Amafayela akho abhalwe ngekhodi - yini okufanele ayenze?

Enye ye-malware enenkinga kakhulu namuhla i-trojan noma igciwane elibethela amafayela ku-disk yomsebenzisi. Amanye alawa mafayela angaqedwa, futhi amanye - hhayi okwamanje. Leli bhukwana liqukethe ama-algorithms okungenzeka okwenzeka kuzo zombili izimo, izindlela zokunquma uhlobo oluthile lokubethela kwi-No More Reduction and ID Ransomware services, kanye nokubukezwa okufushane kwesofthiwe yokulwa ne-anti-virus (ransomware).

Kukhona ukuguqulwa okuncane kwamagciwane noma i-Trojans yesihluthulelo (futhi okusha kuvela njalo), kodwa into esemqoka yomsebenzi wukuthi ngemuva kokufaka amafayela amadokhumenti, izithombe nezinye amafayela angabalulekile, abhalwe nge-extension kanye nokususwa kwamafayela okuqala. bese uthola umlayezo efayeleni ye-readme.txt echaza ukuthi wonke amafayela akho abhalwe ngokubethelwa, futhi ukuwachitha kufanele udlulisele inani elithile kumhlaseli. Qaphela: Ukubuyekezwa kwe-Windows 10 Fall Creators manje kunesivikelo esakhelwe ngaphakathi kuma-virtual encryption.

Kuthiwani uma yonke idatha ebalulekile ibhalwe ngekhodi

Okokuqala, ulwazi oluthe xaxa lokubethela amafayela abalulekile kukhompyutheni yakho. Uma idatha ebalulekile kukhompyutha yakho ibhalwe ngokubethelwa, okokuqala kungadingeki ukwesabeke.

Uma unethuba elinjalo, kopisha ifayela lesampula ngesicelo sombhalo esivela kumhlaseli wokumisa kabusha, kanye nesibonelo sefayela elibethelwe, ku-drive yangaphandle (i-flash drive) kusuka kwidiski disk lapho i-encryptor virus (ransomware) ivele khona. Vala ikhompyutha ukuze igciwane lingakwazi ukuqhubeka ukubethela idatha, futhi wenze izenzo ezisele kwenye ikhompyutha.

Isigaba esilandelayo ukuthola ukuthi yiluphi uhlobo lwegciwane idatha yakho ebhaliwe ngokusebenzisa amafayela atholakalayo athile: kwabanye babo kuneziqu ezincane (ezinye ngizozikhomba lapha, ezinye ziboniswa eduze kokuphela kwalesi sihloko), kwabanye - hhayi okwamanje. Kodwa ngisho nakulolu cala, ungathumela izibonelo zamafayela obhalwe ngokumelene nama-anti-virus lab (Kaspersky, uDkt Web) ukuze atadishe.

Kanjani ngempela ukuthola? Ungakwenza lokhu usebenzisa i-Google, uthola izingxoxo noma uhlobo lwe-cryptographer ngokukhuliswa kwefayela. Futhi yaqala ukuvela amasevisi ukunquma uhlobo lwe-ransomware.

Akusekho Isihlengo

Isikho Isihlengo singumthombo osebenzayo othuthukayo osekelwa abathuthukisi bamathuluzi okuphepha futhi atholakalayo kuyi-Russian version, ehlose ukulwa namagciwane ngama-cryptographers (iTrojans-extortionists).

Ngenhlanhla, akukho Isihlengo esingasisiza ukuchithwa amadokhumenti akho, imininingwane yolwazi, izithombe nolunye ulwazi, ukulanda izinhlelo ezidingekayo zokumiswa kabusha, futhi uthole ulwazi oluzosiza ekugwemeni izinsongo ezinjalo esikhathini esizayo.

Akusekho Isihlengo, ungazama ukuchithwa amafayela akho bese unquma uhlobo lwegciwane lokubethela kanje:

  1. Chofoza okuthi "Yebo" ekhasini eliyinhloko le-service //www.nomoreransom.org/ru/index.html
  2. Ikhasi le-Crypto Sheriff lizovula, lapho ungalanda khona izibonelo zamafayili abhalwe ngokungekho ngaphezu kuka-1 Mb ngobukhulu (ngincoma ukulayisha idatha engekho emfihlo), futhi ucacise amakheli e-imeyli noma amasayithi abaqashi abacela isihlengo (noma ulande ifayela le-readme.txt imfuneko).
  3. Chofoza inkinobho ethi "Hlola" futhi ulinde isheke kanye nomphumela walo ukuqedela.

Ukwengeza, isayithi inezigaba ezisebenzayo:

  • I-Decryptors - cishe zonke izinsizakusebenza ezikhona okwamanje zokuchithwa kwamafayela we-virus-encrypted.
  • Ukuvimbela ukutheleleka - ulwazi oluhloswe ikakhulukazi kubasebenzisi besikhombisa, okungasiza ekugwemeni ukutheleleka esikhathini esizayo.
  • Imibuzo nezimpendulo - ulwazi kulabo abafuna ukuqonda kangcono umsebenzi we-virtual encryption kanye nezenzo ezimweni uma ubhekene neqiniso lokuthi amafayela kwikhompyutha yakho abhalwe ngekhodi.

Namuhla, Akukho Isihlengo esingaba yisisetshenziswa esibaluleke kakhulu futhi esiwusizo esihlotshaniswa nokukhipha amafayela womsebenzisi waseRashiya, ngincoma.

Id ransomware

Enye insizakalo enjalo yi-//id-ransomware.malwarehunterteam.com/ (nakuba ngingayazi kahle ukuthi isebenza kanjani ngezilimi ezihlukahlukene zolimi lwesiRashiya, kodwa kudingekile ukuzama ngokunikeza isevisi isibonelo sefayela elibhalwe ngekhodi futhi ifayela lokubhala ngesicelo sesihlengo).

Ngemuva kokunquma uhlobo lwe-cryptographer, uma uphumelela, zama ukuthola usizo lokwehlukanisa lolu khetho ngemibandela efana ne: Decryptor Type_Chiler. Izinsiza ezinjalo zikhululekile futhi zikhiqizwa abakhiqizi be-antivirus, isibonelo, izinsiza eziningana ezinjalo zingatholakala kumasayithi e-Kaspersky //support.kaspersky.ru/viruses/utility (ezinye izinsizakalo zisondele ekupheleni kwalesi sihloko). Futhi, njengoba sekushiwo kakade, unganqikazi ukuxhumana nabathuthukisi bezinhlelo ze-unqulo wesi arab kwizinkundla zabo noma isevisi yokusekela imeyili.

Ngeshwa, konke lokhu akusizi ngaso sonke isikhathi futhi awekho ama-decrypters asebenzayo njalo. Kulesi simo, lezi zimo zihlukile: abaningi abakhokha imali, babakhuthaza ukuthi baqhubeke lo msebenzi. Abanye abasebenzisi basizwa uhlelo lokubuyisela idatha kwikhompyutha (ngoba igciwane, ngokwenza ifayela elibhalwe ngokubethelwa, lisusa ifayela elivamile, elibalulekile elingatholakaliswa).

Amafayela kukhompyutha abhalwe nge-xtbl

Enye yezinguquko zakamuva zegciwane le-ransomware lifaka amafayili amafayili, iwafaka ngamafayela nge-extension ye-.bbbl negama eliqukethe isethi okungahleliwe kwezinhlamvu.

Ngesikhathi esifanayo, ifayela lombhalo readme.txt lifakwe kukhompuyutha cishe cishe okuqukethwe okulandelayo: "Amafayili akho ayebhalwe ngekhodi. Ukuze uwaqede, udinga ukuthumela ikhodi ekhelini le-imeyili [email protected], [email protected] noma [email protected]. uzothola yonke imiyalelo edingekayo. Ukuzama ukuchithwa amafayela ngokwakho kuyoholela ekulahlekelweni kolwazi olungenakufinyeleka "(ikheli leposi nombhalo kungahluka).

Ngeshwa, okwamanje akukho indlela yokuchithwa .xtbl (ngokushesha uma ivela, imfundo izobuyekezwa). Abanye abasebenzisi abanolwazi olubaluleke kakhulu kukhompyutha yabo babika ama-anti-virus amaforamu ukuthi athumele ama-ruble angu-5 000 noma enye imali edingekayo kubalobi begciwane futhi bathola i-descrambler, kodwa lokhu kuyingozi kakhulu: ngeke uthole lutho.

Kuthiwani uma amafayela ebhalwe ngekhodi .xtbl? Izincomo zami zimi kanje (kodwa zihlukile kulazo ezinye izingosi eziningi, lapho, isibonelo, zincoma ukuthi uvala ikhompyutha ekunikezeni amandla ngokushesha noma ungasusi igciwane. Ngombono wami, lokhu akudingekile, futhi ngaphansi kwezimo ezithile kungase kube kuyingozi, noma ngabe unquma yini.):

  1. Uma ungakwazi, ukuphazamisa inqubo yokubhala ngokukhipha imisebenzi ehambelana kumphathi wezinsizakalo, ukuxhuma ikhompyutha yakho kusuka ku-intanethi (lokhu kungaba isimo esidingekayo sokubethela)
  2. Khumbula noma ubhale ikhodi abahlaseli abayidingayo ukuze bathumele ekhelini le-imeyli (nje kungekho efayeleni yombhalo kukhompyutha, uma kungenzeka, ukuze kungabikho ukubethelwa).
  3. Ukusebenzisa i-Malwarebytes Antimalware, i-trial trial ye-Kaspersky Internet Security noma i-Dr.Web Cure It ukususa igciwane elibethela amafayela (wonke amathuluzi angenhla enza umsebenzi omuhle nalokhu). Ngineluleka ukuthi uphenduke ngokusebenzisa umkhiqizo wokuqala nomzuzwana ohlwini (nakuba ngabe une-antivirus efakwe, ukufaka kwesibili "phezulu" akusifisi, ngoba kungabangela izinkinga ekusebenzeni komshini.)
  4. Lindela inkampani ye-anti-virus ukuthi ivele. Ngaphambili kukhona iKaspersky Lab.
  5. Ungathumela futhi isibonelo sefayela elibhalwe ngekhodi futhi ikhodi edingekayo [email protected], uma unekhophi yefayela elifanayo kufomu elingabhalisiwe, thumela nalo. Ngokweqikithi, lokhu kungasheshisa ukubukeka kwe-decoder.

Okungafanele ukwenze:

  • Qamba kabusha amafayela obhaliwe, shintsha isandiso futhi ususe uma kubalulekile kuwe.

Lokhu cishe konke engingakusho mayelana namafayela abhaliwe nge-.xtbl extension kule ndawo ngesikhathi.

Amafayela abhalwe ngekhodi okungcono_call_saul

I-encryption virus yakamuva ingcono Shayela uSawulu (iTrojan-Isihlengo.Win32.Shade), esetha isandiso se-better_call_saul samafayela obhaliwe. Indlela yokuchithwa amafayela anjalo ayikacaci. Labo abasebenzisi abaxhumana noKaspersky Lab noDktWeb bathola ulwazi lokuthi lokhu angeke kwenziwe okwamanje (kodwa zama ukuthumela noma kunjalo - amasampula amaningi amafayela abhaliwe kusuka kubathuthukisi = amathuba okuthola indlela).

Uma kuvela ukuthi usutholile indlela yokuchithwa (okungukuthi, ithunyelwe kwenye indawo, kepha angizange ngiyilandele), sicela wabelane ngolwazi kumazwana.

I-Trojan-Ransom.Win32.Aura neTrojan-Isihlengo.Win32.Rakhni

I-Trojan elandelayo efaka amafayela bese efakwe izandiso kulolu hlu:

  • .valiwe
  • .crypto
  • .kraken
  • I -ES256 (akukhona ngempela le trojan, kunezinye ezifaka isandiso esifanayo).
  • .codercsu @ gmail_com
  • .enc
  • .oshit
  • Futhi abanye.

Ukuze uqede amafayela ngemuva kokusebenza kwala ma-virusi, iwebhusayithi ye-Kaspersky ine-utility yamahhala, i-RakhniDecryptor, etholakala ekhasini elisemthethweni //support.kaspersky.com/viruses/disinfection/10556.

Kukhona nemininingwane eningiliziwe yokuthi ungasebenzisa kanjani le nsizakalo, ebonisa indlela yokubuyisela amafayili abhaliwe, engingaba khona uma kwenzeka ususe into "Susa amafayela abhaliwe ngemuva kokumiswa kabusha okuphumelelayo" (nakuba ngicabanga ukuthi konke kuzokwenza kahle ngokukhetha okufakiwe).

Uma unayo ilayisense ye-anti-virus ye-Dr.Web, ungasebenzisa ukukhishwa kwamahhala kule nkampani ku //support.drweb.com/new/free_unlocker/

Izinhlobonhlobo eziningi ze-encryption virus

Kungavamile kakhulu, kepha kukhona amaTrojans alandelayo, abhala amafayili futhi adinga imali yokumisa kabusha. Izixhumanisi ezinikeziwe azizona nje izinsizakalo zokubuyiselwa kwamafayela akho, kodwa futhi incazelo yezibonakaliso ezizosiza ukunquma ukuthi unayo igciwane elithile. Nakuba ngokuvamile, indlela engcono kakhulu: ngosizo lwe-Kaspersky Anti-Virus, hlola isistimu, thola igama leThrojani ngokwezigaba zale nkampani, bese usesha ukuthi yilophi igama.

  • I-Trojan-Ransom.Win32.Rector iyisikhungo samahhala se-RectorDecryptor sokumiswa kabusha kanye nomhlahlandlela wokusetshenziswa okhona lapha: //support.kaspersky.com/viruses/disinfection/4264
  • I-Trojan-Ransom.Win32.Xorist yiTrojan efana nayo ebonisa ifasitela ikucela ukuba uthumele i-SMS ekhokhelwe noma uxhumane nge-e-mail ukuze uthole imiyalelo ekukhoneni. Imiyalo yokuthola amafayela obhalwe phansi kanye nosizo lwe-XoristDecryptor yalokhu kukhasi //support.kaspersky.com/viruses/disinfection/2911
  • I-Trojan-Ransom.Win32.Rannoh, i-Trojan-Ransom.Win32.Fury - RannohDecryptor //support.kaspersky.com/viruses/disinfection/8547 insiza
  • I-Trojan.Encoder.858 (i-xtbl), i-Trojan.Encoder.741 kanye nabanye abanegama elifanayo (lapho behlola nge-anti-virus ye-Dr.Web noma i-Cure It utility) nezinombolo ezahlukene - zama ukucinga nge-Internet ngegama leThrojani. Kwezinye zazo kunezinsiza zeDktWeb zokumisa kabusha, futhi, uma ungawutholi Umbuso, kodwa kukhona ilayisense yeDktWeb, ungasebenzisa ikhasi elisemthethweni //support.drweb.com/new/free_unlocker/
  • I-CryptoLocker - ukuchofoza amafayela ngemuva kokusebenzisa i-CryptoLocker, ungasebenzisa isayithi //decryptcryptolocker.com - ngemva kokuthumela ifayela lesampula, uzothola ukhiye kanye nesevisi ukuze ululame amafayela akho.
  • Esikhathini//bitbucket.org/jadacyrus/ransomwareremovalkit/ukulandwa kutholakala i-Ransomware Ukususwa Kit - ingobo yomlando enkulu ngolwazi ngezinhlobo ezahlukene zama-cryptographers nezinsiza zokumemezela (ngesiNgisi)

Kamuva, kusukela ezindabeni zakamuva - uKaspersky Lab, kanye nezikhulu zomthetho ezivela eNetherlands, bahlakulele iRansomware Decryptor (//noransom.kaspersky.com) ukuze baqede amafayela ngemuva kweCoinVault, nokho, lo mphoyisa akayitholakali emaceleni ethu.

Anti-virus encryptors noma ransomware

Ngenxa yokwanda kweRansomware, abaningi abakhiqizi be-anti-virus kanye namathuluzi okulwa ne-malware baqala ukukhulula izixazululo zabo zokuvimbela ukubethela kukhompuyutha, phakathi kwabo kukhona:
  • I-Malwarebytes Anti-ransomware
  • BitDefender Anti-Ransomware
  • WinAntiRansom
Abokuqala ababili basese-beta, kepha bakhululekile (basekela kuphela incazelo yeqoqo elilinganiselwe lamagciwane aloluhlobo - TeslaCrypt, CTBLocker, Locky, CryptoLocker .I-WinAntiRansom - umkhiqizo okhokhelwe othembisa ukuvimbela ukubethela cishe noma yisiphi isampula se-ransomware, okuhlinzeka ukuvikelwa kokubili izinkinobho zenethiwekhi.

Kodwa: lezi zinhlelo azenzelwe ukuchithwa, kodwa kuphela ukuvimbela ukubethela kwamafayela abalulekile kukhompyutha yakho. Futhi ngokuvamile, kubonakala sengathi lezi zimisebenzi kufanele ziqaliswe kumikhiqizo elwa ne-virus, kungenjalo isimo esiyinqaba sitholakalayo: umsebenzisi udinga ukugcina unqulo wesi arab kuphela kwikhompyutha, indlela yokulwa ne-AdWare ne-Malware, futhi manje ne-Anti-ransomware utility, kanye kuphela uma kwenzeka i-Anti- sebenzisa.

Ngendlela, uma kungazelelwe kuvele ukuthi unento engangeza yona (ngoba ngingenaso isikhathi sokubheka okwenzekayo ngezindlela zokumisa kabusha), bika kumazwana, lolu lwazi luzosiza kwabanye abasebenzisi abahlangabezane nenkinga.