Lub 2017 hlis XNUMX, WannaCry, tus nqe txhiv tej zaum yuav ua rau muaj kev puas tsuaj thoob plaws ntiaj teb thaum nws tsoo ze li ntawm 300,000 PC hauv 150 lub teb chaws nyob hauv tsuas yog 72 teev, tab sis qhov ntawd tsis txhais tau tias nws yog qhov zoo ntawm cov ransomware. Yog, cov kws tshawb nrhiav kev ruaj ntseg ntawm Kaspersky Labs tsis ntev los no tau pom qee qhov kev ua yuam kev hauv cov cai ntawm WannaCrypt tus kab mob ransomware cab.
Cov kev ua yuam kev tsis raws li kev cai nyob hauv WannaCrypt txoj kev tsim kho tuaj yeem tso cai qee qhov ntawm nws cov neeg raug tsim txom kom rov qab lawv cov ntaub ntawv kaw tseg nrog cov khoom muaj pub dawb rov qab los yog txawm tias muaj cov lus qhia yooj yooj yim, tsis tas them nyiaj rau ib qho yuam sij decryption.
Anton Ivanov, tus kws tshaj lij ntawm Malware ntawm Kaspersky Lab, nrog rau cov npoj yaig Fedor Sinitsyn thiab Orkhan Mamedov, tom qab tshawb nrhiav cov kabmob muaj txhij txhua, muaj cov ntsiab lus peb qho tseem ceeb uas tau ua los ntawm WannaCry cov tsim tawm uas tuaj yeem tso cai sysadmins los tsim cov ntaub ntawv ploj.
Raws li cov kws tshawb nrhiav, qhov teeb meem nyob hauv txoj kev ntawm cov malware nqa tawm txoj kev encryption.
"Thaum Wannacry nkag siab nws cov neeg raug tsim txom cov ntaub ntawv, nws nyeem los ntawm cov ntawv qub, nkag mus rau cov ntsiab lus thiab khaws nws mus rau hauv cov ntawv nrog txuas ntxiv" .WNCRYT ". Tom qab encryption nws tsiv “.WNCRYT” rau hauv “.WNCRY” thiab muab daim tseem ntawv pov tseg. Cov kev txiav tawm no yuav sib txawv nyob ntawm qhov chaw thiab thaj chaw ntawm tus neeg cov ntaub ntawv. ”
WannaCry theej tawm cov ntaub ntawv thiab tsim lawv cov ntawv luam zais vim nws tsis tuaj yeem ua rau lub software tsis zoo yuav cuam tshuam ncaj qha lossis hloov kho cov ntaub ntawv tsuas yog nyeem cov ntaub ntawv. Thaum thawj cov ntaub ntawv tsis nyob twj ywm tab sis tau muab 'zais' tus cwj pwm, tau txais cov ntaub ntawv qub rov qab tsuas xav kom cov neeg raug tsim txom rov qab lawv cov cwj pwm ib txwm.
https://www.alltechbuzz.net/fix-wannacrypt-ransomware-backdoor/
Rov qab cov ntaub ntawv los ntawm System Drive (ie C tsav)
Raws li cov kws tshawb nrhiav, cov ntaub ntawv khaws cia hauv 'cov ntawv tseem ceeb', zoo li Desktop lossis Cov Ntawv Teev Cov Ntaub Ntawv, tsis tuaj yeem rov qab tau yam tsis muaj qhov tseem ceeb ntawm decryption vim tias WannaCry tau raug tsim los tuav cov ntaub ntawv qub nrog cov ntaub ntawv random ua ntej tshem tawm.
Txawm li cas los xij, cov kws tshawb nrhiav tau pom tias lwm cov ntaub ntawv khaws cia sab nraud ntawm 'cov ntawv ceeb toom tseem ceeb' ntawm lub system tsav tuaj yeem rov qab los ntawm cov nplaub tshev ib ntus uas siv cov ntaub ntawv rov qab software.
“Yog tias cov ntaub ntawv khaws cia sab nraud ntawm 'tseem ceeb' cov ntawv tais ceev tseg, tom qab ntawv yuav xa mus rau cov ntawv%% TEMP% \% d.WNCRYT (qhov twg% d qhia tus lej suav). Cov ntaub ntawv no muaj cov ntaub ntawv qub thiab tsis sau cia, lawv tsuas tau muab tshem tawm ntawm daim disk, uas txhais tau tias muaj caij nyoog zoo uas nws yuav tuaj yeem tsim kho lawv siv cov ntaub ntawv rov qab software. "
Rov Ua Cov Ntaub Ntawv Los Ntawm Cov Tsis-Tsim Tsav
Raws li cov kws tshawb nrhiav, rau cov uas tsis yog-tsav tsheb, WannaCry Ransomware tsim ib qhov zais '$ RECYCLE', uas yog pom nyob rau hauv Windows File Explorer yog tias nws muaj lub neej qub. Cov malware mam li txav cov thawj cov ntaub ntawv rau hauv cov ntawv no tom qab encryption. Txawm li cas los xij, koj tuaj yeem rov qab cov ntaub ntawv tsuas yog los ntawm unhiding '$ RECYCLE' nplaub tshev.
Tsis tas li, vim "synchronization yuam" nyob rau hauv tus lej ntawm ransomware, feem ntau cov ntaub ntawv qub tseem nyob hauv cov ntawv qhia ibyam thiab tsis tsiv mus rau $ RECYCLE, uas ua rau cov neeg raug tsim txom cov ntaub ntawv tsis zoo tshem tawm siv cov ntaub ntawv rov qab software.
WannaCry Ransomware Programming Yuam Kev:
Cov kws tshawb nrhiav Kaspersky Lab tau tshawb pom tias tus nqe txhiv no muaj qhov tsis zoo hauv nws cov ntawv tsuas yog ua. Yog tias muaj cov ntaub ntawv zoo li no ntawm lub tshuab ntaus ntawv, ces tus nqe txhiv yuav tsis hloov lawv li. Nws yuav tsuas yog tsim qhov ntawv luam ntawm txhua daim tseem, thaum thawj cov ntaub ntawv lawv tus kheej tsuas tau txais qhov “muab zais”Cwj pwm. Thaum qhov no tshwm sim, nws yooj yim los nrhiav lawv thiab rov kho lawv tus cwj pwm li qub.
- Tus tsim txoj cai tsim khoom siv txhom tau ua ntau qhov yuam kev thiab qhov chaws zoo yog qhov tsawg heev.
- Yog tias koj kis nrog WannaCry ransomware, muaj qhov zoo uas koj yuav muaj peev xwm rov qab ntau ntau cov ntaub ntawv ntawm lub koos pij tawj uas cuam tshuam.
- Txhawm rau rov qab cov ntaub ntawv, koj tuaj yeem siv cov khoom siv dawb muaj rau cov ntaub ntawv rov qab.
Thawj tsab xov xwm qhov chaw
