I-Petya Ransomware: Umthelela Womhlaba Wonke, Ukusebenza, kanye Nokuvikelwa Okubalulekile

  • I-Petya iyi-ransomware ebhubhisa kakhulu ebhala ngemfihlo yonke idiski futhi ithinte izinkampani nezinhlangano emhlabeni jikelele.
  • Isebenzisa ama-exploits afana ne-EternalBlue kanye namathuluzi afana ne-PsExec ukuze isakazeke ngokushesha kuwo wonke amanethiwekhi e-Windows ngaphandle kokushintsha i-kill.
  • Ukuvimbela kudinga ama-backup aqinisekisiwe, ama-patches akamuva, ukuqeqeshwa kokuphepha kwe-inthanethi, kanye nezixazululo zokuvikela ezithuthukisiwe.
  • Impendulo ehlelekile ngaphambi, ngesikhathi, nangemva kwesigameko inciphisa kakhulu umonakalo wokusebenza kanye nedumela.
Susana Maria Urbano MateosKubuyekezwe ngomhla ka-

Imizuzu ye-5

I-Petya Ransomware inomthelela womhlaba jikelele

I -hlengware entsha ebizwa nge- "Petya" Ihlasele amawebhusayithi amaningana ezinkampani ezinkulu. Ezinyangeni ezidlule, i- wannaCry attack Kubangele isiphithiphithi kumakhompyutha angaphezu kuka-300,000 emhlabeni jikelele; kukholakala ukuthi uPetya uxhumene nalokho uhlobo lwamathuluzi okugenca i-WannaCry futhi wabelana ngama-vector okusabalalisa afanayo.

I-Petya isivele ithumbe izinkulungwane zamakhompyutha, yathinta izinkampani kanye nengqalasizinda yazo kusukela ku- I-Ukraine iya e-United States naseNdiyaLokhu kuthinte Isikhumulo sezindiza samazwe ngamazwe sase-Ukraineemikhumbi yamazwe ngamazwe, ezinkampanini zomthetho nezokukhangisa, futhi kwaholela ekumisweni kwezinhlelo zokuqapha imisebe ezindaweni zenuzi e- IChernobyl, okubonisa umthelela omkhulu womhlaba wonke yale ransomware mayelana nengqalasizinda ebalulekile kanye nezinsizakalo ezibalulekile.

Ukufinyelela emhlabeni wonke kanye nomthelela wePetya

Global Impact Petya Ransomware

Izinkampani eziningi emhlabeni wonke zithintekile yilokhu ukuhlasela kwe-ransomware lokho kuthinta amakhompyutha anezinhlelo ze-Windows futhi ngokuvamile kudinga ukuhlengwa ku Ama-bitcoins ukuzama ukuthola kabusha ukufinyelela. Amazwe athinteke kakhulu afakiwe I-Ukraine, iRussia, i-United Kingdom, kanye ne-Indiayize izehlakalo zibikiwe naseSpain nasezifundeni ezahlukene zaseNyakatho Melika, eNingizimu Melika nase-Asia.

Ochwepheshe bezokuphepha bathole izinhlobo ezahlukene ezihlobene Petya (ebizwa nangokuthi I-Petrwrap), kuyilapho izinkampani ezifana neKaspersky nabanye abathengisi bethole uhlobo olubizwa ngokuthi NotPetya, ochwepheshe abaningi babheka njenge-pseudo-ransomware ephethwe yi- Inhloso eyinhloko ukubangela umonakalo. futhi hhayi ngempela ukuqoqa imali.

Emkhakheni wezinkampani, uPetya wathinteka amaqembu amakhulu okukhangisa, izinkampani ze ingqalasizinda, amandla, ezokwenza imithikanye namahhovisi kahulumeni kanye nokuphathwa komphakathi. Izindleko zangempela azigcini nje ekusizeni: zifaka phakathi ukulahleka noma ukwebiwa kolwaziUkuphazamiseka kwesikhathi eside kokusebenza, umonakalo wedumela, kanye nezindleko zobuchwepheshe nezomthetho. Ezimweni eziningi, uhlelo lokukhokha lwesihlengo lwenziwa lwaba yinto engasetshenziswa noma akukho khiye wokususa ukubethela owanikwa, okuqinisa umbono wokuthi ezimweni eziningi injongo yayiyi bhubhisa idatha futhi udale ukungazinzi.

Impendulo evela ezinhlanganweni zamazwe ngamazwe kanye nabasebenzi bomthetho

Impendulo yamazwe ngamazwe ku-Petya Ransomware

Europol Akakwazanga ukunikeza idatha yokusebenza ehlobene nokuhlasela ekuqaleni; umkhulumeli wakhe Tine hollevoet Uveze ukuthi bazama “ukuthola isithombe esiphelele salokhu kuhlasela” ngokusebenzisana nezimboni kanye nabalingani babo bomthetho. I-Petya “iyisibonakaliso sendlela ubugebengu be-inthanethi obungathuthuka futhi bukhule ngayo, futhi futhi, iyisikhumbuzo sokubaluleka kwebhizinisi nokuphepha.” ukuphepha kwe-cyber"," kusho i-CEO I-Europol, uRob Wainwright.

Ngaphezu kwe-Europol, amaqembu avela ku- Impendulo Yesigameko Abathengisi abaningi (njenge-Check Point, i-Cisco, nabanye) bathole izinhlobo ze-Petya ezazisakazeka eceleni ngaphakathi amanethiwekhi ezinkampaniImibiko eminingi iyavuma ukuthi ukuhlasela kwaqala ngamandla athile e-Ukraine, kwabangela ukuphazamiseka okukhulu kwengqalasizinda ebalulekile ngaphambi kokusabalala kulo lonke elaseYurophu nakwamanye amazwekazi.

Indlela iPetya esebenza ngayo nokuthi kungani ibhubhisa kangaka

I-Petya iyingozi kakhulu ngoba, ngokungafani ne-ransomware ebethela amafayela ngalinye ngalinye, ingakwazi khiya yonke idrayivu yediskiIzinhlobo eziningi zifaka ikhodi Irekhodi Lokuqalisa Eliyinhloko (MBR) kanye nemikhakha ebalulekile yediski, futhi ibonise umlayezo olinganisa i- "ukulungiswa kwesistimu yamafayela" kuyilapho empeleni bebhala ngemfihlo imishini.

Ngokungafani ne-WannaCry, ukuhlasela kukaPetya akubandakanyi "Kill switch"Ngokusho kokuhlaziywa kwe-Europol kanye nemboni, lokhu kwenza kube nzima ukukukhubaza uma sekusabalele. Kwezinye izimo, i-malware ilinda cishe ihora ngemva kokutheleleka ngaphambi kokuqala kabusha uhlelo nokubonisa isexwayiso sokubethela, lapho ingaqhubeka nokusabalala kuyo yonke inethiwekhi.

El Ithimba Lempendulo Yezimo Eziphuthumayo Zekhompyutha lase-United States (US-CERT) kanye nezinye izikhungo zokusabela zaqala ukuthola imibiko eminingi yokutheleleka futhi zaphawula ukuthi lolu hlobo lubangela Izingodo zeWindows futhi isebenzisa ubuthakathaka kusevisi yemiyalezo ye-SMB. Lawa maphutha avumela izinhlelo ezingakalungiswa ukuthi zibe sengozini ngisho noma zinezivikelo eziyisisekelo.

Ifayela elikhonjwe njenge RAMSON_PETYA.SMA Kuhlanganisa izinhlobo ezahlukene kanye nezifo ezibangela ukutheleleka, ezinye zazo ezazisetshenziswa futhi wannaCry attackIzindlela zokusabalalisa zihlanganisa ukuxhashazwa I-SMBv1 “EternalBlue”amathuluzi okuphatha kude njenge I-PsExec ukunyakaza okuseceleni, kanye nemikhankaso ukuphinga ngezinamathiselo noma izixhumanisi ezinonya.

Amasu okuvimbela: okufanele ukwenze ngaphambi, ngesikhathi nangemva kokuhlaselwa

Isivikelo esingcono kakhulu kuPetya yi- isu elibanzi lokuvimbelaOchwepheshe batusa izinyathelo ngezigaba ezintathu: ngaphambi kokuhlasela, ngesikhathi sokutheleleka, nangemva kwesigameko, ukuhlanganisa izilawuli zobuchwepheshe nokuphathwa kwezinto ezithinta abantu.

Ngaphambi kokuhlasela: gcina izipele ezivamile futhi kuqinisekiswe ngokusebenzisa izifanekiso zokuvuselela; sebenzisa nezimagqabhagqabha kanye updates kwezinhlelo zokusebenza nezinhlelo zokusebenza; khubaza amaphrothokholi angavikelekile njenge-SMBv1 lapho kungenzeka khona; sebenzisa izixazululo zokuvimbela usongo bese wenza ukuqeqeshwa kwe-cybersecurity kubasebenzisi.

Ngesikhathi sokuhlasela: nqamula imishini ethintekile kunethiwekhi ukuze ulawule ukusabalala, wazise iziphathimandla namaqembu okusabela, uhlole ububanzi usebenzisa ubuhlakani bezingozi, bese uhlela impendulo ngokusekelwa okukhethekile kwezomthetho nobuchwepheshe.

Ngemva kokuvimbela: yenza ukuhlolwa okujulile kokuphepha, cacisa iminyango yangemuva kanye nezinto zobuciko eziqhubekayo, yenza ukuhlaziywa kwe-forensic kochungechunge lwezehlakalo, futhi uqinise ukuqwashisa komsebenzisiUkusebenzisa izakhiwo zokuphepha ezibeka phambili ukuvimbela kanye nokuhlukaniswa kwenethiwekhi kunganciphisa kakhulu umthelela wezigameko zesikhathi esizayo.

Icala likaPetya kanye nezinhlobo zalo libonisa ukuthi i-ransomware isishintshe ekubeni yinkinga encane yaba yinkinga enkulu. usongo oluhlelekile Kumabhizinisi, ohulumeni kanye nezakhamuzi. Ukufunda kulokhu kuhlasela nokusebenzisa izinyathelo zokuqapha kuyindlela kuphela yokunciphisa umthelela wokuqubuka kwezifo esikhathini esizayo.