Theo ducasec.com - T? tr�a ng�y 21/01/2015, t�i b?t �?u nh?n ��?c m?t s? l?i �? ngh? tr? gi�p v? vi?c h? th?ng m?ng m�y t�nh c?a m?t s? c� quan trong �� c� c? ng�n h�ng l?n t?i Vi?t Nam b? nhi?m m?t m? �?c m?i.
Khi l�y nhi?m ��?c v�o m�y t�nh c?a n?n nh�n, m? �?c qu�t to�n b? ? �?a c?a m�y t�nh v� ti?n h�nh m? ho� c�c file b?ng m? ho� kho� c�ng khai (public key cryptography). H?u h?t c�c file quan tr?ng tr�n m�y t�nh (�?nh d?ng .doc, pdf, xls, jpg, zip�) s? kh�ng th? m? ��?c n?a. Vi?c n�y �i k�m v?i 1 th�ng b�o tr�n Desktop �?i ti?n chu?c n?u mu?n gi?i m? nh?ng file c?a n?n nh�n. �? gi?i m? ��?c c�c file n�y b?t bu?c ph?i c� kho� b� m?t (private key) m� ch? c� k? ph�t t�n m?i c�. �i?u n�y c� ngh?a l� ch�ng ta kh�ng th? kh�i ph?c l?i ��?c c�c file �? b? m? ho� tr? khi ch?p nh?n tr? ti?n cho ch�ng.
![[?IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uCuXOlu1KeVQbSRa1xc-xn3Xt7xnvOETT5rhy6DmbAtiH7-iKau9g4GRlMdUGPHp8_Ov4o2Sb9oYIgsHXL2gjkJJnopNeeirHWmursp4myRtpJHMw0D6kEXKYe=s0-d)
C�c file tr�n m�y �? b? m? ho�
![[?IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uJ9IU6Kd1ktEXEvmBKSFt0eyB7E4bBWtuM4JE7AtgZkGCsjLWlqPvXE-w4ldsYFcSk7jA9RHdtoWcpQmKsqkzo3WiQcT6k2jLantDhHjaUZbnDlMMj0iOoSy_L=s0-d)
Xu?t hi?n th�ng b�o �?i ti?n chu?c tr�n Desktop
Ho?t �?ng c?a m? �?c
C�u chuy?n b?t �?u khi n?n nh�n nh?n ��?c 1 email c� ch?a file ��nh k�m v� ng�?i d�ng t�?ng l� 1 file v�n b?n.
![[?IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vVbiqUjeyrhgVjUvAPZREFYf4HI3IFE_7GDzjcti-h5mf5swzWl0lMdUc_jzKAYjzAEwFCqIUCVzxlbjkIluHkg7rG58w_qI3vgIR6_hWY61Tl4O5RuHSMaaI1=s0-d)
B?n ch?t file ��nh k�m l� m?t file �?c h?i. Tuy nhi�n n� kh�ng ph?i l� con m? �?c t?ng ti?n CTBLocker, m� l� 1 con downloader, c� �?nh d?ng .scr (Screen Saver), v� t�n tr�ng v?i t�n file ��?c ��nh k�m trong mail.
![[?IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uG5V6ou96vhwQP28tenuoaRVsoOyBOOBLpxNnLwwLGxhARztdIZ7wnhHQ12_yjZDASAE1oWF6r-0-qNZwJ8EdOmZc-im34NxjE3gawgydOXPruMtlcBaZv4Smn=s0-d)
Con downloader s? k�ch ho?t WordPad �? hi?n th? m?t file v�n b?n, ��ng v?i n?i dung trong email. �i?u n�y khi?n ng�?i d�ng ngh? r?ng file ��nh k�m n�y ch?a v�n b?n th?t.
![[?IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_usCmoCM1x4Vlnl-WNSvIp44HS81_9HL_JApZplttWqyWJGN44Ny-j4g7z_BvpX4Nv73b3eFk2J1WG6NF2QM-uatVsrKX_rLIVQEacnc32zcEWk0Pmmt17fbN6mlg=s0-d)
Tuy nhi�n, nhi?m v? ch�nh c?a downloader l� t?i c�c file �?c h?i kh�c xu?ng. Trong tr�?ng h?p n�y, n� k?t n?i t?i m�y ch? s? t?i xu?ng 1 file .exe
![[?IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vwWulilPnwrRdRViLOdkKeLRnp5vX6cnFNZ0K2PDX76sWbsXfg7HjtUYAnwij8iFWNm2uz6gOYsSoivgRfqezBZsv8zX4905qChKGGWrVly-PJOzqX0TRRvqkYLje7hq5gG80=s0-d)
Con 24967891.exe ti?p t?c ��?� ra 2 file l� dvnoijl.job v� qechhwi.exe (T�n file c� th? kh�c nhau tr�n c�c m�y t�nh kh�c nhau)
![[?IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vzomrZJk_ec9H7bCej5O4bZpvcMNuh-5TP-zP1Eb2PzYRClMXRXOaj_js-049mvDxKJVFDMBoiEA8t2y3HGafoN14nZtz71PHRSsEflG-I_T9cUZ9nvDw_ZDLD-PEeM09LzzHS=s0-d)
Con qechhwi.exe m?i l� nh�n v?t ch�nh c?a ch�ng ta, nhi?m v? c?a n� l� m? ho� t?t c? c�c file .doc, pdf, xls, jpg, zip� tr�n m�y t�nh c?a n?n nh�n, sau �� hi?n th? th�ng b�o do? n?t v� t?ng ti?n.
![[?IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vFqyA7rsiFCV0Ks_A42ftxj9SpIX0VezKKV8xBm_cbC1calnm0Y5f3D7WP3T_SdLKW2xrJeOaRF9EibETq_505n0AAeo4j6nJdgKoTh1ovx-3yBrTktjLzfon283laLC9ygIg=s0-d)
M? �?c m? c�c th� m?c v� m? ho� file
![[?IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tXpkgotYEjE2yemUHaatFWZMxIHIwCLFU6tgriLmm4077wir-nVeTk2AGzNr9_wWGH-ddvAnPk9KfdXyfhJcKwR-BMZqXVxhhaxeP78Lue9uPYcf75kEBo4V6d=s0-d)
K? t?ng ti?n s? d?ng h? th?ng TOR (The Onion Router) �? k?t n?i m�y n?n nh�n v?i m�y ch? �i?u khi?n
Ch�ng ta n�n l�m g? ?
Th?c t?, khi b? m? ho�, ch�ng ta kh�ng c� c�ch n�o gi?i m? ��?c c�c file n?u nh� kh�ng c� kho�. V? v?y, nhi?u ng�?i �? b?t bu?c ph?i tr? ti?n cho k? ph�t t�n �? l?y l?i nh?ng file quan tr?ng c?a m?nh. Trong tr�?ng h?p n�y th? �ph?ng ch�y h�n ch?a ch�y�.
�? kh�ng b? l�y nhi?m nh?ng m? �?c t?ng ti?n ch�ng ta n�n:
- Trang b? cho m?nh m?t ph?n m?m di?t virus c?p nh?t th�?ng xuy�n. Ch�ng ta c� th? s? d?ng ph?n m?m mi?n ph� �? t?t c?a Microsoft l� Windows Defender (Windows 8) v� Microsoft Security Essentials (Windows 7 tr? xu?ng). Ho?c ch�ng ta c� th? mua c�c ph?n m?m di?t virus kh�c �? c� th? h? tr? k? thu?t.
- C?nh gi�c v?i c�c file ��nh k�m trong email. T?t nh?t l� kh�ng m? file �?i v?i email g?i t? ng�?i l?.
- Ch? t?i c�c file c�i �?t t? website ch�nh g?c
- Kh�ng b?m v�o c�c ��?ng link nh?n ��?c qua chat hay email
- Th�?ng xuy�n backup c�c file t�i li?u c?a m?nh
Ngu?n: ducasec.com
Khi l�y nhi?m ��?c v�o m�y t�nh c?a n?n nh�n, m? �?c qu�t to�n b? ? �?a c?a m�y t�nh v� ti?n h�nh m? ho� c�c file b?ng m? ho� kho� c�ng khai (public key cryptography). H?u h?t c�c file quan tr?ng tr�n m�y t�nh (�?nh d?ng .doc, pdf, xls, jpg, zip�) s? kh�ng th? m? ��?c n?a. Vi?c n�y �i k�m v?i 1 th�ng b�o tr�n Desktop �?i ti?n chu?c n?u mu?n gi?i m? nh?ng file c?a n?n nh�n. �? gi?i m? ��?c c�c file n�y b?t bu?c ph?i c� kho� b� m?t (private key) m� ch? c� k? ph�t t�n m?i c�. �i?u n�y c� ngh?a l� ch�ng ta kh�ng th? kh�i ph?c l?i ��?c c�c file �? b? m? ho� tr? khi ch?p nh?n tr? ti?n cho ch�ng.
![[?IMG]](http://www.ducasec.com/wp-content/uploads/2015/01/f0.png)
C�c file tr�n m�y �? b? m? ho�
![[?IMG]](http://www.ducasec.com/wp-content/uploads/2015/01/f1.png)
Xu?t hi?n th�ng b�o �?i ti?n chu?c tr�n Desktop
Ho?t �?ng c?a m? �?c
C�u chuy?n b?t �?u khi n?n nh�n nh?n ��?c 1 email c� ch?a file ��nh k�m v� ng�?i d�ng t�?ng l� 1 file v�n b?n.
![[?IMG]](http://www.ducasec.com/wp-content/uploads/2015/01/f2.png)
B?n ch?t file ��nh k�m l� m?t file �?c h?i. Tuy nhi�n n� kh�ng ph?i l� con m? �?c t?ng ti?n CTBLocker, m� l� 1 con downloader, c� �?nh d?ng .scr (Screen Saver), v� t�n tr�ng v?i t�n file ��?c ��nh k�m trong mail.
![[?IMG]](http://www.ducasec.com/wp-content/uploads/2015/01/f3.png)
Con downloader s? k�ch ho?t WordPad �? hi?n th? m?t file v�n b?n, ��ng v?i n?i dung trong email. �i?u n�y khi?n ng�?i d�ng ngh? r?ng file ��nh k�m n�y ch?a v�n b?n th?t.
![[?IMG]](http://www.ducasec.com/wp-content/uploads/2015/01/f51.png)
Tuy nhi�n, nhi?m v? ch�nh c?a downloader l� t?i c�c file �?c h?i kh�c xu?ng. Trong tr�?ng h?p n�y, n� k?t n?i t?i m�y ch? s? t?i xu?ng 1 file .exe
![[?IMG]](http://www.ducasec.com/wp-content/uploads/2015/01/f4.png)
Con 24967891.exe ti?p t?c ��?� ra 2 file l� dvnoijl.job v� qechhwi.exe (T�n file c� th? kh�c nhau tr�n c�c m�y t�nh kh�c nhau)
![[?IMG]](http://www.ducasec.com/wp-content/uploads/2015/01/f5.png)
Con qechhwi.exe m?i l� nh�n v?t ch�nh c?a ch�ng ta, nhi?m v? c?a n� l� m? ho� t?t c? c�c file .doc, pdf, xls, jpg, zip� tr�n m�y t�nh c?a n?n nh�n, sau �� hi?n th? th�ng b�o do? n?t v� t?ng ti?n.
![[?IMG]](http://www.ducasec.com/wp-content/uploads/2015/01/f6.png)
M? �?c m? c�c th� m?c v� m? ho� file
![[?IMG]](http://www.ducasec.com/wp-content/uploads/2015/01/f7.png)
K? t?ng ti?n s? d?ng h? th?ng TOR (The Onion Router) �? k?t n?i m�y n?n nh�n v?i m�y ch? �i?u khi?n
Ch�ng ta n�n l�m g? ?
Th?c t?, khi b? m? ho�, ch�ng ta kh�ng c� c�ch n�o gi?i m? ��?c c�c file n?u nh� kh�ng c� kho�. V? v?y, nhi?u ng�?i �? b?t bu?c ph?i tr? ti?n cho k? ph�t t�n �? l?y l?i nh?ng file quan tr?ng c?a m?nh. Trong tr�?ng h?p n�y th? �ph?ng ch�y h�n ch?a ch�y�.
�? kh�ng b? l�y nhi?m nh?ng m? �?c t?ng ti?n ch�ng ta n�n:
- Trang b? cho m?nh m?t ph?n m?m di?t virus c?p nh?t th�?ng xuy�n. Ch�ng ta c� th? s? d?ng ph?n m?m mi?n ph� �? t?t c?a Microsoft l� Windows Defender (Windows 8) v� Microsoft Security Essentials (Windows 7 tr? xu?ng). Ho?c ch�ng ta c� th? mua c�c ph?n m?m di?t virus kh�c �? c� th? h? tr? k? thu?t.
- C?nh gi�c v?i c�c file ��nh k�m trong email. T?t nh?t l� kh�ng m? file �?i v?i email g?i t? ng�?i l?.
- Ch? t?i c�c file c�i �?t t? website ch�nh g?c
- Kh�ng b?m v�o c�c ��?ng link nh?n ��?c qua chat hay email
- Th�?ng xuy�n backup c�c file t�i li?u c?a m?nh
Ngu?n: ducasec.com
M? �?c CTBLocker m?i chuy�n t?ng ti?n xu?t hi?n t?i Vi?t Nam
4/
5
Oleh
Unknown
