NO_MORE_RANSOM - ukungafihli ngayo iifayile zombhalo?

Ngasekupheleni 2016, ihlabathi yahlaselwa yintsholongwane engenamsebenzi-seTrojan kakhulu ngemfihlo amaxwebhu kunye nesiqulatho multimedia, NO_MORE_RANSOM owaziwa. Indlela ukususa iifayile emva kokuba sesichengeni eli sisongelo, kwaye kuya kuxoxwa ngazo ngakumbi. Nangona kunjalo, xa kuyimfuneko ukuba alumkise bonke abasebenzisi abaye bahlaselwa, ukuba akukho indlela enye. Oku edibene omnye ubuchule kakhulu uHlobo oluNgabonakaliyo, kwaye olukumgangatho elalana kwentsholongwane kwinkqubo yekhompyutha, okanye indawo womnatha (nangona ekuqaleni malunga neziphumo network kwaye ayibalwanga).

Yintoni intsholongwane NO_MORE_RANSOM kwaye isebenza njani?

Ngokubanzi, intsholongwane ngokwalo njengoko udidi Trojans ezifana I Love You, leyo zingene kwinkqubo yekhompyutha kwaye uguqulela iifayile lomsebenzisi (ngokuqhelekileyo multimedia). Noko ke, ukuba utatomkhulu hlukile ufihlo kuphela, le ntsholongwane kubolekwe kakhulu nezoyikiso kanye block ekuthiwa DA_VINCI_COD, edibanisa kwi ngokwayo isebenza extortionist.

Emva sifo, uninzi iifayile odiyo, ividiyo, imizobo kunye namaxwebhu ofisi unikwe igama elide kakhulu kunye NO_MORE_RANSOM ulwandiso, equlethe lokugqitha ezintsonkothileyo.

Xa umyalezo wavula kubonakala ukuba ifayile asongiweyo kunye khowudi yasiwa kumbhalo ukuba imveliso kufuneka ukuba uhlawule ezinye mali.

Njengoko isisongelo ukungena kule nkqubo?

Makhe ushiye yedwa umbuzo ukuba, emva kokuba NO_MORE_RANSOM ifuthe ukususa iifayile ze naziphi na iintlobo ngasentla, nibuyele neteknoloji ukuze bangangeni intsholongwane kwinkqubo yekhompyutha. Ngelishwa, njengokuba corny njengoko kuvakala unakho, isebenzisa indlela endala-lixesha: nge e-mail luza uthimbo livulekile, umsebenzisi ufumana okuvula kunye nekhowudi ngolunya.

Ukuziqambela, njengokuba ubona, le ndlela akukho ezahlukeneyo. Nangona kunjalo, lo myalezo ukuba bezenze itekisi engamampunge nantoni na. Okanye, phezu koko, umzekelo, kwimeko kwiinkampani ezinkulu, - utshintsho nemiqathango yesivumelwano. Kuyaqondakala ukuba unobhala oqhelekileyo ivula uthimbo, uze emva koko kwaye ufumana neziphumo ezibi. Enye ezithile aqaqambe kwaduma iziseko iphakheji encryption data 1C. Kwaye lo ngumbandela onzulu.

NO_MORE_RANSOM: indlela izakhi la maxwebhu?

Kodwa kulungile ukuba kumbuzo engundoqo. Ngokuqinisekileyo bonke unomdla ukungafihli ngayo iifayile. NO_MORE_RANSOM gciwane ulandelelwano lweentshukumo. Ukuba umsebenzisi ezama ukwenza khowudi yasiwa kumbhalo ngoko nangoko emva usuleleko, ube yinto enye kangangoko kunokwenzeka. Ukuba usongo ngokuqinileyo kuhlala kwinkqubo, yeha, ngaphandle koncedo iingcali ayikwazi ukukwenza. Kodwa ke kaninzi namandla.

Ukuba songo ibonakele ngendlela ngexesha, indlela enye kuphela - isicelo iinkampani antivirus inkxaso (kodwa hayi onke amaxwebhu ziye zombhalo) ukuthumela izihlangu yomkhondo lokuvula iifayile kunye ngokusekelwe kuhlalutyo yokuqala, zigcinwe kumajelo asuswayo, zama ukubuyisela amaxwebhu abasele bosulelwe ngaphambili kukopa kwi enye USB flash drive nantoni na iyafumaneka ukuvula (nangona isiqinisekiso ngokupheleleyo ukuba le ntsholongwane asiqhenqethanga ukuba amaxwebhu onjalo efanayo). Emva koko, ngokuba njengomthuthi ukunyaniseka kuyimfuneko ukuhlola ubuncinane vuavanyisi virus (oyaziyo into).

algorithm

Kufuneka kwakhona ukhankanye into yokuba ukuba uguqulele kwi khowudi i intsholongwane isebenzisa algorithm RSA-3072, nto leyo, ngokwahlukileyo kubuchwepheshe RSA-2048 isetyenziswa ngaphambili unzima kakhulu, ukuba ukukhethwa iphasiwedi elungile, nokuba siziqhatha ukuba oku kuza kujongana nalo lonke elinokuvela le iilebhu anti-virus , ingathatha iinyanga okanye iminyaka. Ngoko ke, umbuzo ukuwuqonda njani NO_MORE_RANSOM, kufuna ixesha elide kakhulu. Kodwa kuthekani ukuba ufuna ukubuyisela inkcazelo ngoko nangoko? Okokuqala - ukucima intsholongwane ngokwayo.

Ngaba kunokwenzeka ukuba ukususa intsholongwane nendlela yokwenza oko?

Eneneni, akukho nzima ukuyenza. Ngokuqwalasela ikratshi bemeko- yintsholongwane, ugrogriso inkqubo kwikhompyutha ezigqunyiweyo. On koko - ukuba nokuba inzuzo "samoudalitsya" emva kokuphela iintshukumo ngentla.

Noko ke, ekuqaleni, elandela ukhokelo kwale ntsholongwane, ukuba kunjalo kufuneka bangabi namandla. Inyathelo lokuqala kukuba ukusebenzisa i eziluncedo eziphathwayo yokhuselo efana KVRT, Malwarebytes, Dr. CureIt Web! kwaye njengazo. Qaphela: kusetyenziselwa uvavanyo inkqubo kufuneka ibe luhlobo eziphathwayo inyanzelekile (ngaphandle kokufaka nto kwi-hard drive kunye isebenza ngokupheleleyo ukusuka zosasazo abasusekayo). Ukuba usongo elibhaqiweyo, kufuneka isuswe ngoko nangoko.

Ukuba senzo ungekho, kufuneka kuqala uye "Umphathi Task" ukuligqiba zonke iinkqubo ezinxulumene yintsholongwane, esotiweyo ngegama inkonzo (njenge, inkqubo zexesha Broker).

Emva kokususa le ngxaki, kufuneka ubize i Umhleli Registry (regedit kwi menu "Baleka") nokukhangela isihloko «Server Client zexesha System» (ngaphandle iimpawu zocaphulo), kwaye ke ukusebenzisa loo menu move on kwiziphumo "Fumana Okulandelayo ..." ukususa zonke izinto ezifumaneka. Okulandelayo kufuneka iqale ikhompyutha, zikholwe kwi "Umphathi Task" ukuze ubone ukuba kukho inkqubo efunekayo.

Enyanisweni, umbuzo ukuze ziqonde ukuba ntsholongwane NO_MORE_RANSOM isekhona eqongeni losulelo, kwaye isonjululwe le ndlela. Amathuba neutralization, Kakade ke, into encinane, kodwa kukho ithuba.

Indlela ukususa iifayile NO_MORE_RANSOM ofihliweyo: kwideskithophu

Kodwa ke kukho enye indlela, apho bambalwa abantu obaziyo okanye uqikelelo. Inyaniso yokuba inkqubo yokusebenza rhoqo kudala izimamva yayo isithunzi zokubhala (umzekelo, xa kwimeko recovery), okanye ngokudala ngabom mifanekiso. Njengoko practice ubonisa, le ntsholongwane aluchaphazeli ezo iikopi (kubume bayo, oko nje ungekho, nangona oko kunokwenzeka).

Ngoko ke, ingxaki ukuwuqonda njani NO_MORE_RANSOM, amathumba phantsi ukuze usebenzise ukuba isimboli. Noko ke, ukusebenzisa izixhobo standard Windows akukhuthazwa ukuba le (kunye nabasebenzisi abaninzi iikopi ezifihlakeleyo akayi kuba ukufikelela kwaphela). Ngoko ke, kufuneka usebenzise ShadowExplorer eluncedo (oko ephathekayo).

Ukubuyisela, ukubaleka nje okuphunyeziweyo ifayile inkqubo, ukuhlela ulwazi ngosuku okanye isihloko, khetha i ikopi efunekayo (iifayile, iincwadi, okanye indlela yonke) kwaye usihla kwimenyu PCM ukusebenzisa umgca kwamanye amazwe. Olunye ulawulo olukhethiweyo nje apho ikopi yangoku iya kugcinwa kwaye ngoko lisebenzisa inkqubo recovery eqhelekileyo.

izixhobo zomntu wesithathu

Kakade ke, ingxaki ukuwuqonda njani NO_MORE_RANSOM, iilebhu abaninzi banikele izisombululo zabo. Umzekelo, "Kaspersky Lab" icebisa ukusetyenziswa kwemveliso yayo isoftwe Kaspersky Decryptor, inikwa iinguqulelo ezimbini - Rakhini kunye Ngqonyela.

look Akukho umdla kangako kunye nophuhliso ezifana NO_MORE_RANSOM idikhowuda ngu Dr. Web. Kodwa apha kuyimfuneko nangoko ukuze bakuthathele ingqalelo ukuba ukusetyenziswa kweenkqubo ezinjalo bugwetyelwe kuphela xa Ubhaqo izoyikiso rapid na, lo gama zonke iifayili sele bosulelekile. Ukuba ntsholongwane zigxile kwinkqubo (xa khowudi iifayile nje ayinakuze ithelekiswe kunye originals zabo enga-fihlwanga), kwaye isicelo ibe nganto.

Ngenxa yoko

Enyanisweni, lo sigqibo enye kuphela: okulwa intsholongwane kufuneka ibe kuphela eqongeni losulelo, xa kukho kuphela ngokufihlisa yokuqala fayile. Ngokubanzi, kungcono ukuba ukuvula izincamathiselo imiyalezo ye-imeyile evela kwimithombo athandabuzekayo (oku kubhekiselele kuphela kubathengi, efakiweyo ngqo kwi khompyutha yakho - Outlook, Oulook Express, njalo njalo). Ukongeza, ukuba umqeshwa unayo yayo uluhlu abathengi kunye namaqabane ukujongana ukuvulwa imiyalezo 'Ekhohlo "zako ezingafanelekanga, njengoko inkoliso baqesha izivumelwano pahaha uphawu iimfihlakalo zorhwebo, kunye nokhuseleko intanethi.