Inguqulelo yeRhlengEXX yeLinux yafunyanwa

Abaphandi abavela IKaspersky Lab zichonge a Inguqulelo yeLinux dI-malware yentlawulelo Msgstr "IntlawuleloEXX".

Ekuqaleni, iRhafuEXX yahanjiswa kuphela kwiqonga leWindows kwaye waduma ngenxa yeziganeko ezininzi eziphambili zokoyiswa kweenkqubo zeearhente zikarhulumente kunye neenkampani, kubandakanya iSebe lezoThutho laseTexas kunye neKonica Minolta.

Malunga neNtlawuleloEXX

IntlawuleloEXX ibhala idatha kwidiski kwaye emva koko ifuna intlawulelo ukufumana isitshixo sokubhala ngokufihla. 

Encryry ihlelwe kusetyenziswa ithala leencwadi zintsi de Vula Umnikezi. Nje ukuba iphehlelelwe, i-malware ivelisa isitshixo esingama-256-bit kwaye isebenzisa ukubethela zonke iifayile ezikhoyo usebenzisa i-AES block encryption kwimowudi ye-ECB. 

Emveni kwalonto, Isitshixo esitsha se-AES siveliswa umzuzwana, Oko kukuthi, iifayile ezahlukeneyo zibhalwe ngeendlela ezahlukeneyo ze-AES.

Isitshixo ngasinye se-AES sibhalwe ngokufihliweyo kusetyenziswa i-RSA-4096 yoluntu Kulungiswe ikhowudi ye-malware kwaye iqhotyoshelwe kwifayile nganye ebhaliweyo. Ukuchithwa kwe-decryption, i-ransomware inikezela ukuthenga isitshixo sangasese kubo.

Inqaku elikhethekileyo leNtlawuleloEXX Nguwe sebenzisa kuhlaselo ekujoliswe kulo, Ngexesha apho abahlaseli bafumana ukufikelela kwenye yeenkqubo zenethiwekhi ngokubeka esichengeni ubungozi okanye iindlela zobunjineli kwezentlalo, emva koko bahlasela ezinye iinkqubo kwaye bahambisa umahluko okhethekileyo odityanisiweyo we-malware kwisiseko ngasinye esihlaselweyo, kubandakanya negama yenkampani kunye neenkcukacha zonxibelelwano ezahlukeneyo.

Ekuqaleni, Ngexesha lokuhlaselwa kothungelwano lweshishini, abahlaseli bazama ukulawula iindawo zokusebenzela ezininzi ukufaka i-malware kuzo, kodwa esi sicwangciso sibonakale singachanekanga kwaye kwiimeko ezininzi ezi nkqubo ziye zabuyiselwa nje kusetyenziswa i-backup ngaphandle kokuhlawula intlawulelo. 

Ngoku Isicwangciso se-cybercriminals sitshintshile y Injongo yabo yayikukuwoyisa iinkqubo zeseva ezihlanganisiweyo kwaye ngakumbi kwiinkqubo zokugcina esembindini, kubandakanya nezo zisebenzisa iLinux.

Ke ngekhe kumangalise ukubona ukuba abathengisi beRhlengEXX bayenzile into eyaziwayo kwicandelo; Abanye abaqhubi beentlawulelo banokuhambisa iinguqulelo zeLinux kwixa elizayo.

Kutshanje sifumene ifayile yokubethela yefayile entsha eyenziwe njenge-ELF enokusetyenziswa kwaye ijolise ukubethela idatha koomatshini abalawulwa ziinkqubo ezisebenza ngeLinux.

Emva kohlalutyo lokuqala, saqaphela ukufana kwikhowudi yeTrojan, isicatshulwa senqaku lentlawulelo, kunye nendlela ngokubanzi yokuphanga, ucebisa ukuba ngenene sifumene ukwakhiwa kweLinux yosapho lweRhlengEXX eyayisaziwa ngaphambili. Le malware yaziwa ngokuhlasela imibutho emikhulu kwaye ibisebenza kakhulu ekuqaleni kwalo nyaka.

IntlawuleloEXX yiTrojan ekhethekileyo. Isampulu nganye ye-malware iqulethe igama elifakelweyo lombutho wexhoba. Ngapha koko, ukongezwa kwefayile ebhaliweyo kunye nedilesi ye-imeyile ukunxibelelana nabaphangi basebenzisa igama lexhoba.

Kwaye le ntshukumo ibonakala ngathi iqalile. Ngokwenkampani ye-cybersecurity e-Emsisoft, ukongeza kwiRhlengEXX, abaqhubi abasebenza emva kweMespinoza (Pysa) i -hlengware bakuphuhlise ukwahluka kweLinux kuhlobo lwabo lokuqala lweWindows. Ngokuka-Emsisoft, iRansomEXX Linux eyahlukileyo abayifumeneyo yaqala ukwenziwa ngoJulayi.

Eli ayiloxesha lokuqala lokuba abaqhubi be-malware baqwalasele ukukhulisa uhlobo lweLinux lwe-malware yabo.

Umzekelo, sinokuchaza imeko ye-malware ye-KillDisk, eyayisetyenziselwa ukukhubaza igridi yamandla e-Ukraine ngo-2015.

Lo mahluko wenze "oomatshini beLinux abakwazi ukuqala, emva kokubethela iifayile kwaye befuna intlawulelo enkulu." Ibinenguqulo yeWindows kunye nohlobo lweLinux, "ngokuqinisekileyo leyo yinto esingayiboni yonke imihla," abaphandi be-ESET baqaphela

Okokugqibela, ukuba ufuna ukwazi okungakumbi ngayo, unokujonga iinkcukacha zoshicilelo lweKaspersky Kule khonkco ilandelayo.