandelo, kunye ne-CoronaVirus kwi-C. Bobabini ngabameli be-encryptors.
I-Ransomware okanye i-ransomware ziiprogram ezithi, kanye kwikhompyutheni yexhoba, zifihla iifayile zomsebenzisi, ziphazamise inkqubo ye-boot yesiqhelo yenkqubo yokusebenza, kwaye yazise umsebenzisi ukuba kufuneka ahlawule abahlaseli ukuba bayikhuphe.
Emva kokusungula inkqubo, ikhangela iifayile zomsebenzisi kwikhompyuter kwaye ifihlakele. Benza ukukhangela usebenzisa imisebenzi ye-API eqhelekileyo, imizekelo yokusetyenziswa enokufumaneka lula kwi-MSDN .
Umzobo.1 Khangela iifayile zabasebenzisi
Emva kwexesha, baqala kwakhona ikhompyuter kwaye babonise umyalezo ofanayo malunga nekhompyuter evaliweyo.
Fig.2 Ukuvala umyalezo
Ukuphazamisa inkqubo yokuqalisa inkqubo, iransomware isebenzisa indlela elula yokuguqula irekhodi yesiqalo (MBR) usebenzisa iWindows API.
Fig.3 Uhlengahlengiso lwerekhodi yokuqalisa
Le ndlela yokukhupha ikhomputha isetyenziswa ngamanye amaninzi e-ransomware: SmartRansom, Maze, ONI Ransomware, Bioskits, MBRlock Ransomware, HDDCryptor Ransomware, RedBoot, UselessDisk. Ukuphunyezwa kokubhalwa kwakhona kwe-MBR kuyafumaneka kuluntu ngokubanzi kunye nenkangeleko yeekhowudi zomthombo kwiinkqubo ezifana ne-MBR Locker kwi-intanethi. Ukuqinisekisa oku kwi-GitHub ungafumana inani elikhulu leendawo zokugcina ezinekhowudi yemvelaphi okanye iiprojekthi esele zenziwe zeVisual Studio.
Ukuqulunqa le khowudi ukusuka kwi-GitHub , isiphumo yinkqubo evala ikhompyuter yomsebenzisi kwimizuzwana embalwa. Kwaye kuthatha malunga nemizuzu emihlanu okanye elishumi ukuyidibanisa.
Kuye kwavela ukuba ukuze udibanise i-malware enobungozi akudingeki ukuba ube nezakhono ezinkulu okanye izixhobo; nabani na, naphi na angayenza. Ikhowudi ifumaneka ngokukhululekileyo kwi-Intanethi kwaye inokuphinda iveliswe ngokulula kwiinkqubo ezifanayo. Oku kundenza ndicinge. Le yingxaki enkulu efuna ungenelelo kunye nokuthatha amanyathelo athile.
umthombo: www.habr.com