Igciwane libethelele amafayela futhi liqanjwe kabusha. Indlela yokuchofoza amafayela afakwe nge-virus

Muva nje kuye kwaba nokuqhutshwa komsebenzi wesizukulwane esisha sezinhlelo zekhompyutha ezinonya. Babonakala isikhathi eside (eminyakeni engu-6 kuya ku-8 eyedlule), kodwa ijubane lokuqaliswa kwazo lifinyelele ekuphezulu okwamanje. Ngokwandisa, ungabona ukuthi igciwane lifihlile amafayela.

Sekuvele kwaziwa ukuthi lezi akuzona nje isofthiwe engalungile, isibonelo, ukuvimbela ikhompiyutha (kubangela ukubonakala kwesikrini esibhakabhaka), kodwa izinhlelo ezinzulu ezihlose ukulimaza, njengomthetho, idatha yokubalwa. Zibhala zonke amafayela atholakala ngaphakathi, kufaka phakathi idatha ye-accounting ye-1, i-docx, i-xlsx, i-jpg, i-doc, i-xls, i-pdf, i-zip.

Ingozi ekhethekile yamagciwane okucatshangelwayo

Kuqukethe ukuthi ngesikhathi esisodwa i-RSA-ukhiye isetshenziswe, ehlanganiswe kumakhompiyutha womsebenzisi othize, ngakho-ke i-decryptor yomhlaba wonke (i- decryptor ) ayikho. Ama-virus acushiwe kwelinye lamakhompyutha angase asebenze kwenye.

Ingozi yukuthi isikhathi esingaphezu konyaka abakhi abakhiwe kakade (abakhi) bebekwe ku-intanethi, bavumela ngisho nabalandeli abanjalo (labo abazicabangela ukuthi bahlezi, kepha abafundile ukuhlela) ukuthuthukisa loluhlobo lwegciwane.

Ngesikhathi samanje, ukuguqulwa okunamandla okunamandla kuye kwavela.

Indlela yokwethulwa kwedatha ye-malware

Igciwane lihanjiswa ngenhloso, njengomthetho, emnyangweni we-accounting wenkampani. Okokuqala, iminyango yezinsizakalo iqoqwa, iminyango yokubalwa kwemininingwane evela ezinqolobaneni ezifana nalokhu, isibonelo, hh.ru. Bese sithumela izinhlamvu. Ngokuvamile ziqukethe isicelo sokungena endaweni ethile. Kule ncwadi kufakwe ifayili ngesifinyeto, ngaphakathi kwayo idokhumenti langempela into ehlanganisiwe ye-OLE (ifayela le-PDF elinesifo).

Ezimweni lapho abaqaphi bezimali beqala khona le dokhumenti, ngemuva kokuqala kabusha, okulandelayo kwenzeke: igciwane liphinde labizwa futhi libethelwe amafayela, bese libhubhisa.

Incwadi enjalo, njengombuso, ibhalwe ngokwanele futhi ithunyelwe ebhokisini elingenabhokisi (igama lihambisana nesignesha). Isikhundla sihlale siceliwe ngesisekelo somsebenzi wokuphrofayli wenkampani, ngakho-ke izinsolo azivuki.

Ayikho ilayisensi "Kaspersky" (Uhlelo lwe-antivirus) noma "i-Virus Total" (isevisi enkundleni yokuhlola okunamathiselwe kumagciwane) ayikwazi ukuvikela ikhompyutha kulokhu. Ngezinye izikhathi, isofthiwe esithile se-anti-virus ihlola lapho ithi isinamathiseli iqukethe i-Gen: i-Variant.Zusy.71505.

Ungakugwema kanjani ukutheleleka ngaleli gciwane?

Kufanele uhlole ifayela ngalinye elitholiwe. Ukuqaphela ngokukhethekile kubhalwa imibhalo yaseVordovian, ehlanganiswe pdf.

Izinhlobonhlobo zezinhlamvu "ezinegciwane"

Kuneziningi zazo. Ukuhluka okuvame kakhulu kwendlela igciwane elibethelwa ngayo amafayela linikezwe ngezansi. Kuzo zonke izimo amaphepha alandelayo athunyelwa e-mail:

1. Isaziso mayelana nokuqala kwenqubo yokucutshungulwa kwecala elibhekiswe enkampanini ethile (le ncwadi ibonisa ukuhlola idatha ngokuchofoza isixhumanisi).
2. Incwadi evela e-RF Supreme Arbitration Court yokuqoqa isikweletu.
3. Umlayezo ovela eSberbank mayelana nokwanda kwezikweletu ezikhona.
4. Isaziso sokuphulwa kwemithetho yomgwaqo.
5. Incwadi evela ku-Agency yokuqoqa okubonisa ukuthi kungenzeka ukuhoxiswa kokukhokha.

Isaziso sokubhalwa kwefayela

Izovela emva kokutheleleka kufolda yezimpande ze-drive C. Ngezinye izikhathi amafayili anomhlobo we-WHAT_DEL .txt, CONTACT.txt afakwa kuwo wonke amarekhodi anombhalo owonakele. Lapho, umsebenzisi unolwazi mayelana nokubhalwa kwamafayili akhe, okusetshenziselwa ukuhlelwa kwe-crypto-resistant algorithms. Futhi umxwayise ngokungazisebenzisi kokusebenzisa izinsiza zangaphandle, ngoba lokhu kungaholela ekulimaleni kokugcina emafayeleni, okuzoholela ekungenakwenzeka kwe-decoding yabo eyalandelayo.

Esikhathini isaziso kunconywa ukuthi ushiye ikhompiyutha esimweni esingashintshi. Kubonisa isikhathi sokugcinwa kwesihluthulelo esinikeziwe (ngokuvamile izinsuku ezingu-2). Usuku olunqunyiwe lunikeziwe, emva kwalokho noma yiluphi uhlobo lwezokwelapha luzobe lubekwe eceleni.

Ekupheleni, i-e-mail inikezwa. Iphinde ithi umsebenzisi kumele acacise ID yakhe nokuthi noma yikuphi kwalokhu okulandelayo kungaholela ekuqedeni ukhiye, okungukuthi:

• Ukuvuma;
• Imininingwane yokucela ngaphandle kokukhokha okunye;
• Izinsongo.

Indlela yokuchofoza amafayela afakwe nge-virus?

Loluhlobo lokubethela lunamandla kakhulu: ifayela linikezwa isandiso njengengqayizivele, ubuhle, njll. Kulula ukuyibeka phansi, kodwa ungazama ukuxhuma i-cryptanalyst futhi uthole ukuhleleka (kwezinye izimo uDkt. WEB uzosiza).

Kunendlela eyodwa yokubuyisela amafayili e-virus, kodwa ayihambisani nawo wonke amagciwane, futhi uzodinga ukudonsa u-exe wangempela kanye naloluhlelo oluyingozi, olungelula ukukwenza ngemva kokulimaza.

Isicelo segciwane mayelana nokwethulwa kwekhodi ekhethekile kuyisheke esincane, ngoba ifayela selivele linemodeli ngaleso sikhathi (ikhodi ngeke idingeke kubagebengu, okushoyo). Okuyinhloko yale ndlela kubhala imiyalo engenalutho kwisifo esenele (endaweni yokuqhathanisa ikhodi yokufaka). Umphumela wukuthi uhlelo oluyingozi luqala ukukhishwa kwamafayela futhi ngaleyo ndlela lubuyiselwe ngokuphelele.

Igciwane ngalinye elihlukile linomsebenzi walo wokubhaliwe okhethekile, okusho ukuthi awukwazi ukuchithwa ifayela langaphandle (i-exe ifomethi yefomethi), noma ungazama ukukhetha umsebenzi ongenhla, okudingeka ukwenze kuzo zonke izenzo ku-WinAPI.

Igciwane lafakaza amafayela: yini okufanele yenziwe?

Ukuze wenze inqubo yokumemezela uzodinga:

1. Isipele (ukulondoloza amafayela akhona). Ekupheleni kokumemezela, yonke into izodlula ngokwayo.
2. Kukhompyutha (igciwane), kuyadingeka ukuqala loluhlelo olubi, bese ulinda ifasitela equkethe isicelo sokwethulwa kwekhodi.
3. Okulandelayo, udinga ukuqala kusuka kufayili yomlando efakwe ku-Patcher.exe.
4. Isinyathelo esilandelayo ukufaka inombolo yenqubo yegciwane, emva kwalokho kuyadingeka ukuba ucindezele inkinobho yokungenisa.
5. Umlayezo othi "i-patched" uvela, okusho ukuqinisa imiyalo yokufanisa.
6. Okulandelayo, faka noma yiziphi izinhlamvu kule nsimu yokufaka ikhodi, bese uchofoza inkinobho ethi "Kulungile".
7. Igciwane liqala inqubo yokwabalalisa amafayela, ekupheleni kwawo okuzenzekelayo.

Ungakugwema kanjani ukulahlekelwa kwedatha ngenxa ye-malware embuzweni?

Kufanelekile ukwazi ukuthi esimweni lapho igciwane lifihlile khona amafayela, kuzothatha isikhathi senqubo yokumemezela. Iphuzu elibalulekile ukuthi kwisofthiwe enonya engenhla kukhona iphutha elikuvumela ukuba ulondoloze ingxenye yamafayela uma usula ngokushesha ikhompyutha (phonsa ipulaki kusuka ekuphumeni, cisha isihlungi samandla, susa ibhethri uma kwenzeka i-laptop) ngokushesha nje lapho inombolo enkulu yamafayela nesandiso esicacisiwe ngaphambili .

Futhi kufanele kugcizelelwe ukuthi into esemqoka ukudala njalo isipele, kodwa hhayi kwenye ifolda, hhayi emithonjeni ekhishwayo efakwe kukhompyutha, njengoba lokhu kuguqulwa kwegciwane kuzofinyelela lezi zindawo. Kufanelekile ukulondoloza ama-backups kwenye ikhompyutha, ku-hard drive engaxhunyiwe ngokuphelele kwikhompyutha, nasefu.

Kubalulekile ukuphatha ngokusola yonke imibhalo efika e-mail evela kubantu abangaziwa (ngendlela yokubuyiselwa, isimali sokukhishwa kwezimpahla, Izinqumo ezivela eNkantolo Ephakeme Ye-Arbitration noma intela, njll). Ungazigibeli kukhompyutha yakho (ngale njongo, ungakhetha inetha elingenayo idatha ebalulekile).

Uhlelo olungalungile * .paycrypt @ gmail.com: indlela yokulungisa

Esikhathini lapho igciwane elingenhla lifaka khona amafayela cbf, doc, jpg, njll, kunezinketho ezintathu kuphela zokuthuthukiswa komcimbi:

1. Indlela elula yokuyiqeda ukususa wonke amafayela aphethwe (lokhu kuyamukeleka, ngaphandle uma idatha ibaluleke kakhulu).
2. Iya ohlelweni lwe-unqulo wesi arab, isibonelo, uDkt. I-WEB. Thumela abathuthukisi amafayili amaningi athelelekile, kanye nekhibhodi yokumisa, ekhompyutheni njenge-KEY.IQINISO.
3. Indlela ebiza kakhulu. Kuhilela ukukhokha imali eceliwe ngabaduni ukuze kukhishwe amafayela anegciwane. Ngokuvamile, izindleko zalesi sevisi ziphakathi kwama-dollar angu-200 kuya ku-500 US. Lokhu kuyamukeleka esimeni lapho igciwane lifake khona ngekhodi amafayela enkampanini enkulu, lapho ulwazi oluthe xaxa lugeleza khona nsuku zonke, futhi lolu hlelo olubi lungenza umonakalo omkhulu kumbuthana wemizuzwana. Kulokhu, ukukhokha kuyindlela esheshayo yokuthola amafayela anesifo.

Ngezinye izikhathi inketho eyengeziwe iyasebenza futhi. Uma kwenzeka ukuthi igciwane lifakela amafayela (paycrypt @ gmail_com noma enye isofthiwe enonya), uhlelo lungasuswa emuva ezinsukwini ezimbalwa ezedlule.

Uhlelo lokucubungula i-RectorDecryptor

Uma igciwane lishaya i-jpg, i-doc, i-cbf, nokunye amafayela, khona-ke uhlelo olukhethekile lungasiza. Ukuze wenze lokhu, okokuqala kudingeka uqale ekuqaliseni uphinde uvale konke ngaphandle kwe-antivirus. Okulandelayo, kumele uqalise kabusha ikhompyutha. Buka wonke amafayela, qinisekisa okusolisayo. Insimu ngaphansi kwegama elithi "Umyalo" ibonisa indawo yefayela elithile (ukunakekelwa kufanele kukhokhwe kwizicelo ezingenayo isignesha: umkhiqizi - akukho idatha).

Wonke amafayela asolisayo kufanele asuswe, okwathi ngemva kwalokho uzodinga ukuhlanza amakhamera wesiphequluli, amafolda wesikhashana (i-CCleaner ifanele lokhu).

Ukuze uqale ukubethelwa kabusha, udinga ukulanda uhlelo olungenhla. Bese uqale bese uqhafaza inkinobho ethi "Qala ukuskena," ekhombisa amafayela ashintshiwe nokwandiswa kwazo. Ezinguqulo zanamuhla zalolu hlelo, ungacacisa kuphela ifayela elinesifo bese uchofoza inkinobho "Vula". Ngemuva kwalokho, amafayela azokhishwa.

Ngokulandelayo, i-Umbuso uhlola ngokuzenzakalelayo yonke idatha yekhompyutha, kufaka phakathi amafayela kulayini wenethiwekhi ethintekayo , futhi uyayifaka. Le nqubo yokutakula ingathatha amahora amaningana (kuye ngokuthi inani lomsebenzi nesivinini sekhompyutha).

Ngenxa yalokho, wonke amafayela awonakele azokwehliselwa emkhombandlela ofanayo lapho ayekhona khona ekuqaleni. Ekugcineni, kuzodingeka kuphela ukususa wonke amafayela ngesandiso esolisayo, lapho ungabheka khona "Susa amafayili abhaliwe ngemuva kokufaka isicelo sokumemezela ngokuphumelelayo" ngokuchofoza inkinobho ethi "Shintsha imingcele ye-scan". Kodwa-ke, kungcono ukungayifaki, ngoba uma kungabikho ukukhishwa kwamafayela angaphumelelanga, kungasuswa, futhi ngemuva kwalokho kumele kuvuselelwe.

Ngakho-ke, uma igciwane lifakela amafayela e-doc, cbf, jpg, njll, ungasheshi ukukhokha ikhodi. Mhlawumbe ngeke akudinge.

Ama-nuances ekususeni amafayela obhaliwe

Uma uzama ukuqeda wonke amafayela abonakele ngokusesha okujwayelekile bese ususa, ikhompyutha ingase ibeke futhi ihlehlise. Kulokhu, ngale nqubo, kufanele usebenzise umugqa okhethekile womyalo. Ngemva kokuyiqhuba, udinga ukungena okulandelayo: del ": \ *. " / f / s.

Kumelwe ususe amafayela afana ne- "Funda-me.txt", okumele ucacise kulo mzila womyalo: del ": \ *. " / f / s.

Ngakho-ke, kungaphawulwa ukuthi uma igciwane liqanjwe futhi libhalwa ngamafayela, akufanelekile ukuchitha imali ngokushesha ekuthengeni isihluthulelo kubahlaseli, okokuqala kufanele uzame ukuthola inkinga ngokwakho. Kungcono ukutshala imali ekuthengeni uhlelo olukhethekile lokuchithwa kwamafayela abonakalisiwe.

Okokugcina kubalulekile ukukhumbula ukuthi kulesi sihloko umbuzo ucatshangelwa ukuthi ungabhala kanjani amafayela afakwe ngegciwane.