Ama-Palo Alto Networks athola ama-Ransomware ama-Mac Targeting
Ngo-Mashi 4, 2016, i-Palo Alto Networks, inkampani evikelekile evikelekile, ithumele ukutholakala kwayo kwe-KeRanger ransomware ekuthekisweni kwe-Transmission, iklayenti ethandwa kakhulu ye-Mac BitTorrent. I-malware yangempela itholwe ngaphakathi kwesifaki se-Transmission version 2.90.
I-website ye-Transmission isheshe isusa isifaki esinegciwane futhi ikhuthaza noma ubani osebenzisa i-Transmission 2.90 ukuba ivuselele ku-version 2.92, eqinisekisiwe yi-Transmission ukuba ikhululeke i-KeRanger.
Ukudluliswa akukazanga ukuxoxa ngokuthi umfakisi othelelekile wakwazi kanjani ukuphathwa kwiwebhusayithi yakhe, futhi uPalo Alto Networks akakwazi ukucacisa ukuthi isayithi lokuThuthukisa lahlehliswa kanjani.
KeRanger Ransomware
I-Keware ye-ransomware isebenza njengenhlawulo ye-ransomware eningi, ngokubethela amafayela ku-Mac yakho, bese ifuna ukukhokha; kulesi simo, ngesimo se-bitcoin (okwamanje esilinganiswa cishe no-$ 400) ukukunikeza ukhiye wokubhala ukuze ubuyisele amafayela akho.
I-KeRanger ransomware efakwe yi-installer ye-Transmission eyonakele. I-installer isebenzisa isitifiketi sohlelo lokusebenza lwe-Mac evumelekile, okuvumela ukufakwa kwe-ransomware ukuba ifinyelele ubuchwepheshe be-Gate X obungaphambilini be-OS X , okuvimbela ukufakwa kwe-malware ku-Mac.
Uma ifakiwe, i-KeRanger isetha ukukhulumisana nesiphakeli esikude kunethiwekhi ye-Tor. Uzolala izinsuku ezintathu. Uma ivuse, i-KeRanger ithola ukhiye wokubethela kusuka kuseva elikude futhi uqhubeka ukubethela amafayela kuma-Mac onegciwane.
Amafayili afakwe ngekhodi afaka nalawo kufolda / Abasebenzisi, okuholela kumafayela amaningi omsebenzisi kuma-Mac onegciwane ukuba abhalwe ngekhodi futhi angasetshenziswa. Ngaphezu kwalokho, i-Palo Alto Networks ibika ukuthi ifolda / i-Volumes ifolda, equkethe indawo yokugcina yazo zonke amadivaysi esitoreji axhunyiwe, zombili zendawo nesezintambo zakho, libuye lihlose.
Ngalesi sikhathi, kunolwazi oluxubekile mayelana nezipele ze- Time Machine ezibethelwe nge-KeRanger, kodwa uma ifolda / I-Volumes ifolda, angiyiboni isizathu sokuthi umshini we-Time Machine ungabhalisiwe. Ukuqagela kwami ukuthi i-KeRanger iyisiqeshana esisha se-ransomware ukuthi imibiko exubekile mayelana ne-Time Machine imane nje iyigciwane kukhodi ye-ransomware; ngezinye izikhathi kusebenza, futhi ngezinye izikhathi akusho.
Apple Iyaphendula
I-Palo Alto Networks ibike i-KeRanger ransomware kokubili i-Apple ne-Transmission. Bobabili basabela ngokushesha; I-Apple igxeke isitifiketi sohlelo lokusebenza lwe-Mac esetshenziswa uhlelo lokusebenza, ngaleyo ndlela ivumela uMnyango weSango ukuthi ayeke ukufakwa kokunye kwe-version yamanje ye-KeRanger. I-Apple iphinde ivuselele amasignesha we-XProject, ivumele uhlelo lwe-OS X malware lokuvimbela ukuqaphela i-KeRanger nokuvimbela ukufakwa, noma ngabe i-GateKeeper ivaliwe, noma ilungiselelwe ukulungiselelwa okuphansi.
Ukuthunyelwa kususwe ukuthunyelwa kwe-2.90 kusuka kuwebhusayithi yabo futhi kwakha kabusha i-version ehlanzekile ye-Transmission, ngenombolo yenguqulo ye-2.92. Singaphinde sicabange ukuthi babheka indlela i-website yabo eyenziwe ngayo, futhi ithatha izinyathelo zokuvimbela ukuthi ingabe isenzeka futhi.
Nendlela Susa KeRanger
Khumbula, ukulanda nokufaka inguqulo elinegciwane le-Transmission lokusebenza njengamanje kuphela indlela yokuthola i-KeRanger. Uma ungasebenzisi i-Transmission, okwamanje akudingeki ukhathazeke nge-KeRanger.
Uma nje i-KeRanger ingabhalisanga amafayela wakho we-Mac okwamanje, unesikhathi sokususa uhlelo lokusebenza nokuvimbela ukubethela kungenzeki. Uma amafayela wakho we-Mac esevele ebhaliswe, akuningi ongakwenza ngaphandle kwethemba ukuthi izipele zakho azizange zibethelwe futhi. Lokhu kubonisa isizathu esihle kakhulu sokuba nedrayivu yokulondoloza engavumelani ngaso sonke isikhathi ku-Mac yakho. Njengesibonelo, ngisebenzisa iCarbon Copy Cloner ukwenza ukuhlangana kweviki yamasonto onke . Izindlu zokushayela ezifakwe kwi-Macone azihlanganisiwe kwi-Mac yami kuze kube yilapho kudingeka khona inqubo yokwenza i-cloning.
Uma ngabe ngigijimela esimweni sesihlengo, ngabe ngiphinde ngiphinde ngiphinde ngiphinde ngibuyiselwe ku-clone yeviki. Inhlawulo kuphela yokusebenzisa i-clone yamasonto onke ibe namafayela angaba ngeviki elilodwa ngaphandle kwedethi, kodwa kungcono kakhulu ukukhokha i-cretin engenasiphelo isihlengo.
Uma uzithola usesimweni esibuhlungu seKeRanger sesivele sishaye isicupho sakhe, angikwazi ukuphuma ngaphandle kokukhokha isihlengo noma ukulayisha kabusha i-OS X nokuqala ngokufaka ukuhlanza okuhlanzekile .
Susa ukuthunyelwa
Ku-Finder , hamba uye / Izicelo.
Thola uhlelo lokusebenza lwe-Transmission, bese uchofoza ngakwesokudla isithonjana sayo.
Kusuka kwimenyu e-pop-up, khetha Okuqukethwe kwePhakheji.
Ewindini le-Finder evulekayo, hamba uye / Okuqukethwe / Izinsiza /.
Bheka ifayela elibizwa nge-General.rtf.
Uma ifayela le-General.rtf likhona, une-version efakwe yi-Transmission efakwe. Uma uhlelo lokusebenza lwe-Transmission lusebenza, shiya uhlelo lokusebenza, ludonsela kudoti, bese ulahla udoti.
Susa i-KeRanger
Qalisa Ukuqapha Komsebenzi , etholakala / Izicelo / Izinsiza.
Ku-Monitor Monitor, khetha ithebhu ye-CPU.
Emkhakheni wokusesha we-Activity Monitor, faka okulandelayo:
kernel_servicebese ucindezela ukubuya.
Uma ngabe isevisi ikhona, izobe ibhalwe ohlwini lweWindows Monitor.
Uma kukhona, chofoza kabili igama lenqubo ku-Activity Monitor.
Ewindini evula, chofoza inkinobho ye-Open Files namaPorts.
Yenza inothi legama lomzila le-kernel_service; cishe kuyoba into enjenge:
/ abasebenzisi / igama lokungena ekhaya / Library / kernel_serviceKhetha ifayela, bese uchofoza inkinobho Ye-Quit.
Phinda lokhu ngenhla ngegama le- kernel_time namagama wenkonzo ye- kernel_complete .
Nakuba ushiya izinsizakalo ngaphakathi kwe-Activity Monitor, udinga ukususa amafayela kusuka ku-Mac yakho. Ukuze wenze kanjalo, sebenzisa amagama wamagama wefayela owenze inothi lokuya ku-kernel_service, kernel_time, namafayela we-kernel_fomplete. (Qaphela: Ngeke ube nawo wonke lawa mafayela akhona ku-Mac yakho.)
Njengoba amafayela odinga ukususa atholakala kufolda yakho yeLayibhukwana yasekhaya, uzodinga ukwenza le folda ekhethekile ibonakale. Ungathola imiyalelo yokuthi ungakwenza kanjani lokhu ku- OS X Ukufihla isihloko sakho seFolda yamathuluzi .
Uma usukwazi ukufinyelela kufolda yeLabhulali, susa amafayela ashiwo ngenhla ngokuwahudulela kudoti, bese uchofoza ngakwesokudla isithonjana sodoti, bese ukhetha Udoti ongenalutho.