Palo Alto Networks oo Shaacisay Macalimiin Macquul ah
March 4, 2016, Palo Alto Networks, oo ah shirkad ammaan oo si fiican loo yaqaan ah, ayaa soo daabacday helitaanka ransomware KeRanger oo ku faafisa gudbinta, Macmiilka macruufka ah ee Mac BitTorrent. Xaqiiqada dhabta ah waxaa laga helay gudihiisa si loogu gudbiyo version 2.90.
Websaytka gudbinta si dhakhso ah ayuu hoos u dhigay rakibay cudurka qaba waxana uu ku boorinayaa qof walba inuu isticmaalo gudbinta 2.90 si loo cusbooneysiiyo version 2.92, kaas oo lagu caddeeyey gudbinta si xor ah uga tagto KeRanger.
Soo gudbinta ma aysan ka hadlin sida loo soo dhejiyey fidiyaha cudurka lagu hayo boggooda, mana jiraan Palo Alto Networks oo awood u leh inay go'aamiyaan sida goobta loo gudbiyo.
KeRanger Ransomware
Shirkadda KeRanger waxay u shaqeysaa sida ugu badan ee ransomware, ayadoo la xareeynayo faylashaada Mac, ka dibna dalbada lacag bixinta; kiiskan, qaabka dhirta (oo hadda lagu qiimeeyo qiyaastii $ 400) si ay kuu siiso furaha keydinta si ay u soo kabtaan faylashaada.
Ransomware KeRanger waxaa lagu rakibay rakibay gudbiyaha. Nidaamku wuxuu isticmaalaa shahaadada horumarinta barnaamijka Macka ansax ah, oo u oggolaanaya rakibidda ransomware in duulimaadkii hore loo isticmaalo tiknoolajiyada OS X ee Gatekeeper , taas oo ka hortagaysa rakibaadda qalabka macmalka ah ee Mac.
Marka la rakibo, KeRanger wuxuu isku xiraa xidhiidhka lala galo server fog oo ku yaal shabakada Tor. Kadibna wuxuu seexdaa saddex maalmood. Marka ay soo baxdo, KeRanger wuxuu furaha keydka ka helaa server-ka fog oo wuxuu sii wadi doonaa inuu xarfo faylasha ku qoro Mac-xanuunka.
Faylasha la qorto waxaa ka mid ah kuwa ku jira Faylka / Faylka Isticmaalayaasha, taas oo keenta faylasha intooda badan ee Macluumaadka Macluumaadka ee Macluumaadka Macluumaadka. Intaa waxaa dheer, Palo Alto Networks waxay soo wargelisay in Folder / Volach folder, oo ku jira barta kumbuyuutarka ee dhamaan qalabka kaydka ku xiran, labadaba gudaha iyo shabakaddaada, sidoo kale waa bartilmaameed.
Waqtigaan, waxaa jira macluumaad isku dhafan oo ku saabsan Nabadgelyada Waqti Mashiinka lagu keydiyo by KeRanger, laakiin haddii loo yaqaan "folder / Volaches folder, waxaanan u arkeynin sababta sababtoo ah waqtiga baabuur loo yaqaan" Time Machine "aan la xiri doonin. Fikradahaygu waa in KeRanger uu yahay nooc cusub oo madax furasho ah oo ku saabsan warbixinnada isku dhafan ee ku saabsan Time Machine si fudud u calaamad u ah code-ka ransomware; mararka qaarkood waxay shaqeysaa, mararka qaarkoodna ma aha.
Apple Reacts
Palo Alto Networks waxay soo saartay rikoorada KeRanger labadaba Apple iyo Transmission labadaba. Labada labadaba waxay si dhaqso ah u falceliyeen; Apple ayaa burisay shahaadada barnaamijka Mac'aadinta ee Macmiilka, taas oo u ogolaatay Gatekeeper in ay joojiso qalabka kale ee hadda ee KeRanger. Apple sidoo kale ayaa cusbooneysiiyay saxiixyada XProject, taas oo u oggolaanaysa nidaamka ka hortagga OS Xsuubka in uu aqoonsado KeRanger oo looga hortago rakibidda, xitaa haddii GateKeeper uu naafo yahay, ama loo qoondeeyay meel amaan ah.
Soo-gudbinta ayaa laga soo saaray gudbinta gudbinta 2.90 laga soo bilaabo website-keeda iyo si dhakhso ah ayaa loo soo celiyay nuqul nadiif ah ee gudbinta, oo leh lambar version 2.92. Waxaan sidoo kale u qaadan karnaa in ay raadinayaan sida website-yadooda ay ufududeen, iyo qaadashada tallaabooyin looga hortago in mar kale dhacdo.
Sidee looga saaraa KeRanger
Xasuuso, soo dejinta iyo rakibida nooca cudurka qaba ee barnaamijka gudbinta ayaa hadda ah habka kaliya ee lagu iibsado KeRanger. Haddii aadan isticmaalin gudbinta, hadda uma baahnid inaad ka walwasho KeRanger.
Ilaa iyo inta uu KeRanger uusan haysan faylasha Mac-kaaga weli, waxaad haysataa wakhti aad kaga saartid appka iyo ka hortagaya in xarfaha ay dhacaan. Haddii faylasha Mac Macluumaadkaaga horay loo sifeeyay, ma jiraan wax aad sameyn karto marka laga reebo rajadaada aan lagu kaydinin sidoo kale. Tani waxay tilmaameysaa sabab wanaagsan oo ah inaad haysatid gaari nadiif ah oo aan mar walba ku xirneyn Macadkaaga. Tusaale ahaan, waxaan isticmaalaa Carbon Copy Cloner si aan u sameeyo wakhti todobaad ah oo Macluumaadkayga Mac ah . Guryaha dariiqa ee kumbuyuutarka aan ku dheganeynin Macayga illaa uu u baahan yahay geeddi-socodka loo yaqaan 'cloning'.
Haddii aan ku fashilmay xaalad madax-furasho ah, waan ku soo kaban karaa dib-u-soo-celinta clone todobaadlaha ah. Kaliya ciqaabta kaliya ee loo isticmaalo kumbuyuutarka toddobaadlaha ah ayaa leh faylal ay noqon karto ilaa hal usbuuc laga soo bilaabo taariikhda, laakiin taasi way ka fiican tahay bixinta khasaarihii naceybka ahaa ee madax furasho ah.
Haddii aad naftaada ku aragto xaaladda nasiib darrada ah ee KeRanger horayba u soo baxday dabinka, waxaan ogsoonahay inaysan jirin wax ka baxsan bixinta madaxfurashada ama dib u cusboonaysiinta OS X oo ka biloowda nadiifin nadiif ah .
Ka qaad Gudbinta
In Finder , ku soo dhawow / Codsiyada.
Soo hel barnaamijka gudbinta, ka dibna midig-guji midabkiisa.
Laga bilaabo menu-pop-up, dooro Tusmada Tusmada.
Daaqada Finder ee furan, u gudub illaa / Maalka / Kheyraadka /.
Raadi faylka lagu magacaabo General.rtf.
Haddii faylka General.rtf uu joogo, waxaad haysataa nooc ka mid ah cudurka qaba gudbinta. Haddii barnaamijka gudbinta uu socdo, ka tag rikoodhka, ku riix qashinka, ka dibna faaruqi qashinka.
Ka saar KeRanger
La soco Kormeeraha Waxqabadka , oo ku yaala / Codsiyada / Dhaqaalaha.
In Activity Monitor, dooro tabka CPU.
Hawlaha Maareynta Waxqabadka Waxqabadka Waxqabadka, galaan soo socda:
kernel_servicekadibna riix soo noqo.
Haddii adeegu jiro, waxaa lagu qori doonaa daaqada Wax-qabadka Wax-qabadka.
Haddii ay joogaan, laba jeer riix magaca habka ee Nashaadyada Waxqabadka.
Daaqada furan, guji furaha Dukumiinnada furan iyo badhanka.
Samee qoraal ku saabsan magaca waddada xawaarida ee kernel_service; waxay u badan tahay inay noqoto wax:
/ dadka isticmaala / magaca guriga ee guriga / maktabadda / kernel_serviceXulo faylka, ka dibna riix badhanka riix.
Ku celi korka kernel_time iyo kernel_complete magacyada adeegga.
Inkasta oo aad joojisid adeegyada ku jira Activity Monitor, waxaad sidoo kale u baahan tahay inaad tirtirto faylasha Mac Macadkaaga. Si aad sidaas u sameyso, isticmaal jadwalka faylasha ee aad ka dhigtay xusuusta inaad u socoto kernel_service, kernel_time, iyo faylasha kernel_complete. (Fiiro gaar ah: Waxaa laga yaabaa inaadan haysan dhammaan faylashaas oo ku qoran Mac.)
Tan iyo markii faylasha aad u baahan tahay inaad tirtirto waxay ku taalaa faylka gurigaaga ee Folkhögskolan, waxaad u baahan doontaa inaad sameysid faylkan gaar ah. Waxaad ka heli kartaa tilmaamo ku saabsan sida loo sameeyo tan OS X Maqnaanshaha Qoraalka Faylka Maktabadda .
Markaad haysatid faylka maktabadda, waxaad tirtirtaa faylasha kor ku xusan, adigoo ku jiidaya qashinka, ka dibna waxaad riixeysaa calaamada saxda ah, iyo xulashada Qashinka Boostada.