باج افزار Golden Eye چگونه کار می کند؟

CONTEXT

Bitdefender has identified a massive ransomware campaign that is currently unfolding worldwide. Preliminary information shows that the malware sample responsible for the infection is an almost identical clone of the GoldenEye/Petya ransomware family.

Several companies confirmed so far to have fallen victim to GoldenEye/Petya ransomware: Chernobyl’s radiation monitoring system, DLA Piper law firm, pharma company Merck, a number of banks, an airport, the Kiev metro, Danish shipping and energy company Maersk, British advertiser WPP and Russian oil industry company Rosnoft. The attacks were widespread in Ukraine, affecting Ukrenergo, the state power distributor, and several of the country’s banks.

HOW GOLDEN EYE WORKS

Bitdefender Labs confirms that the GoldenEye / Petya ransomware leverages the EternalBlue exploit to spread from one computer to another. Additional exploits are also used to propagate. Details coming soon.

Unlike most ramsonware, the new GoldenEye variant has two layers of encryption: one that individually encrypts target files on the computer and another one that encrypts NTFS structures. This approach prevents victims computers from being booted up in a live OS environment and retreiving stored information or samples. Just like Petya, GoldenEye encrypts the the entire hard disk drive and denies the user access to the computer. However, unlike Petya, there is no workaround to help victims retrieve the decryption keys from the computer.

Additionally, after the encryption process is complete, the ransomware has a specialized routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until the $300 ransom is paid.

BITDEFENDER TECHNOLOGIES PROTECT CUSTOMERS AGAINST RANSOMWARE

Bitdefender blocks the currently known samples of the new GoldenEye variant.

GravityZone provides a layered next-gen architecture that delivers prevention, detection, remediation and visibility in a single modular platform.

 

Bitdefender Machine Learning models, available in all editions of Bitdefender GravityZone, are designed specifically to catch never before seen attacks at pre-execution stage.

In addition to machine learning, it also includes Process Inspector, which continuously monitors all running processes and hunts for suspicious activities or anomalous process behaviors commonly associated with ransomware.

Moreover, Bitdefender’s revolutionary Hypervisor Introspection technology, unique on the security market, is able to protect virtual servers from the entry mechanism of these attacks (the MS17-010 exploitation technique, otherwise known as EternalBlue).

Watch Hypervisor Introspection defeat EternalBlue

 

See More ....

 

شرکت مهندسی ابل رایان پویا


«تمامي كالاها و خدمات اين فروشگاه، حسب مورد داراي مجوزهاي لازم از مراجع مربوطه مي‌باشند و فعاليت‌هاي اين سايت تابع قوانين و مقررات جمهوري اسلامي ايران است.»

آنتی ویروس امنیتی بیت دیفندر

به میلیون ها کاربر کامپیوتری که به نشان گرگ اژدهای بیت دیفندر اطمینان کرده اند بپیوندید و از امنیتی آرام لذت ببرید.

راه کارهای امنیتی بیت دیفندر طیف وسیعی از محصولات را برای فراهم کردن امنیتی آرام جهت کاربران خانگی، سازمان های متوسط و بزرگ فراهم کرده است. محصولات بیت دیفندر با امکاناتی نظیر ضد بدافزارها، آنتی ویروس، آنتی فیشینگ، کنترل والدین، دیواره آتش، پرداخت امن، کیف پول امن و ... هر آنچه را که برای محافظت از شما در فضای مجازی نیاز است را در اختیار شما می گزارد.
بیت دیفندر داشته باشید و با خیال آسوده به دنیای مجازی وارد شوید.