Kusukela ekuqaleni kwanamuhla kuze kube manje, ochwepheshe be-JSOC CERT baqophe ukusatshalaliswa okunonya okukhulu kwegciwane lokubethela le-Troldesh. Ukusebenza kwayo kubanzi kunokwe-encryptor kuphela: ngaphezu kwemojula yokubethela, inamandla okulawula ukude indawo yokusebenza nokulanda amamojula engeziwe. NgoMashi walo nyaka sesivele mayelana nobhubhane lweTroldesh - igciwane lavala ukulethwa kwalo lisebenzisa amadivaysi e-IoT. Manje, izinguqulo ezisengozini ye-WordPress kanye ne-cgi-bin interface zisetshenziselwa lokhu.
I-imeyili ithunyelwa ngamakheli ahlukene futhi iqukethe emzimbeni wencwadi isixhumanisi sezinsiza zewebhu ezisengozini enezingxenye ze-WordPress. Isixhumanisi siqukethe ingobo yomlando equkethe iskripthi ku-Javascript. Njengomphumela wokwenziwa kwayo, i-Troldesh encryptor iyalandwa futhi yethulwe.
Ama-imeyili anonya awatholwa amathuluzi amaningi okuvikela ngoba aqukethe isixhumanisi esisetshenziswa esisemthethweni sewebhu, kodwa i-ransomware ngokwayo okwamanje itholwa abakhiqizi abaningi besoftware yokuvikela amagciwane. Qaphela: njengoba uhlelo olungayilungele ikhompuyutha luxhumana namaseva e-C&C atholakala kunethiwekhi ye-Tor, kungenzeka ukuthi ulande amamojula engeziwe omthwalo wangaphandle emshinini onaleli gciwane βongalicebisaβ.
Ezinye zezinto ezijwayelekile zale ncwadi yezindaba zihlanganisa:
(1) isibonelo sesihloko sencwadi yezindaba - βMayelana noku-odaβ
(2) zonke izixhumanisi ziyefana ngaphandle - ziqukethe amagama angukhiye /wp-okuqukethwe/ kanye /doc/, isibonelo:
I-Horsesmouth[.]org/wp-content/themes/InspiredBits/images/dummy/doc/doc/
[.]org/wp-content/themes/campus/mythology-core/core-assets/images/social-icons/long-shadow/doc/
chestnutplacejp[.]com/wp-content/ai1wm-backups/doc/
(3) uhlelo olungayilungele ikhompuyutha lufinyelela kumaseva okulawula ahlukahlukene nge-Tor
(4) ifayela liyakhiwa Igama lefayela: C:ProgramDataWindowscsrss.exe, ebhaliswe kusibhalisi egatsheni le-SOFTWAREMicrosoftWindowsCurrentVersionRun (igama lepharamitha - Uhlelo Olungaphansi Lwesikhathi Seseva Yeklayenti).
Sincoma ukuthi wenze isiqiniseko sokuthi isizindalwazi sakho sesofthiwe yokulwa namagciwane sisesikhathini samanje, sicabangela ukwazisa abasebenzi mayelana nalolu songo, futhi, uma kungenzeka, ukuqinisa ukulawula izinhlamvu ezingenayo ezinezimpawu ezingenhla.
Source: www.habr.com