Back to Question Center
0

Mene ne CryptoLocker Kuma Ta yaya Za Ka guji Shi - Jagoran Bayanan Daga Semalt

1 answers:

CryptoLocker ne mai fansa. Hanyoyin kasuwanci na fansa ita ce samar da kuɗi daga masu amfani da intanit. CryptoLocker yana inganta yanayin da aka samo asali daga '' '' '' '' '' '' '' '' '' '' '' '' '' '' '' '' '' '' '' '' '' '' '' '' '' 'virus da ke buƙatar masu amfani da Intanet don su biya kuɗi don sake buɗe na'urori CryptoLocker ya keta manyan takardu da fayiloli kuma ya sanar da masu amfani su biya fansa a cikin tsawon lokaci.

Jason Adler, mai ba da shawara ga abokin ciniki na Semalt Abubuwan Ayyuka, yana bayyanawa akan tsaro CryptoLocker kuma yana bada wasu matsalolin tursasawa don kauce masa.

Shigarwa Malware

CryptoLocker ya shafi zamantakewar aikin injiniya na zamantakewa don yaudarar masu amfani da Intanet don saukewa da gudanar da shi. Mai amfani da imel ɗin ya sami sakon da yana da fayil na ZIP mai kare kalmar sirri. Adireshin imel ya zama daga kungiyar da ke cikin kasuwancin kasuwanci.

Trojan yana gudana lokacin da mai amfani email ya buɗe fayil ɗin ZIP ta amfani da kalmar sirri da aka nuna. Yana da kalubale don gano CryptoLocker saboda yana amfani da matsayin da ta dace na Windows wanda ba ya nuna girman sunan fayil. Lokacin da wanda aka azabtar ya kaddamar da malware, Trojan ɗin yana aikata ayyuka daban-daban:

a) Trojan yana ceton kansa a babban fayil wanda ke cikin bayanin martabar mai amfani, alal misali, LocalAppData.

b) Trojan yana gabatar da maɓalli ga wurin yin rajistar. Wannan aikin yana tabbatar da cewa tana gudanar da yayin tafiyar da kwamfutarka.

c) Yana gudanar ne bisa ga matakai biyu. Na farko shi ne babban tsari. Na biyu shi ne rigakafin dakatar da babban tsari.

Fayil din fayil

Trojan yana samar da maɓallin daidaitaccen bazuwar kuma yana amfani da ita ga kowane fayil da aka ɓoye. An ƙunshi ɓangaren fayil ɗin ta hanyar amfani da alfahari na AES da maɓallin alama. Maballin maɓallin ya ɓoye bayanan ta amfani da maɓallin ɓoyayyen maɓallin asymmetric algorithm (RSA). Maballin ya kamata ya zama fiye da 1024 ragu..Akwai lokuta inda aka yi amfani da mažallan mažallan 2048 cikin tsari na boyewa. Trojan ɗin ya tabbatar da cewa mai bada damar RSA mai zaman kanta yana samun maɓallin bashi wanda aka yi amfani da shi a cikin ɓoyewar fayil ɗin. Baza'a iya dawo da fayilolin da aka sake rubutawa ta yin amfani da tsarin kulawa ba.

Da zarar gudu, Trojan yana samun maɓallin jama'a (PK) daga uwar garken C & C. A cikin gano C & C uwar garke mai aiki, Trojan yana amfani da algorithm algorithm (domain generation algorithm) domin samar da sunayen yanki bazuwar. Ana kira DGA kamar "Misterenne twister". Wannan algorithm ya shafi kwanan nan wanda yake iya samar da fiye da 1,000 a kowace rana. Yankunan da aka kirkiro suna da nau'o'i daban-daban.

Trojan yana sauke PK da kuma adana shi cikin HKCUSoftwareCryptoLockerPublic Key. Trojan ɗin yana fara fayilolin fayiloli a cikin rumbun kwamfutar da fayilolin cibiyar sadarwa wanda mai amfani ya buɗe. CryptoLocker ba zai shafi duk fayiloli ba. Yana kawai ƙaddamar da fayilolin da ba'a iya aiwatar da su waɗanda suke da kari waɗanda aka kwatanta a cikin code na malware. Wadannan kariyar fayiloli sun haɗa da * .odt, * .xls, * .pptm, * .rft, * .pem, da * .jpg. Har ila yau, CryptoLocker yana rikodin kowane fayil wanda aka boye zuwa HKEY_CURRENT_USERSoftwareCryptoLockerFiles.

Bayan aiwatar da boye-boye, cutar ta nuna saƙo da ake buƙatar biyan fansa a cikin kwanakin lokaci. Dole ne a biya biyan kuɗin kafin maɓallin keɓaɓɓiyar an hallaka.

guji CryptoLocker

a) Masu amfani da imel za su kasance masu sakonnin saƙo daga mutane ko kungiyoyi.

b) Masu amfani da Intanit ya kamata su katse kariyar fayiloli na ɓoye don inganta haɓakawa na malware ko harin ƙwayar cuta.

c) Ya kamata a adana manyan fayiloli a tsarin madadin.

d) Idan fayiloli suka kamu da cutar, mai amfani bai kamata ya biya fansa ba. Ba za a sami sakamako ba Source .

November 28, 2017