Ngokumelene nesizinda sobhubhane lwe-coronavirus, kunomuzwa wokuthi kuqubuke ubhubhane lwedijithali olukhulu ngokufana nalo. . Izinga lokukhula kwenani lamasayithi obugebengu bokweba imininingwane ebucayi, ugaxekile, izinsiza eziwumgunyathi, uhlelo olungayilungele ikhompuyutha kanye nomsebenzi ofanayo omubi kuphakamisa ukukhathazeka okukhulu. Izinga lokungabi namthetho okuqhubekayo liboniswa yizindaba ezithi “abakhwabanisi bathembisa ukuthi ngeke bahlasele izikhungo zezokwelapha” . Yebo, kunjalo: labo abavikela izimpilo nempilo yabantu phakathi nalolu bhubhane basengozini yokuhlaselwa yi-malware, njengoba kwenzeka eCzech Republic, lapho i-CoViper ransomware yaphazamisa umsebenzi wezibhedlela eziningana. .
Kunesifiso sokuqonda ukuthi iyini i-ransomware exhaphaza itimu ye-coronavirus nokuthi kungani ivela ngokushesha kangaka. Kutholwe amasampula ohlelo olungayilungele ikhompuyutha kunethiwekhi - i-CoViper ne-CoronaVirus, ehlasele amakhompyutha amaningi, okuhlanganisa nasezibhedlela zikahulumeni kanye nezikhungo zezokwelapha.
Womabili lawa mafayela asebenzisekayo akufomethi ephathekayo esebenzisekayo, ephakamisa ukuthi ahloselwe iWindows. Aphinde ahlanganiselwe i-x86. Kuyaphawuleka ukuthi zifana kakhulu komunye nomunye, i-CoViper kuphela ebhalwe eDelphi, njengoba kufakazelwa usuku lokuhlanganiswa lwangoJuni 19, 1992 namagama ezigaba, kanye ne-CoronaVirus ku-C. Bobabili bangabameleli be-cryptographer.
I-Ransomware noma i-ransomware yizinhlelo okuthi, uma zisekhompuyutheni yesisulu, zibethele amafayela omsebenzisi, ziphazamise inqubo evamile yokuqalisa yesistimu yokusebenza, futhi zazise umsebenzisi ukuthi udinga ukukhokhela abahlaseli ukuze bayisuse.
Ngemva kokwethula uhlelo, isesha amafayela omsebenzisi kukhompuyutha futhi iwabhale ngekhodi. Benza ukusesha besebenzisa imisebenzi ejwayelekile ye-API, izibonelo zokusetshenziswa ezingatholakala kalula ku-MSDN .
Fig.1 Sesha amafayela omsebenzisi
Ngemva kwesikhashana, baqala kabusha ikhompuyutha futhi babonise umlayezo ofanayo mayelana nekhompyutha evinjiwe.
Fig.2 Ukuvimba umlayezo
Ukuphazamisa inqubo yokuqalisa yesistimu yokusebenza, i-ransomware isebenzisa indlela elula yokulungisa irekhodi lokuqalisa (MBR) usebenzisa iWindows API.
Fig.3 Ukuguqulwa kwerekhodi lokuqalisa
Le ndlela yokukhipha ikhompuyutha isetshenziswa ezinye eziningi ze-ransomware: I-SmartRansom, i-Maze, i-ONI Ransomware, i-Bioskits, i-MBRlock Ransomware, i-HDDCryptor Ransomware, i-RedBoot, i-UselessDisk. Ukuqaliswa kokubhala kabusha kwe-MBR kutholakala emphakathini jikelele ngokuvela kwamakhodi omthombo wezinhlelo ezifana ne-MBR Locker ku-inthanethi. Ukuqinisekisa lokhu ku-GitHub ungathola inani elikhulu lamaqoqo anekhodi yomthombo noma amaphrojekthi enziwe ngomumo we-Visual Studio.
Ukuhlanganisa le khodi kusuka ku-GitHub , umphumela uwuhlelo olukhubaza ikhompuyutha yomsebenzisi emizuzwaneni embalwa. Futhi kuthatha cishe imizuzu emihlanu noma eyishumi ukuyihlanganisa.
Kuvele ukuthi ukuze uhlanganise uhlelo olungayilungele ikhompuyutha akumele ube namakhono amahle noma izinsiza; noma ngubani, noma yikuphi angakwenza. Ikhodi itholakala mahhala ku-inthanethi futhi ingaphinda ikhiqizwe ezinhlelweni ezifanayo. Lokhu kungenza ngicabange. Lena inkinga enkulu edinga ukungenelela kanye nokuthatha izinyathelo ezithile.
Source: www.habr.com