Sida loo yareeyo Weerarada Ransomware-ku shaqeeyo ee bini'aadamka: Xog-waraysi

Maalmihii hore, haddii qof uu ku qasbo inuu afduubo kombiyuutarkaaga, badanaa waxay suurtogal ahayd in la qabto kombuyuutarkaaga adigoo jir ahaan halkaas jooga ama isticmaalaya meel fog. In kasta oo dunidu ay hore ugu dhaqaaqday automation-ka, amniga kumbuyuutarka ayaa la adkeeyay, hal shay oo aan isbeddelin ayaa ah khaladaadka aadanaha. Taasi waa halka ay ka soo galaan sawirka weerarrada Ransomware ee ay ku shaqeeyaan bini'aadamka . (Human-operated Ransomware Attacks)Kuwani waa weerarro gacan-ku-soo-saar ah oo ka helaya nuglaanshaha ama badbaadada kombuyuutarka oo si khaldan loo habeeyey oo la galo. Microsoft waxay la timid kiis kiis dhammaystiran oo soo gabagabeeyay in maamulka IT-gu uu yarayn karo weerarradan Ransomware(Ransomware attacks) -ka ee bini'aadamka ku shaqeeyo .

yaraynta weerarrada Ransomware ee bini'aadmigu ku shaqeeyo

Yaraynta Weerarada Ransomware-ku shaqeeyo ee bini'aadamka(Human-operated Ransomware Attacks)

Sida laga soo xigtay Microsoft , habka ugu wanaagsan ee lagu dhimi karo noocyadan ransomware, iyo ololayaasha gacanta lagu sameeyay waa in la xannibo dhammaan xiriirka aan loo baahnayn ee u dhexeeya dhammaadka. Waxa kale oo aad muhiim u ah in la raaco hababka ugu wanaagsan ee loogu talagalay nadaafadda aqoonsiga sida Xaqiijinta Qodobbada Badan(Multi-Factor Authentication) , la socodka isku dayga xoogga, rakibidda cusboonaysiinta amniga, iyo in ka badan. Halkan waxaa ah liis dhamaystiran oo ah tallaabooyinka difaaca ee la qaadayo:

  • Hubi inaad isticmaasho dejinta qaabeynta Microsoft ee lagula taliyay(recommended configuration settings) si loo ilaaliyo kombiyuutarada ku xiran intarneedka.
  • Difaacaha ATP wuxuu bixiyaa maaraynta halista iyo nuglaanshaha(threat and vulnerability management) . Waxaad u isticmaali kartaa inaad si joogto ah u xisaabiso mashiinada dayacanka, qaabaynta khaldan, iyo hawlaha laga shakiyo.
  • Isticmaal albaabka laga galo MFA(MFA gateway) sida Azure Multi-Factor Authentication ( MFA ) ama awood xaqiijinta heerka shabakada ( NLA ).
  • Sii mudnaanta ugu yar akoonnada(least-privilege to accounts) , oo awood geli gelida kaliya marka loo baahdo. Koontada kasta oo gelaysa heerka maamulka guud ee domain waa in ay ahaataa ugu yaraan ama eber.
  • Aaladaha sida xalalka sirta ah ee maamulaha maxaliga ah ( LAPS ) waxa uu u habayn karaa furaha sirta ah ee gaarka ah ee xisaabaadka maamulka. Waxaad ku kaydin kartaa Tusaha Active(Active Directory) (AD) oo waxaad ka ilaalin kartaa isticmaalka ACL .
  • La soco isku dayga xoog-muquunis. Waa inaad ka nasataa, gaar ahaan haddii ay jiraan isku dayo xaqiijin oo badan oo fashilmay. (failed authentication attempts. )Sifee(Filter) adigoo isticmaalaya aqoonsiga dhacdada 4625(ID 4625) si aad u hesho gelitaannada noocaas ah.
  • Weeraryahanadu waxay inta badan nadiifiyaan diiwaannada Dhacdada Amniga iyo Log Operational PowerShell(Security Event logs and PowerShell Operational log) si ay meesha uga saaraan dhammaan raadkooda. Difaacayaasha Microsoft ATP(Microsoft Defender ATP) waxay abuurtaa Aqoonsiga Dhacdada 1102(Event ID 1102) marka tani dhacdo.
  • Daar sifooyinka ilaalinta Tamper(Tamper protection)(Tamper protection) si aad uga ilaaliso weeraryahanada inay damiyaan sifooyinka amniga.
  • Baadh(Investigate) dhacdada aqoonsiga 4624(ID 4624) si aad u heshid meelaha koontooyinka leh mudnaanta sare ay ku jiraan. Haddii ay galaan shabakad ama kombuyuutar la jabiyay, markaa waxay noqon kartaa khatar aad u weyn.
  • Daar ilaalinta daruurtu keentay(Turn on cloud-delivered protection) iyo soo gudbinta muunada tooska ah ee Windows Defender Antivirus . Waxay kaa ilaalinaysaa hanjabaad aan la garanayn.
  • Daar xeerarka dhimista dusha weerarka. Tan waxaa weheliya, awood u yeelashada xeerarka xannibaya xatooyada aqoonsiga, dhaqdhaqaaqa ransomware, iyo isticmaalka shakiga leh ee PsExec iyo WMI .
  • Daar  AMSI for Office VBA  haddii aad leedahay Office 365.
  • Kahortagga xidhiidhka RPC(Prevent RPC) iyo SMB ee ka dhexeeya dhibcaha dhammaadka mar kasta oo ay suurtagal tahay.

Akhriso(Read) : Ilaalinta Ransomware gudaha Windows 10(Ransomware protection in Windows 10) .

Microsoft waxay soo bandhigtay kiis daraasad ah Wadhrama , Doppelpaymer , Ryuk , Samas , Revil.

  • Wadhrama waxa lagu geeyaa iyada oo la adeegsanayo xoogaga caasinimada leh ee loo maro server-yada leh Desktop Fog(Remote Desktop) . Caadi ahaan waxay ogaadaan habab aan la daboolin oo ay isticmaalaan baylahda qarsoon si ay u helaan galaangal bilow ah ama sare u qaadaan mudnaanta.
  • Doppelpaymer waxa gacanta lagu faafiyaa iyada oo loo marayo shabakadaha la jabsaday iyada oo la isticmaalayo shahaadooyinka la xaday ee akoonnada mudnaanta leh. Taasi waa sababta ay lama huraan u tahay in la raaco habaynta habaynta lagu taliyay ee kombiyuutarada oo dhan.
  • Ryuk waxay ku qaybisaa mushaharka emaylka ( Trickboat ) adoo khiyaamaynaya isticmaalaha ugu dambeeya wax kale. Dhawaan tuugadu waxay isticmaaleen cabsida Coronavirus si ay u khiyaaneeyaan isticmaalaha ugu dambeeya. Mid ka mid ah ayaa sidoo kale awooday inuu keeno culayska Emotet .

Waxyaabaha caadiga ah ee mid kasta oo iyaga ka mid ah(common thing about each of them) ayaa ah inay ku dhisan yihiin xaalado. Waxay u muuqdaan inay sameynayaan xeelado gorilla ah halkaas oo ay uga guuraan hal mashiin una guuraan mashiinka kale si ay u gaarsiiyaan culeyska. Waa lagama maarmaan in maamulayaasha IT-da aysan kaliya ilaalin weerarka socda, xitaa haddii ay tahay mid yar, oo ay barayaan shaqaalaha sida ay gacan uga geysan karaan ilaalinta shabakadda.

Waxaan rajeynayaa in dhammaan maamulka IT-gu ay raaci karaan talada oo ay hubiyaan inay yareeyaan weerarrada Ransomware -ka ee bini'aadamka ku shaqeeyo .

Akhri wax la xidhiidha(Related read) : Maxaa la sameeyaa ka dib marka Ransomware lagu weeraro kombayutarka Windows?(What to do after a Ransomware attack on your Windows computer?)



About the author

Waxaan ahay xamaasad Windows Phone ah, oo waxaan ka shaqaynayey horumarinta habab cusub oo loo isticmaalo nidaamka qalliinka in ka badan 10 sano hadda. Waxaan si qoto dheer u fahmay sida Microsoft Office u shaqeeyo, iyo sidoo kale sida ugu badan ee looga faa'iidaysto Edge. Khibradayda taleefannada casriga ah waxay sidoo kale ii ogolaataa inaan horumariyo xiriir adag oo aan la yeesho macaamiisha iyo shaqaalaha aan wada-shaqeynta, taas oo muhiim u ah xirfad kasta.



Related posts