I-WannaCry Rhlengware Inamaphutha Wokubhala Amakhodi Angakusiza Ukubuyisela Amafayela Noma Ngemuva Kokutheleleka

Ngenyanga kaMeyi 2017, I-WannaCry, i-ransomware kungenzeka ukuthi kudale umonakalo emhlabeni wonke ngenkathi kushaya cishe ama-PC angama-300,000 emazweni angama-150 kungakapheli amahora angama-72, kepha lokho akusho ukuthi bekuyisiqeshana se-ransomware esezingeni eliphakeme. Yebo, abacwaningi bezokuphepha ku- Ama-Kaspersky Labs ngisanda kuthola amaphutha wokuhlela kukhodi ye-WannaCrypthlengware worm.

Lawa maphutha wokuhlela kukhodi yeWannaCrypthlengwareware angavumela ezinye zezisulu zayo ukubuyisa amafayela abo akhiyiwe ngamathuluzi wokuthola mahhala atholakala esidlangalaleni noma ngemiyalo elula, ngaphandle kokukhokhela noma iyiphi ikhi lokususa ukubhala.

U-Anton Ivanov, umhlaziyi omkhulu we-malware eKaspersky Lab, kanye nozakwabo uFedor Sinitsyn no-Orkhan Mamedov, ngemuva kokucwaninga ngokujulile i-malware, babe nemininingwane enamaphutha amathathu abucayi enziwe ngabathuthukisi beWannaCry abangavumela ama-sysadmins ukuthi abuyisele amafayela angahle alahleke.

Ngokusho kwabaphenyi, le nkinga ihlala ngendlela i-malware eyenza ngayo ukubethela.

"Lapho i-Wannacry ibhala ngemfihlo amafayela wesisulu sayo, ifundeka kufayela lokuqala, ibethela okuqukethwe iphinde ikugcine efayeleni isandiso esithi" .WNCRYT ". Ngemuva kokubethela ihamba ".WNCRYT" iye ku- ".WNCRY" bese isusa ifayili yoqobo. Lo mqondo wokususa ungahluka ngokuya ngendawo nezakhiwo zamafayela wesisulu. ”

I-WannaCry ikopisha amafayela futhi idale amakhophi ayo abetheliwe ngoba akunakwenzeka ukuthi isoftware enobungozi ibethele ngqo noma iguqule amafayela afundwa kuphela. Ngenkathi amafayela woqobo ahlala engathintwanga kepha anikezwa imfanelo 'efihliwe', ukubuyisa idatha yoqobo kumane kudinge izisulu ukuthi zibuyise izimfanelo zazo ezijwayelekile.

https://www.alltechbuzz.net/fix-wannacrypt-ransomware-backdoor/

Ukubuyisa Amafayela ku-System Drive (ie C drive)

Ngokusho kwabaphenyi, amafayela agcinwe 'kumafolda abalulekile', njengefolda yeDeskithophu noma yamaDokhumenti, awakwazi ukutholwa ngaphandle kokhiye wokumisa ngoba i-WannaCry yenzelwe ukubhala ngaphezulu amafayela woqobo ngemininingwane engahleliwe ngaphambi kokususwa.

I-WannaCry Rhlengware Inamaphutha Wokubhala Amakhodi Angakusiza Ukubuyisela Amafayela Noma Ngemuva Kokutheleleka (1) — Qamba kabusha amafayela woqobo angabuyiselwa kusuka ku-% TEMP%

Kodwa-ke, abacwaningi baqaphele ukuthi amanye amafayela agcinwe ngaphandle 'kwamafolda abalulekile' kudrayivu yesistimu angabuyiselwa kusuka kufolda yesikhashana kusetshenziswa isoftware yokutakula idatha.

“Uma ifayela ligcinwa ngaphandle kwamafolda 'abalulekile', ifayela lokuqala lizothuthelwa ku-% TEMP% \% d.WNCRYT (lapho i-% d isho inani lezinombolo). Lawa mafayela aqukethe imininingwane yangempela futhi awabhalwa phansi, asuswa nje kudiski, okusho ukuthi maningi amathuba okuthi ukwazi ukuwabuyisa usebenzisa isoftware yokutakula idatha. ”

Ukuthola Amafayela Kumadrayivu Angesona Ohlelo

Ngokusho kwabacwaningi, kuma-non-system drives, iWannaCry Rhlengware idala ifolda efihliwe ye - '$ RECYCLE', engabonakali kuWindows File Explorer uma inokumiswa okuzenzakalelayo. I-malware bese ihambisa amafayela woqobo kule nkomba ngemuva kokubethela. Noma kunjalo, ungalulama lawo mafayela ngokukhipha kuphela ifolda ethi '$ RECYCLE'.

I-WannaCry Rhlengware Inamaphutha Wokubhala Amakhodi Angakusiza Ukubuyisela Amafayela Noma Ngemuva Kokutheleleka (2) — Amafayela woqobo angabuyiselwa kusuka kudrayivu engeyona yesistimu

Futhi, ngenxa "yamaphutha wokuvumelanisa" kukhodi ye -hlengwareware, ezimweni eziningi amafayela woqobo ahlala enkombeni efanayo futhi awahanjiswa ku- $ RECYCLE, okwenza ukuthi izisulu zibuyise amafayela asuswe ngokungaphephile zisebenzisa isoftware yokuthola idatha etholakalayo.

Amaphutha we-WannaCry Rhlengware Programming:

Abaphenyi beKaspersky Lab bathole ukuthi le -hlengware inegciwane ekucutshungulweni kwefayela lokufunda kuphela. Uma kunamafayela anjalo emshinini onegciwane, i -hlengwareware ngeke iwabethele nhlobo. Izokwakha kuphela ikhophi ebetheliwe yefayela ngalinye loqobo, kuyilapho amafayela woqobo uqobo ethola "efihliwe”Imfanelo. Uma lokhu kwenzeka, kulula ukubathola futhi ubuyisele izimfanelo zabo ezijwayelekile.

I-WannaCry Rhlengware Inamaphutha Wokubhala Amakhodi Angakusiza Ukubuyisela Amafayela Noma Ngemuva Kokutheleleka (3) — Amafayela wokufunda kuphela aqinile abetheliwe futhi ahlala endaweni efanayo

Abathuthukisi be -hlengoware benze amaphutha amaningi futhi ikhwalithi yekhodi iphansi kakhulu.
Uma ungenwe yi-WannaCryhlengwareware, kunethuba elihle lokuthi uzokwazi ukubuyisa amafayela amaningi kukhompyutha ethintekile.
Ukubuyisa amafayela, ungasebenzisa izinsiza zamahhala ezitholakalela ukutakula ifayela.

Isihloko sokuqala umthombo

Izindaba, UHLELO-UKUPHEPHA, Tech, IZIBUYEKEZO ZOBUCHULE, ezihamba phambili

Mayelana umbhali

I-WannaCry Rhlengware Inamaphutha Wokubhala Amakhodi Angakusiza Ukubuyisela Amafayela Noma Ngemuva Kokutheleleka

Ukubuyisa Amafayela ku-System Drive (ie C drive)

Ukuthola Amafayela Kumadrayivu Angesona Ohlelo

Amaphutha we-WannaCry Rhlengware Programming:

Chaitanya

Izindlela ezi-5 Zokuthola Imilayezo Ye-Facebook Messenger Chat Esusiwe

Ungayikhetha Kanjani iBlockchain Ehamba phambili ye-eSports

Ukuqonda i-VAT e-UAE: Amanani, Ukubala, kanye Nomthelela Wezomnotho