Kutholwe inguqulo yeRhlengEXX yeLinux

Abaphenyi abavela I-Kaspersky Lab ngithole i- Uhlobo lwe-Linux di-malware ye -hlengo "IsihlengoEXX".

Ekuqaleni, iRhlengEXX yasatshalaliswa kuphela kungxenyekazi yeWindows futhi waduma ngenxa yezehlakalo ezinkulu eziningana ngokwehlulwa kwezinhlelo zezinhlaka ezahlukene zikahulumeni nezinkampani, kufaka phakathi noMnyango Wezokuthutha waseTexas kanye neKonica Minolta.

Mayelana neRhlengEXX

I-RansomEXX ibhala ngemininingwane kudiski bese idinga isihlengo ukuthola ukhiye wokuncipha. 

Ukubethela kuhlelwe kusetshenziswa umtapo wezincwadi mbedtls de Umthombo Ovulekile. Uma sekuqalisiwe, i-malware ikhiqiza ukhiye ongu-256-bit futhi isebenzisa ukubethela wonke amafayela atholakalayo kusetshenziswa ukubethela kwe-AES block kumodi ye-ECB. 

Ngemva kwalokho, ukhiye omusha we-AES wenziwa njalo ngomzuzwana, okungukuthi, amafayela ahlukene abethelwe ngamakhiye ahlukile we-AES.

Ukhiye ngamunye we-AES ubhalwe ngemfihlo kusetshenziswa ukhiye womphakathi we-RSA-4096 Kushumekwe ngekhodi ye-malware futhi linamathele kuwo wonke amafayela abetheliwe. Ngokuncipha, i-ransomware inikezela ukuthenga ukhiye oyimfihlo kubo.

Isici esikhethekile seRhlengEXX ngeyakho sebenzisa ekuhlaselweni okuhlosiwe, ngesikhathi lapho abahlaseli bethola ukufinyelela kolunye lwezinhlelo kunethiwekhi ngokubeka engozini ubuthakathaka noma izindlela zobunjiniyela bezenhlalo, ngemuva kwalokho bahlasela ezinye izinhlelo baphinde bathumele okuhlukile okuhlanganisiwe kwe-malware kwingqalasizinda ngayinye ehlaselwe, kufaka phakathi igama lenkampani kanye ne imininingwane yokuxhumana ehlukile.

Ekuqaleni, ngesikhathi sokuhlaselwa kwamanethiwekhi ezinkampani, abahlaseli bazama ukulawula eziteshini zokusebenza eziningi ngangokunokwenzeka ukufaka i-malware kuzo, kepha leli qhinga kuvele ukuthi belingalungile futhi ezimweni eziningi amasistimu abuyiselwa kabusha kusetshenziswa ibhekhaphu ngaphandle kokukhokha isihlengo. 

Manje Isu lama-cybercriminals selishintshile y inhloso yabo kwakuwukuhlula ikakhulukazi amasistimu ezinkampani ezihlanganayo futhi ikakhulukazi kumasistimu wokugcina ophakathi, kufaka phakathi lawo asebenzisa i-Linux.

Ngakho-ke ngeke kumangaze ukubona ukuthi abathengisi beRhlengEXX bakwenze kwaba umkhuba ocacile embonini; Abanye opharetha be -hlengware bangaphinda basebenzise izinhlobo zeLinux ngokuzayo.

Sisanda kuthola i-Trojan encryption Trojan entsha eyenziwe njenge-ELF ephumelelayo futhi ehlose ukubethela idatha kumishini elawulwa yizinhlelo ezisebenza nge-Linux.

Ngemuva kokuhlaziywa kokuqala, sabona ukufana kwikhodi yeTrojan, umbhalo wamanothi wokuhlengwa, nendlela ejwayelekile yokuqola, okusikisela ukuthi empeleni sithole ukwakhiwa kweLinux komndeni weRhlengEXX owaziwa ngaphambili we -hlengware. Le malware yaziwa ngokuhlasela izinhlangano ezinkulu futhi ibisebenza kakhulu ekuqaleni konyaka.

I-RansomEXX iyiTrojan ethile. Isampula ngayinye ye-malware iqukethe igama elifakwe ikhodi yenhlangano yesisulu. Ngaphezu kwalokho, kokubili ukunwetshwa kwefayela elibethelwe kanye nekheli le-imeyili lokuxhumana nabaphangi basebenzisa igama lesisulu.

Futhi le nhlangano ibonakala ngathi isiqalile. Ngokusho kwenkampani yezokuphepha i-cyber Emsisoft, ngaphezu kweRansomEXX, abasebenza ngemuva kweMespinoza (Pysa) ransomware nabo basanda kuthuthukisa okuhlukile kweLinux kusuka enguqulweni yabo yokuqala yeWindows. Ngokusho kuka-Emsisoft, okuhlukile kweRhlengEXX Linux abakutholile kuqale ukusetshenziswa ngoJulayi.

Lesi akusona okokuqala ukuthi opharetha be-malware bacabange ukuthuthukisa uhlobo lwe-Linux lwe-malware yabo.

Isibonelo, singasho icala le-malware yeKillDisk, ebisetshenziselwe ukukhubaza igridi yamandla e-Ukraine ngo-2015.

Lokhu kwahluka kwenza ukuthi "imishini yeLinux ingakwazi ukuqala, ngemuva kokubethela amafayela futhi ifune isihlengo esikhulu." Ibinenguqulo ye-Windows nenguqulo ye-Linux, "nokuyinto esingayiboni nsuku zonke," kuphawula abacwaningi be-ESET.

Ekugcineni, uma ufuna ukwazi kabanzi ngayo, ungabheka imininingwane yokushicilelwa kweKaspersky Kulesi sixhumanisi esilandelayo.