{"id":2462,"date":"2022-12-07T16:47:27","date_gmt":"2022-12-07T08:47:27","guid":{"rendered":"http:\/\/0.0.0.0:8801\/?p=2462"},"modified":"2022-12-28T16:48:17","modified_gmt":"2022-12-28T08:48:17","slug":"%e5%85%a8%e6%96%b0-crywiper-%e8%b3%87%e6%96%99%e5%88%aa%e9%99%a4%e6%83%a1%e6%84%8f%e8%bb%9f%e9%ab%94%ef%bc%8c%e9%87%9d%e5%b0%8d%e4%bf%84%e7%be%85%e6%96%af%e6%b3%95%e9%99%a2%e3%80%81%e5%b8%82%e9%95%b7","status":"publish","type":"post","link":"https:\/\/aict.nkust.edu.tw\/digitrans\/?p=2462","title":{"rendered":"\u5168\u65b0 CryWiper \u8cc7\u6599\u522a\u9664\u60e1\u610f\u8edf\u9ad4\uff0c\u91dd\u5c0d\u4fc4\u7f85\u65af\u6cd5\u9662\u3001\u5e02\u9577\u8fa6\u516c\u5ba4\u7b49\u516c\u52d9\u6a5f\u95dc\u767c\u52d5\u653b\u64ca"},"content":{"rendered":"\n<p>TWCERT\/CC \u66f4\u65b0\u65e5\u671f:2022-12-07<\/p>\n\n\n\n<p><strong>\u8cc7\u5b89\u5ee0\u5546 Kaspersky \u65d7\u4e0b\u7684\u7814\u7a76\u4eba\u54e1\uff0c\u8fd1\u4f86\u767c\u73fe\u4e00\u500b\u904e\u53bb\u672a\u66fe\u8a18\u9304\u7684\u5168\u65b0\u8cc7\u6599\u522a\u9664\u60e1\u610f\u8edf\u9ad4 CryWiper\uff0c\u6b63\u5728\u91dd\u5c0d\u4fc4\u7f85\u65af\u5883\u5167\u5404\u5730\u5340\u7684\u5e02\u9577\u8fa6\u516c\u5ba4\u548c\u6cd5\u9662\u767c\u52d5\u653b\u64ca\u3002<\/strong><\/p>\n\n\n\n<p>Kaspersky \u6307\u51fa\uff0c\u8a72\u516c\u53f8\u662f\u5728\u4eca\uff082022\uff09\u5e74\u79cb\u5929\u767c\u73fe CryWiper \u5e03\u7f72\u7684\u672a\u77e5\u6728\u99ac\u60e1\u610f\u8edf\u9ad4\uff0c\u91dd\u5c0d\u4fc4\u7f85\u65af\u5883\u5167\u7684\u516c\u5bb6\u55ae\u4f4d\u767c\u52d5\u653b\u64ca\uff1b\u800c\u64da\u4fc4\u7f85\u65af\u7576\u5730\u5a92\u9ad4\u6307\u51fa\uff0c\u53d7\u5230\u60e1\u610f\u8edf\u9ad4\u653b\u64ca\u7684\u516c\u52d9\u55ae\u4f4d\uff0c\u4ee5\u53f8\u6cd5\u55ae\u4f4d\u8207\u5404\u5730\u5e02\u9577\u8fa6\u516c\u5ba4\u70ba\u4e3b\u3002<\/p>\n\n\n\n<p>Kaspersky \u5206\u6790\u6307\u51fa\uff0cCryWiper \u6703\u5047\u626e\u70ba\u52d2\u8d16\u8edf\u9ad4\uff0c\u5be6\u969b\u4e0a\u5176\u60e1\u610f\u7a0b\u5f0f\u78bc\u6703\u522a\u9664\u53d7\u5bb3\u4e3b\u6a5f\u4e2d\u7684\u8cc7\u6599\u3002\u5176\u7a0b\u5f0f\u78bc\u662f 64 \u4f4d\u5143 Windows \u53ef\u57f7\u884c\u6a94\uff0c\u540d\u70ba\u300cbrowserupdate.exe\uff0c\u57f7\u884c\u5f8c\u6703\u5728\u53d7\u5bb3\u4e3b\u6a5f\u4e2d\u8a2d\u7acb\u6392\u7a0b\uff0c\u6bcf 5 \u5206\u9418\u5c31\u81ea\u6211\u57f7\u884c\u4e00\u6b21\uff0c\u4e26\u5728\u6bcf\u6b21\u57f7\u884c\u6642\u8207\u63a7\u5236\u4f3a\u670d\u5668\u9023\u7dda\uff0c\u6536\u53d6\u57f7\u884c\u6216\u4e0d\u57f7\u884c\u7684\u547d\u4ee4\u3002<\/p>\n\n\n\n<p>\u4e00\u65e6\u6536\u5230\u57f7\u884c\u7684\u547d\u4ee4\uff0cCryWiper \u6703\u505c\u6b62 MySQL\u3001MS SQL \u8cc7\u6599\u5eab\u4f3a\u670d\u5668\u3001MS Exchange email \u4f3a\u670d\u5668\u3001MS Active Directory \u7db2\u9801\u4f3a\u670d\u5668\u7b49\u91cd\u8981\u7cfb\u7d71\u7684\u57f7\u884c\uff0c\u89e3\u9664\u8cc7\u6599\u9396\u5b9a\u72c0\u614b\uff0c\u7136\u5f8c\u958b\u59cb\u522a\u9664\u53d7\u5bb3\u4e3b\u6a5f\u4e0a\u7684\u8cc7\u6599\u3002<\/p>\n\n\n\n<p>CryWiper \u4e0d\u50c5\u6703\u522a\u9664\u53d7\u5bb3\u4e3b\u6a5f\u4e0a\u7684\u4e3b\u8981\u8cc7\u6599\uff0c\u4e5f\u6703\u522a\u9664 shadow copy\uff0c\u4ee5\u9632\u6b62\u8cc7\u6599\u88ab\u8f15\u9b06\u5fa9\u539f\uff1b\u53e6\u5916 CryWiper \u4e5f\u6703\u7ac4\u6539 Windows \u767b\u9304\u6a94\uff0c\u4ee5\u9632\u6b62 RDP \u9023\u7dda\uff0c\u963b\u6b62 IT \u4eba\u54e1\u900f\u904e\u9060\u7aef\u9059\u63a7\u65b9\u5f0f\u6062\u5fa9\u8cc7\u6599\u3002<\/p>\n\n\n\n<p>\u6700\u5f8c\uff0cCryWiper \u6703\u5c07\u6240\u6709\u526f\u6a94\u540d\u70ba .exe\u3001.dll\u3001.lnk\u3001.sys\u3001.msi \u8207\u81ea\u8eab\u7684 .cry \u90fd\u52a0\u4ee5\u7834\u58de\uff0c\u4f46\u662f\u4e0d\u7834\u58de\u7cfb\u7d71\u3001Windows \u8207\u555f\u52d5\u8cc7\u6599\u593e\uff0c\u8b93\u96fb\u8166\u4ecd\u80fd\u555f\u52d5\uff0c\u770b\u8d77\u4f86\u672a\u88ab\u5b8c\u5168\u7834\u58de\u3002<\/p>\n\n\n\n<p>\u5efa\u8b70\u5404\u516c\u79c1\u55ae\u4f4d\u61c9\u5f37\u5316\u4eba\u54e1\u8cc7\u5b89\u57f9\u8a13\uff0c\u52ff\u9ede\u6309\u4e0d\u660e\u9023\u63a5\u4e26\u958b\u555f\u4e0d\u660e\u6a94\u6848\uff1b\u91cd\u8981\u7cfb\u7d71\u4e5f\u61c9\u505a\u597d\u7570\u5730\u5099\u63f4\u63aa\u65bd\uff0c\u4ee5\u5728\u906d\u5230\u653b\u64ca\u6642\u80fd\u8fc5\u901f\u5fa9\u539f\u7cfb\u7d71\u8207\u8cc7\u6599\u3002<\/p>\n\n\n\n<p>\u8cc7\u6599\u4f86\u6e90\uff1a<a href=\"https:\/\/www.twcert.org.tw\/tw\/cp-104-6777-f51f1-1.html\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.twcert.org.tw\/tw\/cp-104-6777-f51f1-1.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>TWCERT\/CC \u66f4\u65b0\u65e5\u671f:2022-12-07 \u8cc7\u5b89\u5ee0\u5546 Kaspersky \u65d7\u4e0b\u7684\u7814\u7a76\u4eba\u54e1\uff0c\u8fd1\u4f86\u767c\u73fe\u4e00\u500b\u904e\u53bb\u672a\u66fe\u8a18\u9304\u7684\u5168\u65b0\u8cc7\u6599\u522a\u9664\u60e1\u610f\u8edf\u9ad4 CryWiper\uff0c\u6b63\u5728\u91dd\u5c0d\u4fc4\u7f85\u65af\u5883&hellip;<\/p>\n","protected":false},"author":3,"featured_media":2463,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[352],"tags":[204],"class_list":["post-2462","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-information-security","tag-204"],"gutentor_comment":0,"jetpack_featured_media_url":"https:\/\/i0.wp.com\/aict.nkust.edu.tw\/digitrans\/wp-content\/uploads\/2022\/12\/1223-8.jpg?fit=1080%2C1080&ssl=1","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/aict.nkust.edu.tw\/digitrans\/index.php?rest_route=\/wp\/v2\/posts\/2462","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aict.nkust.edu.tw\/digitrans\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aict.nkust.edu.tw\/digitrans\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aict.nkust.edu.tw\/digitrans\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/aict.nkust.edu.tw\/digitrans\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2462"}],"version-history":[{"count":1,"href":"https:\/\/aict.nkust.edu.tw\/digitrans\/index.php?rest_route=\/wp\/v2\/posts\/2462\/revisions"}],"predecessor-version":[{"id":2464,"href":"https:\/\/aict.nkust.edu.tw\/digitrans\/index.php?rest_route=\/wp\/v2\/posts\/2462\/revisions\/2464"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aict.nkust.edu.tw\/digitrans\/index.php?rest_route=\/wp\/v2\/media\/2463"}],"wp:attachment":[{"href":"https:\/\/aict.nkust.edu.tw\/digitrans\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2462"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aict.nkust.edu.tw\/digitrans\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2462"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aict.nkust.edu.tw\/digitrans\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}