NO_MORE_RANSOM - indlela ukuqhaqha amafayela ngekhodi?

Ekupheleni kuka-2016, izwe uhlaselwe igciwane eziwubala-iThrojani kakhulu ngemfihlo imibhalo kanye Soxhumanoningi, NO_MORE_RANSOM awakholelwa. Indlela ukuqaqa amafayela ngemva kokungenwa nalolu songo, futhi Kuzoxoxwa. Nokho, uma kudingekile ukuxwayisa bonke abasebenzisi abaye bahlaselwa, ukuthi akukho ndlela yokwenza olulodwa. Lokhu ixhunyiwe nomunye eziphambili kakhulu ukubethela ubuchule obuphezulu, futhi nezinga Ukungena igciwane ohlelweni computer, noma ngisho inethiwekhi yendawo (nakuba ekuqaleni kunethiwekhi imiphumela futhi hhayi ibalwa).

Yini igciwane NO_MORE_RANSOM ukuthini futhi kusebenza kanjani?

Ngokuvamile, igciwane uqobo njengoba ikilasi ka Trojans ezifana I Love You, okuyinto ukungena ohlelweni computer futhi ukubethela amafayela yomsebenzisi (ngokuvamile multimedia). Nokho, uma noma nomkhulu kwahluka ukubethela kuphela, lokhu igciwane kakhulu lathathwa usongo kanye ezihlaba umxhwele ngokuthi DA_VINCI_COD, ngokuhlanganisa e ngokwayo nayo isebenza extortionist.

Ngemva ukutheleleka, iningi amafayela alalelwayo, video, izithombe kanye imibhalo ehhovisi inikezwa igama elide kakhulu nge NO_MORE_RANSOM isandiso, equkethe iphasiwedi eziyinkimbinkimbi.

Lapho umlayezo wavula sengathi amafayela zombhalo nencazelo umkhiqizo udinga ukukhokha ezinye lemali.

Ngenxa usongo ukungena ohlelweni?

Ake ushiye wedwa umbuzo kanjani, emva NO_MORE_RANSOM umthelela ukuqaqa amafayela zezinhlobo ngenhla, futhi uzame ezobuchwepheshe ukuze uthole okungena ekujuleni igciwane ohlelweni computer. Ngeshwa, njengoba Corny kungase kuzwakale, lisebenzisa indlela endala: nge e-mail iza isinamathiselo ivulekile, umsebenzisi uthola kusebenze futhi ikhodi enonya.

Okwakhe, njengoba singabona, le ndlela alihlukile. Nokho, isigijimi ingase ibonakale sengathi umbhalo lutho lutho. Noma, kunalokho, isibonelo, endabeni izinkampani ezinkulu, - ushintsho nemibandela inkontileka. Kuyaqondakala ukuthi umabhalane abavamile kuvula okunamathiselwe, bese futhi uthola imiphumela abampofu. Omunye igqamuka bhá kwaduma ukubethela iphakethe elisekela idatha 1c. Futhi lokhu kuyindaba engathí sina.

NO_MORE_RANSOM: indlela wokufunda imibhalo?

Kodwa namanje kunomvuzo ukuze ujike yombuzo main. Ngokuqinisekile wonke umuntu unesithakazelo kangakanani ukuqhaqha amafayela. NO_MORE_RANSOM igciwane has a ukulandelana izenzo. Uma umsebenzisi azama ukwenza ukuqaqwa ngokushesha emva kokutheleleka, kwenze enye into ngangokunokwenzeka. Uma usongo ziqine esezinzile uhlelo, maye, ngaphandle kosizo ochwepheshe abakwazi ukukwenza. Kodwa ngokuvamile alinamandla okuzisiza.

Uma usongo kutholakele ngendlela esifike ngesikhathi, indlela eyodwa kuphela - zisebenza izinkampani antivirus ukwesekwa (kodwa akubona bonke imibhalo ziye ngekhodi) ukuthumela i-pair ezingafinyeleleki for kokuvula amafayela ngesisekelo ukuhlaziya yasekuqaleni, egcinwe kwi media esikhiphekayo, sizame ngomusa ukubuyisela imibhalo asebengenwe igciwane, pre ukukopisha ku okufanayo USB flash drive noma kungakhona okunye etholakalayo ukuvula (Nokho isiqinisekiso ngokugcwele ukuthi igciwane asandanga kumadokhumenti ezinjalo akufani). Ngemva kwalokho, i-ukwethembeka yenethiwekhi kubalulekile ukuhlola okungenani igciwane Enani (owaziyo ukuthi yini).

algorithm

Kufanele futhi usho yokuthi ubethele igciwane isebenzisa algorithm RSA-3072, lapho, ngokungafani kuya angaphambilini ubuchwepheshe RSA-2048, liyinkimbinkimbi ngendlela, ukuthi ukukhethwa iphasiwedi elungile, ngisho uzitshela ukuthi lokhu kuzoba ukubhekana yonke akuxhomekile ka-anti-virus labs , kungase kuthathe izinyanga noma iminyaka. Ngakho, umbuzo kanjani wokufunda NO_MORE_RANSOM, zidinga isikhathi esiningi kakhulu. Kodwa kuthiwani uma udinga ukubuyisela imininingwane ngokushesha? Okokuqala - ukususa igciwane uqobo.

Kungenzeka yini ukususa igciwane futhi indlela yokukwenza?

Empeleni, akunzima ukukwenza. Ukwahlulela ngokubukeka khukhumala igciwane Abadali, usongo uhlelo khompyutha simaskwe. Kunalokho - ngisho inzuzo "samoudalitsya" ngemuva kokuphela izenzo ngenhla.

Noma kunjalo, ekuqaleni, belandela ukuhola kweNdikimba igciwane, namanje kufanele neutralized. Isinyathelo sokuqala ukusebenzisa Izinsiza ephathekayo zokuzivikela efana KVRT, Malwarebytes, Dr. CureIt Web! nokunye okunjalo. Qaphela: isetshenziswa ukuvivinya uhlelo kufanele ube uhlobo ephathekayo Kuphoqelekile (ngaphandle kokufaka lutho kwi drive kanzima egijima ngokufanele ezivela kwabezindaba esikhiphekayo). Uma usongo lutholwa, kufanele zisuswe ngokushesha.

Uma isenzo esinjalo singanikezwanga, kuzomele uqale ukuya "Task Manager" futhi siwuqede zonke izinqubo ezihlobene negciwane, ihlelwa igama service (ngokuvamisile, inqubo Isikhathi Broker).

Ngemva kokususa le nkinga, thina kumele bashayele Registry Umhleli (regedit ku imenyu "Run") futhi ukucinga isihloko «Client Server Isikhathi System» (ngaphandle amamaki nekhotheshini), bese usebenzisa imenyu okwenziwa imiphumela "Thola Okulandelayo ..." ukususa zonke izinto ezitholakele. Okulandelayo udinga kabusha computer, futhi bayakholelwa "Task Manager" ukuze ubone uma kukhona inqubo edingekayo.

Ngomqondo onabile, inkulumo umbuzo kanjani wokufunda NO_MORE_RANSOM igciwane namanje esiteji ukutheleleka, futhi zingalungiswa ngale ndlela. Amathuba neutralization Yiqiniso, incane, kodwa kunethuba.

Indlela ukuqaqa amafayela NO_MORE_RANSOM ngekhodi: izipele

Kodwa kukhona enye indlela, okuyinto ambalwa abantu bazi noma Ukuqagela. Iqiniso lokuthi uhlelo lokusebenza njalo batakhele isithunzi izipele yayo (isibonelo, uma yokutakula), noma ngokwakha ngamabomu izithombe ezinjalo. Njengoba umkhuba ubonisa, lokhu igciwane akuphazamisi labo amakhophi (e oyiyo, it is nje singanikezwanga, nakuba kungenzeka).

Ngakho, inkinga ukuthi wokufunda NO_MORE_RANSOM, yangempela ukuze usebenzise ukuthi uphawu. Nokho, ukusebenzisa i-Windows amathuluzi ejwayelekile kungukuthi Kunconywa lokhu (futhi abasebenzisi eziningi amakhophi ezifihliwe ngeke ikwazi ukufinyelela nhlobo). Ngakho-ke, kudingeka usebenzise ShadowExplorer Umbuso (kuba ephathekayo).

Ukubuyisela, umane ukusebenzisa le elisebenzisekayo ifayela hlelo, ukuhlunga ukwaziswa by date noma isihloko, khetha ikhophi oyifunayo (amafayela, amafolda, noma lonke uhlelo) kanye ngemenyu PCM ukusebenzisa umugqa ukuthekelisa. Ngaphezu kwalokho lwemibhalo nje akhethiwe lapho ikhophi zamanje izogcinwa bese isebenzisa standard inqubo yokutakula.

Amathuluzi avela eceleni

Yiqiniso, inkinga ukuthi wokufunda NO_MORE_RANSOM, laboratories eziningi zinikeza izixazululo zabo. Ngokwesibonelo, "Kaspersky Lab 'uncoma ukusetshenziswa software umkhiqizo ayo Kaspersky Decryptor, okwethulwa izinguqulo ezimbili - Rakhini futhi Umphathi.

ukubukeka ezingengaphansi ezithakazelisayo kanye nokuthuthukiswa efanayo like NO_MORE_RANSOM isiqophi semithombo nguDkt I-Web. Kodwa lapha kubalulekile ngokushesha acabangele ukuthi ukusetshenziswa kwezinhlelo ezinjalo ulungisiswa kuphela uma okusheshayo usongo ukuthola, kuyilapho nawe ungalushayi wonke amafayela baye bangenwa. Uma igciwane lizimelele ohlelweni (lapho ngekhodi amafayela nje ngeke kuqhathaniswe nge okwangempela yabo-non-ngekhodi), futhi leso sicelo zingase zingabi usizo.

Ngenxa yalokho

Eqinisweni, isiphetho eyodwa kuphela: azolwa negciwane kumele kube kuphela esigabeni ukutheleleka, uma kukhona kuphela ukubethela lokuqala amafayela. Ngokuvamile, kungcono ukuba uvule okunamathiselwe ku imilayeto ye-imeyili wathola ezivela emithonjeni ezingabazisayo (lokhu kusho kuphela kumakhasimende, efakwe ngqo kwikhompyutha yakho - i-Outlook, Oulook Express, njll). Ngaphezu kwalokho, uma isisebenzi ekuchithweni kwayo uhlu amakhasimende nesibambisene nabo ukubhekana kuvulwa "Kwesobunxele" imiyalezo kungokuhluke okungalungile, njengoba kakhulu ukuqasha izivumelwano uphawu inyatheliswe ka izimfihlo zokuhweba kanye cyber.