Back to Question Center
0

Chii Chinonzi CryptoLocker Uye Sei Kudzivisa I - The Guideline From Semalt

1 answers:

CryptoLocker is ransomware. Bhizimisi rebhizimisi rerudzikinuro nderekuendesa mari kune vashandisi ve internet. CryptoLocker inosimudzira mhando yakagadzirwa nehupenzi hwe "Police Virus" malware inobvunza vashandisi veIndaneti kubhadhara mari yekuvhura maitiro avo. CryptoLocker hijacks mapepa anokosha uye mafaira uye inozivisa vashandi kubhadhara rudzikinuro mukati mehuwandu hwakatarwa.

Jason Adler, Mutengi weKuteresi Achibudirira Semalt Dhijita Dhijitori, anotsanangura nezvekuchengeteka kwe CryptoLocker uye anopa mamwe mazano anogombedzera kuti azvidzivirire.

Zvinyorwa Zvisungo

CryptoLocker inoshandisa mashandisirwo emagariro evanhu ekunyengedza vashandisi veIndaneti kutora nekuiita - proveedores hosting. Mushandi we-email anowana mharidzo ine password-yakachengetedzwa ZIP file. E-mail inotaura kuti inobva mune sangano riri mubhizinesi rekushandisa.

The Trojan inotanga kana email yevashanduri azarura ZIP file achishandisa izwi rinoratidzwa. Zvakaoma kuziva Chi CryptoLocker nokuti inotora mukana wehutsika huripo hweWindows iyo hairereri zita refaira rekuwedzera. Apo munhu anenge atambudzwa ari kukonzera malware, iyo Trojan inoita mabasa akasiyana-siyana:

a) The Trojan inodzivirira pachayo mune faira iri mumushumo wemufananidzo, somuenzaniso, LocalAppData.

b) The Trojan inopinza kiyi kune registry. Ichi chiitiko chinovimbisa kuti chinotanga panguva yekombiyuta yekugadzira dambudziko.

c) Inotenderera maererano nemitemo miviri. Yokutanga ndiyo nzira huru. Chechipiri ndiko kudzivirirwa kwekugadziriswa kwebasa guru.

Faira Encryption

The Trojan inogadzira chinhu chisinganzwisisiki chakakosha uye inoshanda kune faira yose yakavharwa. Zvinyorwa zvefaira zvakavharidzirwa uchishandisa AES algorithm uye chinhu chakasiyana. Iko purogiramu yakangodaro ndeyekunyorwa kwechinyorwa kushandiswa kwechokuita chinonzi encryption algorithm (RSA). Mafunguro anofanirawo kunge ane 1024 bits..Pane zviitiko apo 2048 bit zvigetsi zvakashandiswa mukuita kwekunyora. IThrojani inovimbisa kuti mupi wekodzero yeRSA yega yega inowana chinhu chisinganzwisisiki chinoshandiswa mukuvhara kwefaira. Hazvikwanisi kutora zvinyorwa zvinyorwa zvichishandisa nzira ye forensic.

Kana uchinge wakamhanya, iyo Trojan inotora kiyi yepachena (PK) kubva kumuseri weC & C. Mukuona mushandi weC & C unoshanda, iyo Trojan inoshandisa domain rekugarisa algorithm (DGA) kuti ibudise mazita mazita echirongwa. DGA inonziwo "Mersenne twister". Shanduro yegoridhe inoshandisa musi wezvino sembeu inogona kubudisa madzinesi anopfuura 1 000 zuva rega rega. Izvo zvakagadzirwa madzinza ndezvokukura zvakasiyana-siyana.

The Trojan inodhonza PK uye inoiponesa mukati meHKCUSoftwareCryptoLockerPublic Key. IThrojani inotanga kuvhara mafaira mune disk hard disk uye network mafaira anovhurwa nemushandisi. CryptoLocker haina kuchinja mafaira ose. Iyo inongoratidzira chete zvisizvo zvisina kukwanisa mafaira ane zvikwata zvinoratidzwa mumutsetse wemarware. Aya mafaira ekuwedzera anosanganisira * .odt, * .xls, * .pptm, * .rft, * .pem, uye * .jpg. Uyewo, matombo echi CryptoLocker mumapepa ose akave akavanzwa kuHKEY_CURRENT_USERSoftwareCryptoLockerFiles.

Mushure mekunyorwa kwepfungwa, hutachiona hunoratidza shoko rinokumbira mubhadharo wekudzikinura mukati mehutano hwakatarwa nguva. Mari yekubhadhara inofanira kuitwa musati pekuvharwa kwepachivande.

Kudzivisa CryptoLocker

a) Vashandi veIndaneti vanofanirwa kunge vachifungira mashoko kubva kuvanhu vasingazivikanwe kana masangano.

b) Vashandi veIndaneti vanofanira kuvharidzira zvakavanzika mafaira ekuwedzera kujekesa kushandiswa kwemarware kana kurwisa kwetachiona.

c) Faira dzakakosha dzinofanira kuchengetwa mune imwe nzira yekuchengetedza.

d) Kana mafaira ari nehutachiwana, mushumiri haafaniri kubhadhara rudzikinuro. Vanhu vanoona nezvemarware havafaniri kumbhadharwa.

November 28, 2017