I-Palo Alto Networks ifumanisa iRansomware Iithagethi zeMacs
Ngo-Matshi 4, 2016, uPalo Alto Networks, iqumrhu elikhuselekileyo lokhuseleko, wathumela ukufunyanwa kwalo kweKeyanger ransomware echaphazela ukuThuthwa kweMali, i-Mac BitTorrent client. I-malware yangempela ifunyenwe ngaphakathi kwefowuni ye-Transmission version 2.90.
I-website ye-Transmission yakhawuleza ithatha isifaki esiphelelekileyo kwaye iyanxusa nabani abasebenzisa iTransmission 2.90 ukuba bahlaziywe kwi-version 2.92, eqinisekisiwe yiTransmission ukuba ikhululeke yeKeyanger.
Ukudluliselwa akuzange kuxubushe indlela umfakisi-fakeli ogulayo angakwazi ngayo ukusingathwa kwiwebhusayithi yakhe, kwaye akukho Palo Alto Networks akwazi ukucacisa indlela i-site yokuThunyelwa kuyo ifakwe ngayo.
KeRanger Ransomware
I-KeRanger ransomware isebenza njengokuba ininzi i-ransomware iyenzayo, ngokubetha iifayile kwi-Mac yakho, ize ifune ukuhlawulwa; Kule meko, ngendlela ye-bitcoin (okwangoku ixabiso elikufutshane ne-$ 400) ukukunika ukhiye wokubhala ukubuyisela iifayile zakho.
I-KeRanger ransomware efakwe ngufakeli weTransmission. I-installer isebenzisa isitifiketi soqulunqo sohlelo lokusebenza lwe-Mac, evumela ukufakela i-ransomware ukuba ibhabhise iteknoloji ye-OS X ye-Gatekeeper , ekhusela ukufakwa kwe-malware kwi-Mac.
Emva kokufakiwe, uKeRanger usetha uxhulumaniso kunye nomncedisi osekude kwi-network yeT Tor. Emva koko uya kulala iintsuku ezintathu. Emva kokuba ivuse, uKeRanger ufumana ukhiye wokubhaliweyo ukusuka kwiseva ekude kwaye ufumana ukubethela iifayile kwi-Mac ekhulelwe.
Iifayile ezifakwe ngefayile zibandakanya ezikwifolda / Abasebenzisi, obangela ezininzi iifayile zomsebenzisi kwi-Mac ekhulelwe ukuba ibhalwe ngekhowudi kwaye ingasetyenziswanga. Ukongeza, i-Palo Alto Networks ixela ukuba iifolda / Iifolda, eziqulethe indawo yokugcina zonke izixhobo zokugcina eziqhotyoshelweyo, zombini kunye nakwi-intanethi yakho, ijolise.
Ngeli xesha, kukho ulwazi oludibeneyo malunga neenkcukacha ze- Time Machine ezibhalwa nguKeyanger, kodwa ukuba iifolda / Iifolda zijoliswe kuyo, andiyi kubona isizathu sokuba i-Time Machine drive ingafihliwe. Ukuqiqa kwam kukuba iKeRanger yinto enje entsha ye-ransomware ukuba iingxelo ezixutywe ngexesha leMashini zifana ne-bug kwi-codeware ye-ransomware; ngamanye amaxesha isebenza, kwaye ngamanye amaxesha ayifuni.
Apple iphendula
I-Palo Alto Networks ibike i-KeRanger ransomware kwi-Apple kunye ne-Transmission. Bobabini basabela ngokukhawuleza; I-Apple yatshintshi isitifiketi soqulunqo sohlelo lokusebenza lwe-Mac esisetyenziswe ngesoftware, ngaloo ndlela uvumela uMgcini-sihlalo ukuba ayeke ukufakela ezinye izitshixo ze-KeRanger yangoku. I-Apple iphinde ihlaziye iisayinithi ze-XProject, ivumela uhlelo lwe-OS X yokukhusela i-malware ukuba luqaphele iKeRanger kwaye lukhusele ukufakwa, nangona i-GateKeeper ikhutshaziwe, okanye ilungiselelwe isilungiselelo se-low-security.
Ukuthunyelwa kususwe ukuhanjiswa kwe-Transmission 2.90 kwi-website yabo kwaye ngokukhawuleza kuphinda kuhlaziywe inguqu echaziweyo yeTransmission, ngenani lenombolo ye-2.92. Sinokucinga ukuba bajonga indlela i-website yabo eyayiyekezeka ngayo, kwaye ithatha amanyathelo okukhusela ukuba ingabikho kwakhona.
Indlela yokususa iKeRanger
Khumbula, ukukhuphela nokufaka ifayile ekhuselwe yi-Transmission yindlela okwangoku kuphela yokufumana iKeyanger. Ukuba awusebenzisi i-Transmission, okwangoku akudingeki ukhathazeke ngeKeanger.
Ngethuba iKeRanger ingayibhalanga iifayile zakho zeMic okwamanje, unayo ixesha lokususa i-app kwaye ukhusele ukubethela okungekho. Ukuba iifayile zakho zeMic sele zibhalwe ngokubhaliweyo, akukho nto ongayenza ngaphandle kokuba ithemba lakho lokukhupha lucacisiwe. Oku kubonisa isizathu esihle kakhulu sokuba ne-backup drive engagxininiswa rhoqo kwi-Mac yakho. Ngokomzekelo, ndisebenzisa iCarbon Copy Cloner ukwenza i-clone yeveki yedatha yam yeMac . Indlu yokuqhuba i-clone ayiyi kuphakanyiswa kwi-Mac yam kude ibe yinto efunekayo kwinkqubo yokwenza i-cloning.
Ukuba ndibe ndigijime kwiimeko zokuhlawulela i-ransomware, ndingayifumana kwakhona ngokubuyiselwa kwi-clone yeveki. Isohlwayo esisodwa sokusebenzisa i-clone yeveki nganye ineefayile ezinokufikelela kwiiveki enye ngaphandle komhla, kodwa oko kungcono kunokuhlawula i-cretin engenayo i-ransom.
Ukuba uzifumanisa kwimeko engelusizi yeKeRanger sele sele ugibe umgibe, ndiyazi ukuba akukho ndlela yokuphuma ngaphandle kokuhlawula intlawulelo okanye ukulayisha kwakhona i-OS X kwaye uqale ngokufaka ifayile ecocekileyo .
Susa ukuhanjiswa
Kwi-Finder , hamba ukuya / Izicelo.
Fumana i-App Transmission, uze uklibhoze iqhosha layo.
Ukusuka kwimenyu ekuphumayo, khetha Uboniso lwePakethe.
Kwiwindow ye-Finder evula, jongela kwi / Iziqulatho / izibonelelo /.
Khangela ifayile ebhalwe yiGeneral.rtf.
Ukuba ifayile yeGeneral.rtf ikhoyo, unayo ifayili ekhuselwe nguThuthiweyo efakwe. Ukuba iNkqubo yoTshintsho iyasebenza, yeka ifowuni, uyihudulele kudoti, uze ukhulule udoti.
Susa KeRanger
Qalisa ukuSebenza koMsebenzi , efumaneka kwi / Izicelo / Izixhobo.
Kwi-Monitor Monitor, khetha uluhlu lwe-CPU.
Kwisebe lokukhangela kwisebe yomsebenzi, faka oku kulandelayo:
kernel_serviceuze ucindezele ukubuyela.
Ukuba isevisi ikhona, iya kubalwa kwiWindows Monitor Activity.
Ukuba kukho, nqakraza kabini igama lomsebenzi kwi-Monitor Monitor.
Kwifestile evula, cakraza iifayile ezivulekileyo kunye neechwethi.
Yenza inqaku legama lomzila wekernel_service; kuya kuba yinto efana nale:
/ abasebenzisi / igama lendawo yokuhlala / iThala leencwadi / kernel_serviceKhetha ifayile, uze uklibhoze iqhosha lokuphumayo.
Phinda oku ngentla apha nge kernel_time kunye namagama enkonzo e- kernel_complete .
Nangona uyeka iinkonzo ngaphakathi koLiso lweMisebenzi, kufuneka kwakhona ukususa iifayile kwi-Mac yakho. Ukwenza njalo, sebenzisa iifayile zendlela ozenzayo ukuba uhambe kwi-kernel_service, kernel_time, kunye neefayili ze-kernel_iflette. (Qaphela: Akunakho zonke ezi fayile ezikhoyo kwi-Mac yakho).
Ekubeni iifayile ozifunayo ukususa zifumaneka kwifolda yefayili yakho yekhaya, kufuneka wenze le fayile ekhethekileyo ibonakale. Ungayifumana imiyalelo yendlela yokwenza oku kwi- OS X Ufihla inqaku lakho leFayili yeThala leencwadi .
Emva kokufikelela kufolda yeThala leencwadi, cima iifayile ezikhankanywe ngasentla ngokuzidonsa kwi-trash, uze uchofoze ngokuchanekileyo uphawu lwedoti, kwaye ukhethe I-Trash engenanto.