Ɗaya daga cikin matsalolin mafi matsala a yau shine kwayar cuta ko cutar da ke ɓoye fayiloli akan faifan mai amfani. Wasu daga cikin waɗannan fayiloli za a iya yanke su, wasu kuma - ba tukuna ba. Lissafi ya ƙunshi algorithms masu aiki don ayyuka a duka yanayi, hanyoyi don ƙayyade takamaiman nau'i na boye-boye a kan No More Ransom da ayyukan ID Ransomware, kazalika da taƙaitacciyar bayani game da software na ɓoyewar cutar anti-virus (ransomware).
Akwai wasu gyare-gyaren irin wannan ƙwayoyin cuta ko ransomware Trojans (kuma sababbin suna bayyana), amma ainihin aikin aikin shine cewa bayan shigar da fayiloli na takardu, hotuna da wasu fayilolin da suke da muhimmanci, suna ɓoye tare da tsawo da sharewa na fayilolin asali. bayan haka ka karbi saƙo a cikin fayil readme.txt da ke cewa duk fayilolinku an ɓoye, kuma don yanke su kuna buƙatar aika wani adadi ga attacker. Lura: Windows 10 Fall Creators Update yanzu yana da kariya a ciki ta hanyar ɓoye ƙwayoyin cuta.
Mene ne idan duk bayanan da aka adana ya ɓoye
Don masu farawa, wasu bayanai na musamman don ƙaddamar da fayiloli mai mahimmanci akan kwamfutarka. Idan an ɓoye muhimman bayanai a kan kwamfutarka, to, da farko kada ku firgita.
Idan kana da irin wannan damar, kwafa fayil ɗin mai samfuri tare da neman rubutun daga mai shiga don ƙaddamarwa, tare da misali na ɓoyayyen fayil, zuwa ƙirar waje (flash drive) daga kwakwalwar kwamfutarka wadda cutar-encryptor (ransomware) ta bayyana. Kashe kwamfutar don cutar bata iya ci gaba da ɓoye bayanan ba, da kuma aiwatar da sauran ayyuka a kan wani kwamfuta.
Mataki na gaba shine gano abin da irin kwayar cutar ɗinka an ɓoye ta yin amfani da fayilolin ɓoyayyen da aka samo: don wasu daga cikinsu akwai alamomi (wasu zan nuna a nan, wasu suna nuna kusa da ƙarshen labarin), don wasu - ba tukuna ba. Amma har ma a wannan yanayin, za ka iya aika misalai na fayilolin ɓoyayye zuwa shafukan kare-kwayar cutar (Kaspersky, Dr. Web) don binciken.
Ta yaya za a gano? Kuna iya yin wannan ta yin amfani da Google, gano tattaunawa ko wani nau'i na mai daukar hoto ta hanyar tsawo. Har ila yau, ya fara bayyana ayyuka don ƙayyade irin ransomware.
Babu ƙarin Ransom
Babu ƙarin Ransom abu ne mai tasowa wanda ke taimakawa wajen bunkasa kayan aikin tsaro da samuwa a cikin harshen Rasha, don nufin magance ƙwayoyin ƙwayoyin cuta ta hanyar masu binciken cryptographers (Trojans-extortionists).
Tare da sa'a, Babu Ƙari Ransom zai iya taimakawa wajen ƙaddamar da takardunku, bayanai, hotuna da wasu bayananku, sauke shirye-shiryen da ake bukata don ƙaddarawa, da kuma samun bayanai da zasu taimaka wajen guje wa irin wannan barazana a nan gaba.
Babu Ƙari Rukunin, za ka iya ƙoƙarin ƙaddara fayilolinka kuma ƙayyade irin ɓoyayyen ɓoyayyen cutar kamar haka:
- Danna "Ee" akan babban shafi na sabis / http://www.nomoreransom.org/ru/index.html
- Shafin Farfesa na Crypto zai buɗe, inda za ka iya sauke misalai na fayilolin ɓoyayye ba ya fi girma fiye da 1 Mb a size (Ina bayar da shawarar yin musayar bayanai ba tare da bayanan sirri ba), kuma saka adreshin imel ko shafukan yanar gizo wanda abin da fraudsters ke buƙatar fansa (ko sauke fayil na readme.txt daga bukata).
- Danna maɓallin "Bincika" kuma jira jira da sakamakonsa don kammala.
Bugu da ƙari, shafin yana da sassa masu amfani:
- Decryptors - kusan dukkanin abubuwan da ke gudana a halin yanzu don ƙaddara fayiloli-ɓoyayyen cutar.
- Rigakafin kamuwa da cuta - bayanai da aka fi mayar da hankali ga masu amfani da ƙwayoyin cuta, wanda zai taimaka wajen kaucewa kamuwa da cuta a nan gaba.
- Tambayoyi da Amsoshin - bayani ga wadanda suke so su fahimci aikin ƙwayoyin ƙullun da ayyuka a lokuta idan kun fuskanci gaskiyar cewa an rufe fayiloli akan kwamfutarka.
Yau, Babu Ƙarin Ruwa yana yiwuwa mafi dacewa da amfani mai amfani da fayiloli na lalata don mai amfani na Rasha, ina bada shawara.
Id ransomware
Wani irin wannan sabis ne //id-ransomware.malwarehunterteam.com/ (ko da yake ban san yadda yake aiki don bambancin harshe na Rasha ba, amma yana da darajar ƙoƙari ta ciyar da sabis ɗin misali na fayil ɓoyayye da fayil ɗin rubutu tare da neman fansa).
Bayan kayyade nau'in mai daukar hoto, idan kun yi nasara, yi ƙoƙarin gano mai amfani don ƙaddara wannan zaɓi don tambayoyin kamar: Decryptor Type_Chiler. Irin wannan kayan aiki kyauta ne kuma ana samar da su ta hanyar masu amfani da riga-kafi, alal misali, ana iya samo irin waɗannan kayan aiki a kan shafin Kaspersky //support.kaspersky.ru/viruses/tamarin (wasu kayan aiki suna kusa da ƙarshen labarin). Kuma, kamar yadda aka riga aka ambata, kada ku yi shakka don tuntuɓar masu samar da shirye-shiryen riga-kafi a kan matakan su ko sabis na goyan bayan imel.
Abin takaici, duk wannan ba koyaushe yana taimaka ba kuma ba a koyaushe suna aiki fayilolin fayil ba. A wannan yanayin, al'amuran sune daban-daban: yawancin masu biyan bashi, suna ƙarfafa su don ci gaba da wannan aikin. Wasu shirye-shirye suna taimakawa wajen sake dawo da bayanai akan kwamfuta (saboda cutar, ta hanyar yin fayil ɓoyayyen, yana cire fayil na yau da kullum, mai mahimmanci wanda za'a iya dawowa).
Fayiloli a kwamfuta suna ɓoye a xtbl
Ɗaya daga cikin sababbin bambance-bambancen na ransomware virus yana ɓoye fayiloli, ya maye gurbin su tare da fayilolin tare da iyakar .xtbl da sunan da ya kunshi saitin haruffa.
Bugu da ƙari, an sanya fayil din rubutu readme.txt a kan kwamfutar tare da kusan abubuwan da ke ciki: "An kori fayilolinku. Don ƙaddara su, kuna buƙatar aika da lambar zuwa adireshin imel [email protected], [email protected] ko [email protected]. za ku sami dukkan umarnin da ake bukata. Ƙoƙarin ƙaddamar da fayiloli da kanka zai haifar da asarar bayani "(adireshin imel da rubutu zai iya bambanta).
Abin takaici, a halin yanzu babu wata hanyar da za a rage shi. (Da zaran ya bayyana, za a sabunta umarnin). Wasu masu amfani da ke da muhimmancin bayanai game da rahoton komfutar su game da maganganun cutar anti-virus cewa sun aika 5000 rubles ko wani adadin da aka buƙata ga marubuta na cutar kuma sun karbi dangi, amma wannan yana da matukar damuwa: mai yiwuwa ba za ka sami wani abu ba.
Mene ne idan an ɓoye fayiloli a cikin .xtbl? Shawararta ta kasance kamar haka (amma sun bambanta da wadanda ke cikin wasu shafukan yanar gizo, inda, misali, suna bada shawara cewa ka kashe kwamfutar daga wutar lantarki nan da nan ko kuma kada ka cire cutar. A ganina, wannan ba dole ba ne, kuma a wasu yanayi zai iya kasancewa cutarwa, duk da haka kuna yanke shawara.):
- Idan za ka iya, katse aiwatar da boye-boye ta cire ayyuka masu dacewa a cikin mai sarrafa aiki, cire haɗin kwamfutarka daga Intanit (wannan yana iya zama zama dole don ɓoyewa)
- Ka tuna ko rubuta lambar da masu buƙatar suna buƙatar aikawa zuwa adireshin imel (kawai ba a cikin wani rubutu a kan kwamfutar ba, kawai a yanayin, don haka har ma ba ya fita a ɓoye).
- Yin amfani da Malwarebytes Antimalware, fitina na Kaspersky Internet Security ko Dr.Web Cure It don cire cutar da fayiloli encrypts (duk kayan aikin da ke sama sunyi aiki mai kyau tare da wannan). Na shawarce ka ka juya ta hanyar amfani da samfurin farko da na biyu daga jerin (ko da yake idan kana da wani riga-kafi, shigar da na biyu "a saman" shine wanda ba a ke so, don zai iya haifar da matsaloli a cikin kwamfutar.)
- Jira dan kamfanin anti-virus ya bayyana. A gaba a nan shine Kaspersky Lab.
- Hakanan zaka iya aika misali na ɓoyayyen fayil da lambar da ake bukata zuwa [email protected], idan kuna da kwafin wannan fayil ɗin a cikin nau'in ɓoye ba, aika shi ba. A cikin ka'idar, wannan zai iya hanzarta bayyanar da mawudin.
Abin da ba za a yi ba:
- Sake suna fayilolin ɓoyayye, canza tsawo kuma share su idan suna da mahimmanci a gare ku.
Wannan shi ne mai yiwuwa duk abin da zan iya fada game da fayiloli ɓoyayye tare da tsawo .xtbl a wannan lokaci a lokaci.
An rufe fayiloli mafi kyau_call_saul
Sabuwar ɓoyayyen ɓoye shine Mafi Kyau Saul (Trojan-Ransom.Win32.Shade), wanda ya kafa zangon .better_call_saul don fayiloli ɓoyayye. Yadda za a rage wannan fayiloli bai riga ya bayyana ba. Wadannan masu amfani waɗanda suka tuntubi Kaspersky Lab da DoktaWeb sun sami bayani cewa ba za a iya yin wannan ba a wannan lokacin (amma kokarin kokarin aikawa - ƙarin samfurori na fayilolin ɓoye daga masu ci gaba = mafi kusantar samun hanyar).
Idan ya bayyana cewa ka samo hanyar da za a yanke (watau, an sanya shi a wani wuri, amma ban bi) ba, don Allah raba bayanin cikin comments.
Trojan-Ransom.Win32.Aura da Trojan-Ransom.Win32.Rakhni
Sakon da ya biyo baya wanda ya boye fayiloli kuma ya shimfiɗa kari daga wannan jerin:
- .arke
- .crypto
- .kraken
- .AYA256 (ba dole ba ne wannan gwagwarmayar, akwai wasu da suke shigar da wannan tsawo).
- .codercsu @ gmail_com
- .enc
- .oshit
- Kuma wasu.
Don ƙaddara fayiloli bayan aiki na waɗannan ƙwayoyin cuta, shafin yanar Kaspersky yana da kyauta mai amfani, RakhniDecryptor, samuwa a kan shafin yanar gizo na yanar gizo //support.kaspersky.com/viruses/disinfection/10556.
Akwai kuma cikakken bayani game da yadda za a yi amfani da wannan mai amfani, yana nuna yadda za a dawo da fayilolin ɓoyayye, daga abin da zan kawai idan an cire abu "Share fayilolin ɓoyayye bayan nasarar ƙaddamarwa" (ko da yake ina ganin komai zai zama lafiya tare da zaɓi wanda aka shigar).
Idan kana da lasisin Dr.Web anti-virus, zaka iya amfani da lalataccen kyauta daga wannan kamfani a http://support.drweb.com/new/free_unlocker/
Ƙarin bambance-bambancen ƙwayoyin boye-boye
Mafi wuya, amma akwai wasu Trojans masu biyowa, fayilolin ɓoyewa da kuma buƙatar kuɗi don ƙaddarawa. Abubuwan da aka ba su ba kayan aiki ba ne kawai don dawo da fayilolinku, amma kuma bayanin alamun da zasu taimaka wajen gane cewa kana da wannan cuta. Kodayake a gaba ɗaya, hanya mafi kyau: tare da taimakon Kaspersky Anti-Virus, duba tsarin, gano sunan Trojan ɗin bisa ga ƙayyadaddun kamfani ɗin, sannan kuma bincika mai amfani ta wannan sunan.
- Trojan-Ransom.Win32.Rector ne mai amfani RectorDecryptor mai amfani ga decryption da kuma jagorar mai shiryarwa samuwa a nan: //support.kaspersky.com/viruses/disinfection/4264
- Trojan-Ransom.Win32.Xorist ne mai kama da Trojan wanda yake nuni da taga yana tambayarka ka aika SMS ko lambar sadarwa ta hanyar imel don umarni game da tsarawa. Umurnai don dawo da fayilolin ɓoye da mai amfani na XoristDecryptor don wannan shi ne shafi na //support.kaspersky.com/viruses/disinfection/2911
- Trojan-Ransom.Win32.Rannoh, Trojan-Ransom.Win32.Fury - RannohDecryptor //support.kaspersky.com/viruses/disinfection/8547 mai amfani
- Trojan.Encoder.858 (xtbl), Trojan.Encoder.741 da sauransu tare da wannan suna (lokacin da neman ta hanyar Dr.Web anti-virus ko Cure It mai amfani) da lambobi daban-daban - gwada kokarin neman Intanet ta sunan Trojan. Ga wasu daga cikinsu akwai Dokokin Dokar DoktaWeb, haka ma, idan ba za ka iya samun mai amfani ba, amma akwai takardar Dokar Dr.Web, zaka iya amfani da shafin yanar gizo na yanar gizo //support.drweb.com/new/free_unlocker/
- CryptoLocker - don rage fayiloli bayan bin CryptoLocker, zaka iya amfani da shafin //decryptcryptolocker.com - bayan aika da samfurin samfurin, za ka karbi maɓalli da mai amfani don dawo da fayilolinka.
- A kan shafin//bitbucket.org/jadacyrus/ransomwareremovalkit/Saukewa na Ransomware Gyara Hoto - babban tarihin da bayanai akan nau'o'in cryptographers da decryption utilities (a Turanci)
To, daga sababbin labarai - Kaspersky Lab, tare da jami'an tsaro na ƙasar Netherlands, suka ƙaddamar da Ransomware Decryptor (//noransom.kaspersky.com) don rage fayiloli bayan CoinVault, duk da haka, ba a gano wannan mai karfin ba a cikin latitudes.
Abokan ƙuntatawa masu cutar anti-virus ko ransomware
Tare da haɓakawa na Ransomware, masu yawa masu yin amfani da cutar anti-virus da kayan aikin anti-malware sun fara saki hanyoyin su don hana kwance a kan kwamfuta, daga cikinsu akwai:- Malwarebytes Anti-ransomware
- BitDefender Anti-Ransomware
- WinAntiRansom
Amma: ba a tsara wadannan shirye-shiryen don ƙaddara ba, amma don hana boye-boye na muhimman fayiloli a kwamfutarka. Bugu da ƙari, ana ganin cewa an aiwatar da waɗannan ayyuka a cikin kayan anti-virus, in ba haka ba an samu wani yanayi mai ban mamaki: mai amfani yana buƙatar ci gaba da riga-kafi a kan kwamfutar, hanyar da za ta magance AdWare da Malware, kuma yanzu ma mai amfani da mai sauƙi na ransomware, amfani.
By hanyar, idan ba zato ba tsammani ya nuna cewa kana da wani abu don ƙara (domin ba zan iya samun lokaci don saka idanu abin da ke faruwa tare da hanyoyin ƙira ba), rahoton cikin sharhi, wannan bayanin zai zama da amfani ga sauran masu amfani waɗanda suka fuskanci matsala.