ProHoster > Ibhulogi > Ulawulo > UTroldesh kwimaski entsha: elinye iliza lokuthumela inqwaba yentsholongwane ye-ransomware

UTroldesh kwimaski entsha: elinye iliza lokuthumela inqwaba yentsholongwane ye-ransomware

Ukusukela ekuqaleni kwanamhlanje ukuza kuthi ga ngoku, iingcali ze-JSOC CERT zirekhode ukusasazwa okukhohlakeleyo kwentsholongwane ye-Troldesh encrypting. Ukusebenza kwayo kubanzi kunokuba nje i-encryptor: ukongeza kwimodyuli yokubethela, inamandla okulawula kude indawo yokusebenza kunye nokukhuphela iimodyuli ezongezelelweyo. NgoMatshi walo nyaka sele ukwaziswa malunga nobhubhane weTroldesh - emva koko intsholongwane yafihla ukuhanjiswa kwayo isebenzisa izixhobo ze-IoT. Ngoku, iinguqulelo ezisengozini ye-WordPress kunye ne-cgi-bin interface zisetyenziselwa oku.

UTroldesh kwimaski entsha: elinye iliza lokuthumela inqwaba yentsholongwane ye-ransomware

I-imeyile ithunyelwa kwiidilesi ezahlukeneyo kwaye iqulethe kumzimba weleta ikhonkco kwimithombo yewebhu ephazamisekileyo kunye namacandelo e-WordPress. Ikhonkco iqulethe i-archive equlethe iscript kwiJavascript. Njengomphumo wokuphunyezwa kwayo, i-encryptor ye-Troldesh ikhutshelwa kwaye iqaliswe.

Ii-imeyile ezinobungozi azibonwa luninzi lwezixhobo zokhuseleko kuba ziqulethe ikhonkco kumthombo osemthethweni wewebhu, kodwa iransomware ngokwayo ngoku ichongiwe uninzi lwabavelisi besoftware ye-antivirus. Qaphela: kuba i-malware inxibelelana neeseva zeC&C ezikwinethiwekhi yeTor, kunokwenzeka ukuba ukhuphele iimodyuli ezongezelelweyo zomthwalo wangaphandle kumatshini owosulelekileyo onokuthi "uwutyebise".

Ezinye zezinto eziqhelekileyo zalencwadana ziquka:

(1) umzekelo wesihloko seleta yeendaba - "Malunga nokuodola"

(2) onke amakhonkco ayafana ngaphandle - aqulathe amagama angundoqo /wp-umxholo/ kunye /doc/, umzekelo:
Horsesmouth[.]org/wp-content/themes/InspiredBits/images/dummy/doc/doc/
www.montessori-academy[.]org/wp-content/themes/campus/mythology-core/core-assets/imifanekiso/social-icons/long-shadow/doc/
chestnutplacejp[.]com/wp-content/ai1wm-backups/doc/

(3) i-malware ifikelela kwiiseva ezahlukeneyo zolawulo ngeTor

(4) ifayile yenziwe Igama leFayile: C:ProgramDataWindowscsrss.exe, ebhaliswe kubhaliso kwi SOFTWAREMicrosoftWindowsCurrentVersionRun isebe (igama lepharamitha - Inkqubo engaphantsi yoMsebenzi woMxhasi).

Sincoma ukuba uqinisekise ukuba i-database yakho ye-software ye-anti-virus ihlaziyiwe, iqwalasela ukwazisa abasebenzi malunga nesi sisongelo, kwaye kwakhona, ukuba kunokwenzeka, ukomeleza ulawulo kwiileta ezingenayo kunye neempawu ezingentla.

umthombo: www.habr.com

Yongeza izimvo