加密病毒的功能-CSDN博客

Cybercriminals use encrypted ransomware that has become the most common type because it is difficult to crack the encryption and remove the malware. All the stuff you keep on your PC is encrypted by malicious code for ransom. Most Ransomware these days use AES — RSA encryption methods that are incredibly difficult to crack.

网络犯罪分子使用加密的勒索软件成为最常见的类型，因为很难破解加密和删除恶意软件。您保留在PC上的所有内容均已通过恶意代码加密，以勒索赎金。如今，大多数勒索软件使用的是AES-RSA加密方法，难以破解。

Ransomware virus encrypts the files as if they were actively encrypted, but actually, they are hidden in a separate file, which waits for a defined set of conditions to be unlocked before they are decrypted. In the case of ransomware, the viruses can encrypt files without the knowledge or consent of the user. The encryption key is generated offline and embedded in the malware before it is sent out to attack you, or it is embedded in malware sent during an attack.

勒索病毒会像对文件进行主动加密一样对文件进行加密，但是实际上，它们被隐藏在单独的文件中，该文件等待定义的一组条件被解锁后再解密。对于勒索软件，病毒可以在用户不知情或未经用户同意的情况下加密文件。加密密钥是离线生成的，并在发送出去攻击您之前嵌入在恶意软件中，或者嵌入在攻击过程中发送的恶意软件中。

Once your files are encrypted, the virus will create a tutorial on how to obtain the decryption key that is available to you if you pay the ransom. You will be shown a link to download the required decoder.

一旦您的文件被加密，该病毒将创建一个教程，说明如何获取解密密钥(如果您支付了赎金)。您会看到一个下载所需解码器的链接。

If the file contains a scammer’s demand that you not pay for the decryption, the infected file takes over the PC that is affected by the encrypted virus. As soon as the ransomware was identified as a file coder that has encrypted your files, and you know what specific encryption strands are present, you can try to find a decryption mechanism that could help you to get back access to the files.

如果该文件包含诈骗者的要求您不为解密付费，则受感染的文件将接管受加密病毒影响的PC。一旦勒索软件被识别为对文件进行了加密的文件编码器，并且知道存在哪些特定的加密链，便可以尝试找到一种解密机制，以帮助您重新获得对文件的访问权限。

However, attempting to decrypt a file without first removing the malware can lead to the file being encrypted again. If you are not sure with which ransomware you were hit, a ransomware tool called Crypto Sheriff (https://www.nomoreransom.org/) can identify the virus by examining one of the encrypted files.

但是，在不先删除恶意软件的情况下尝试解密文件可能会导致文件再次被加密。如果不确定使用哪种勒索软件，则称为Crypto Sheriff(https://www.nomoreransom.org/)的勒索软件工具可以通过检查其中一个加密文件来识别病毒。

The function of the encryption is simple: The checksum and the decryption stubs are calculated with XOR keys in the function body. This is the most important number that is generated during the entire malware because it is necessary to recover the file when the encryption algorithm is used to change the original code. Once you get a handle on the cryptographic key, the encrypted state is displayed, followed by MoveFileWithProgressW, which means that one has been encrypted.

加密的功能很简单：校验和和解密存根是使用函数体中的XOR密钥计算的。这是在整个恶意软件过程中生成的最重要的数字，因为在使用加密算法更改原始代码时有必要恢复文件。一旦获得了加密密钥的句柄，就会显示加密状态，然后显示MoveFileWithProgressW，这表示已被加密。

The real problem is that the files remain encrypted even after removing the virus. In many cases, the antivirus encrypts the data, but it is not able to decrypt the file after the infection. There are some cases of file encryption ransomware contractually, which also affect the network connection so that the malware forgets too far and can not be detected and removed by antivirus until you return it.

真正的问题是，即使删除了病毒，文件仍保持加密状态。在许多情况下，防病毒软件会加密数据，但感染后无法解密文件。在某些情况下，文件加密勒索软件会以合同形式发生，这也会影响网络连接，因此恶意软件会遗忘太多，并且在您将其退还之前，防病毒软件无法检测到该恶意软件并将其删除。

A is a symmetrical algorithm, which means that the same key you use to encrypt is also used to decrypt. Asymmetric encryption is the more secure form of encryption, because only one party knows the private key, while both sides know the public key. The other part encrypts the data with the “public key” and you decrypt it with a unique “private key” that you own.

A是对称算法，这意味着用于加密的密钥也用于解密。非对称加密是更安全的加密形式，因为只有一方知道私钥，而双方都知道公钥。另一部分使用“公钥”加密数据，然后使用您拥有的唯一“私钥”解密数据。

The ransomware begins by taking the public key, which is embedded in the executable file itself and uses it to encrypt the key or password with a random number. The ransomware uses this to take over the encryption key and encrypts it with the passing — in text and password as random numbers, and then uses brute force to decrypt the virus by itself, instead of trying to restore the encrypted key by itself. At the time of writing, there are no files that are encrypted by this virus. Unfortunately, anti-malware and security tools can not restore encrypted files, nor can they remove or repair the damage of the ransomware.

勒索软件首先获取嵌入在可执行文件本身中的公共密钥，然后使用它来对具有随机数的密钥或密码进行加密。勒索软件使用它来接管加密密钥，并以传递的形式(以文本和密码作为随机数)对其进行加密，然后使用蛮力自行解密病毒，而不是尝试自行恢复加密密钥。在撰写本文时，尚没有此病毒加密的文件。不幸的是，反恶意软件和安全工具无法还原加密文件，也无法删除或修复勒索软件的损坏。

On the other hand, ransomware attacks on Android devices have increased massively, because cybercriminals have realized that many people are not aware that smartphones can be attacked.

另一方面，对Android设备的勒索软件攻击已大大增加，因为网络犯罪分子已经意识到许多人不知道智能手机可以受到攻击。

Cited Sources

被引来源