新電腦病毒撲面而來,Petya到底是什么?
作者:Paul Wagenseil
來源:Tom's Guide
2017-07-03 11:10
How did this begin?
源頭在哪?
The Petya ransomware worm began spreading Tuesday morning with a fake software update that was pushed out to businesses and other enterprises in Ukraine. The software concerned, called MEDoc, is a financial-monitoring application that all businesses in Ukraine must have installed.
Petya勒索軟件蠕蟲于本周二早上開始傳播,它假借軟件更新,強(qiáng)制推送給烏克蘭企業(yè)。涉事軟件叫做MEDoc,是所有烏克蘭企業(yè)都必須安裝的一個(gè)財(cái)務(wù)監(jiān)控應(yīng)用程序。
How did Petya spread?
Petya如何傳播?
From its initial infection point in Ukraine, the Petya worm quickly spread to companies in other European countries through enterprise networks.
通過企業(yè)網(wǎng)絡(luò),Petya蠕蟲迅速從最初位于烏克蘭的感染點(diǎn)傳播到其他歐洲公司。
There's some evidence that Petya also spread via infected email attachments, but that theory is not quite as well established.
有證據(jù)表明,Petya還會以被感染的電子郵件附件的形式傳播,不過這一理論并不完善。
What does Petya do?
Petya能做什么?
Petya is really four things. It's a worm that uses Windows networking tools, and exploits used by the NSA, to spread through local networks.
實(shí)際上,關(guān)于Petya需要說明四點(diǎn)。蠕蟲利用Windows網(wǎng)絡(luò)工具和美國國家安全局使用過的漏洞并通過局域網(wǎng)傳播。
It's a piece of ransomware that encrypts the Master Boot Record — the guts of a Windows hard drive — to prevent a computer from starting up properly.
勒索軟件通過加密主引導(dǎo)記錄即Windows硬盤驅(qū)動器的重要部分來阻止計(jì)算機(jī)正常啟動。
There's also a second piece of ransomware that encrypts various files on the machine if the Master Boot Record attack fails.
如果攻擊主引導(dǎo)記錄失敗,則有第二個(gè)勒索軟件加密電腦上的各類文件。
And there's a fourth component that steals usernames and passwords from infected machines, possibly only so it can infect more machines.
此外,第四個(gè)組件可以從已感染的電腦中竊取用戶名和密碼,這可能是為了感染更多電腦。
Who is at risk?
哪些電腦有感染風(fēng)險(xiǎn)?
The silver lining is that properly patched Windows systems that are not connected to enterprise networks, such as home computers, are at little risk of being infected by the Petya worm — at least for now. If you use a home computer to connect to a corporate VPN, however, you greatly increase the chances of your home network becoming infected.
還算幸運(yùn)的是,未連接到企業(yè)網(wǎng)絡(luò)并打過正確補(bǔ)丁的Windows系統(tǒng),比如家用電腦幾乎不會受到Petya蠕蟲感染,至少目前不會。但是,假如你用家用電腦連接到企業(yè)VPN,則會大大增加家庭網(wǎng)絡(luò)受感染的幾率。
Does the Petya worm infect Macs, iPhone, Android devices or Linux boxes?
Petya蠕蟲是否會感染Mac、iPhone、安卓設(shè)備或Linux電視盒?
Only Windows machines appear to be at risk.
只有運(yùn)行Windows系統(tǒng)的電腦存在感染風(fēng)險(xiǎn)。
Does fully patching a Windows computer stop Petya?
打過完全補(bǔ)丁的Windows電腦能阻止Petya嗎?
Even fully updated Windows computers on an enterprise network can be infected by the Petya worm. That's because once it establishes itself on even one machine inside an enterprise network, Petya will spread by stealing Windows administrative passwords and using standard Windows network-administration tools to install itself on every Windows machine it can.
即便是企業(yè)網(wǎng)絡(luò)上徹底更新過的Windows電腦也可能被Petya蠕蟲感染。這是因?yàn)橐坏㏄etya感染了企業(yè)網(wǎng)絡(luò)中的一臺電腦,它將通過竊取Windows管理密碼并使用標(biāo)準(zhǔn)的Windows網(wǎng)絡(luò)管理工具來讓每臺Windows電腦都安裝Petya,以此傳播病毒。
Will antivirus software stop the Petya worm?
殺毒軟件能阻止Petya蠕蟲嗎?
It should. All good antivirus software products should block the Petya worm from installing. That may change if the worm's code or behavior drastically changes.
應(yīng)該能。所有好的殺毒軟件都應(yīng)該阻止電腦安裝Petya蠕蟲。不過隨著蠕蟲代碼或行為產(chǎn)生巨變,這一情形可能會改變。
Is Petya related to WannaCry?
Petya和此前的WannaCry有關(guān)聯(lián)嗎?
Petya also uses the ETERNALBLUE exploit, also used by the otherwise unrelated WannaCry ransomware worm in mid-May, to spread among Windows machines in an enterprise network.
Petya也利用“永恒之藍(lán)”漏洞在企業(yè)網(wǎng)絡(luò)內(nèi)的Windows電腦間傳播,這一點(diǎn)和5月中旬爆發(fā)的WannaCry勒索軟件蠕蟲相似,除此以外并無關(guān)聯(lián)。
Who's behind Petya?
誰是幕后黑手?
It's not clear who created and released Petya, but a lot of circumstantial evidence points to "patriotic" Russian hackers.
不清楚是誰制作和發(fā)布了Petya,不過很多間接證據(jù)指向了“愛國”的俄羅斯黑客。
Why is it called Petya?
為什么叫做Petya?
The ransomware component of this new worm bears at least superficial resemblance to the latest iterations of Petya, a ransomware strain first spotted in 2015. (Petya is Russian for "Pete.")
這種新蠕蟲的勒索軟件組件至少表面上看來與最新的Petya迭代相似,Petya是2015年首次發(fā)現(xiàn)的勒索病毒(Petya對應(yīng)俄語中的“Pete”)。
Should I pay the Petya ransom?
中招后應(yīng)該支付贖金嗎?
If your computer is encrypted by Petya, there's no point in paying the ransom. The email address that you have to contact to collect the decryption key, wowsmith123456@, has been shut down by the email host. Unless new strains of the ransomware provide a different contact email address, there's no way to recover your files.
如果你的電腦不幸被Petya加密,那么即便支付贖金也無濟(jì)于事。你必須聯(lián)系wowsmith123456@來獲取解密密鑰,而該電子郵件地址已被郵箱服務(wù)商關(guān)閉。除非新的勒索軟件提供另一個(gè)電子郵件地址,否則不可能恢復(fù)你的文件。
Is there a Petya "kill switch"?
有沒有Petya“自殺開關(guān)”?
No. However, there are a couple of ways that you might be able to prevent or stop the encryption process.
沒有。不過倒有幾種方法可以防止或中斷加密過程。
First, if your computer randomly begins to shut down, abort the shutdown process and keep it running. The Petya worm has to reboot the machine in order encrypt the hard drive's Master Boot Record, which is essential to the Windows startup process.
首先,如果你的電腦突然開始關(guān)機(jī),應(yīng)立即中止關(guān)機(jī),保持電腦開機(jī)狀態(tài)。Petya蠕蟲必須重啟電腦才能加密硬盤驅(qū)動器的主引導(dǎo)記錄,主引導(dǎo)記錄對Windows啟動過程至關(guān)重要。
Second, you can try to "immunize" your machine by creating a read-only file called "perfc" and putting it in the Windows directory. In some instances, if the Petya worm sees that file, it won't encrypt the machine — but it will continue to spread to other machines on the same network. However, we've seen reports that this method doesn't work on Windows 7, and that new versions of the Petya code may not have this function.
其次,你可以嘗試通過創(chuàng)建一個(gè)名為“perfc”的只讀文件并將其放入Windows目錄中來“免疫”你的電腦。在某些情況下,如果Petya蠕蟲看到該文件,它便不會加密這臺電腦,但它會繼續(xù)擴(kuò)散到同一網(wǎng)絡(luò)上的其他電腦。不過,我們已經(jīng)見到報(bào)告說這種方法不適用于Windows 7系統(tǒng),而且新版Petya代碼可能沒有這一功能。
(本文翻譯:Frank)
聲明:本雙語文章的中文翻譯系滬江英語原創(chuàng)內(nèi)容,轉(zhuǎn)載請注明出處。中文翻譯僅代表譯者個(gè)人觀點(diǎn),僅供參考。如有不妥之處,歡迎指正。
- 相關(guān)熱點(diǎn):
- 英語翻譯
- 熱點(diǎn)速遞:全球好玩新鮮事兒
- 真愛至上