{"id":7195,"date":"2023-07-27T18:31:59","date_gmt":"2023-07-27T11:31:59","guid":{"rendered":"https:\/\/vacif.com\/?p=7195"},"modified":"2023-07-27T18:31:59","modified_gmt":"2023-07-27T11:31:59","slug":"lich-su-phat-trien-cua-ransomware","status":"publish","type":"post","link":"https:\/\/vacif.com\/en\/lich-su-phat-trien-cua-ransomware\/","title":{"rendered":"L\u1ecaCH S\u1eec PH\u00c1T TRI\u1ec2N C\u1ee6A RANSOMWARE."},"content":{"rendered":"\n

Ransomware \u0111\u00e3 ph\u00e1t tri\u1ec3n \u0111\u1ec3 tr\u1edf th\u00e0nh m\u1ed1i \u0111e d\u1ecda ti\u1ec1m \u1ea9n \u0111\u1ed1i v\u1edbi t\u1ea5t c\u1ea3 c\u00e1c t\u1ed5 ch\u1ee9c, kh\u00f4ng lo\u1ea1i tr\u1eeb ng\u00e0nh ho\u1eb7c quy m\u00f4 n\u00e0o trong m\u1ee5c ti\u00eau chi\u1ebfm gi\u1eef t\u1ec7p v\u00e0 c\u00e1c t\u00e0i s\u1ea3n kh\u00e1c c\u1ee7a c\u00f4ng ty. \u1ede \u0111\u00e2u c\u00f3 d\u1eef li\u1ec7u, \u1edf \u0111\u00f3 c\u00f3 c\u01a1 h\u1ed9i cho c\u00e1c hacker \u0111e d\u1ecda n\u1eafm gi\u1eef th\u00f4ng tin nh\u1ea1y c\u1ea3m n\u00e0y \u0111\u1ec3 \u0111\u00f2i ti\u1ec1n chu\u1ed9c v\u00e0 y\u00eau c\u1ea7u thanh to\u00e1n.<\/p>\n\n\n\n

T\u1ea5t c\u1ea3 c\u00e1c t\u1ed5 ch\u1ee9c, doanh nghi\u1ec7p b\u1eaft bu\u1ed9c ph\u1ea3i c\u00f3 k\u1ebf ho\u1ea1ch v\u1ec1 c\u00e1ch ng\u0103n ch\u1eb7n v\u00e0 \u1ee9ng ph\u00f3 v\u1edbi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng c\u1ee7a m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n. Trong b\u00e0i vi\u1ebft n\u00e0y ch\u00fang ta c\u00f9ng t\u00ecm hi\u1ec3u qua ransomware \u0111\u00e3 ph\u00e1t tri\u1ec3n nh\u01b0 th\u1ebf n\u00e0o \u0111\u1ec3 \u0111\u1ea1t \u0111\u1ebfn tr\u1ea1ng th\u00e1i hi\u1ec7n t\u1ea1i.<\/p>\n\n\n\n

1.S\u1ef1 xu\u1ea5t hi\u1ec7n c\u1ee7a ransomware (1989).<\/strong><\/p>\n\n\n\n

Cu\u1ed9c t\u1ea5n c\u00f4ng ransomware \u0111\u1ea7u ti\u00ean th\u01b0\u1eddng \u0111\u01b0\u1ee3c coi l\u00e0 \u201ctrojan AIDS\u201d. N\u00f3 \u0111\u01b0\u1ee3c \u0111\u1eb7t t\u00ean theo h\u1ed9i ngh\u1ecb AIDS c\u1ee7a T\u1ed5 ch\u1ee9c Y t\u1ebf Th\u1ebf gi\u1edbi (WHO) n\u0103m 1989, t\u1ea1i \u0111\u00f3 nh\u00e0 sinh v\u1eadt h\u1ecdc Joseph Popp \u0111\u00e3 ph\u00e1t 20.000 \u0111\u0129a m\u1ec1m b\u1ecb nhi\u1ec5m virus cho nh\u1eefng ng\u01b0\u1eddi tham gia s\u1ef1 ki\u1ec7n. Sau khi ng\u01b0\u1eddi d\u00f9ng kh\u1edfi \u0111\u1ed9ng 90 l\u1ea7n, t\u00ean t\u1ec7p c\u1ee7a ng\u01b0\u1eddi d\u00f9ng s\u1ebd \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a v\u00e0 th\u00f4ng b\u00e1o b\u00ean d\u01b0\u1edbi s\u1ebd xu\u1ea5t hi\u1ec7n, y\u00eau c\u1ea7u n\u1ea1n nh\u00e2n g\u1eedi 189 \u0111\u00f4 la M\u1ef9 \u0111\u1ebfn h\u1ed9p th\u01b0 b\u01b0u \u0111i\u1ec7n \u1edf Panama. Ph\u1ea7n m\u1ec1m t\u1ed1ng ti\u1ec1n t\u01b0\u01a1ng \u0111\u1ed1i d\u1ec5 lo\u1ea1i b\u1ecf b\u1eb1ng c\u00e1c c\u00f4ng c\u1ee5 gi\u1ea3i m\u00e3 tr\u1ef1c tuy\u1ebfn.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

2. Nh\u1eefng n\u0103m \u0111\u1ea7u (2005\u20132009).<\/strong><\/p>\n\n\n\n

Sau s\u1ef1 ki\u1ec7n \u0111\u1ea7u ti\u00ean n\u00e0y, kh\u00f4ng c\u00f3 s\u1ef1 ph\u00e1t tri\u1ec3n \u0111\u00e1ng ch\u00fa \u00fd n\u00e0o trong l\u0129nh v\u1ef1c ransomware cho \u0111\u1ebfn n\u0103m 2005, khi ransomware t\u00e1i xu\u1ea5t hi\u1ec7n, l\u1ea7n n\u00e0y s\u1eed d\u1ee5ng m\u00e3 h\u00f3a b\u1ea5t \u0111\u1ed1i x\u1ee9ng an to\u00e0n. Trojan \u201cArchiveus\u201d v\u00e0 \u201cGPcode\u201d l\u00e0 nh\u1eefng th\u1ee9 \u0111\u00e1ng ch\u00fa \u00fd nh\u1ea5t trong s\u1ed1 nh\u1eefng ransomware \u0111\u1ea7u ti\u00ean n\u00e0y. GPcode \u0111\u00e3 t\u1ea5n c\u00f4ng c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh Windows, l\u1ea7n \u0111\u1ea7u ti\u00ean s\u1eed d\u1ee5ng m\u00e3 h\u00f3a \u0111\u1ed1i x\u1ee9ng v\u00e0 sau \u0111\u00f3, v\u00e0o n\u0103m 2010, s\u1eed d\u1ee5ng RSA-1024 an to\u00e0n h\u01a1n \u0111\u1ec3 m\u00e3 h\u00f3a t\u00e0i li\u1ec7u c\u00f3 ph\u1ea7n m\u1edf r\u1ed9ng t\u1ec7p c\u1ee5 th\u1ec3.<\/p>\n\n\n\n

Trojan Archiveus, ransomware \u0111\u1ea7u ti\u00ean s\u1eed d\u1ee5ng RSA, \u0111\u00e3 m\u00e3 h\u00f3a t\u1ea5t c\u1ea3 c\u00e1c t\u1ec7p trong th\u01b0 m\u1ee5c \u201cMy Documents\u201d. Ch\u00fang c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c gi\u1ea3i m\u00e3 b\u1eb1ng m\u1eadt kh\u1ea9u g\u1ed3m ba m\u01b0\u01a1i ch\u1eef s\u1ed1 do hacker \u0111e d\u1ecda cung c\u1ea5p sau khi tr\u1ea3 ti\u1ec1n chu\u1ed9c.<\/p>\n\n\n\n

B\u1ea5t ch\u1ea5p t\u00ednh hi\u1ec7u qu\u1ea3 c\u1ee7a c\u00e1c thu\u1eadt to\u00e1n m\u00e3 h\u00f3a n\u00e0y, c\u00e1c bi\u1ebfn th\u1ec3 ransomware ban \u0111\u1ea7u c\u00f3 m\u00e3 t\u01b0\u01a1ng \u0111\u1ed1i \u0111\u01a1n gi\u1ea3n, cho ph\u00e9p c\u00e1c c\u00f4ng ty ch\u1ed1ng vi-r\u00fat x\u00e1c \u0111\u1ecbnh v\u00e0 ph\u00e2n t\u00edch ch\u00fang. M\u1eadt kh\u1ea9u Archiveus \u0111\u00e3 b\u1ecb b\u1ebb kh\u00f3a v\u00e0o th\u00e1ng 5 n\u0103m 2006, khi n\u00f3 \u0111\u01b0\u1ee3c t\u00ecm th\u1ea5y trong m\u00e3 ngu\u1ed3n c\u1ee7a virus. T\u01b0\u01a1ng t\u1ef1, cho \u0111\u1ebfn khi GPcode chuy\u1ec3n sang RSA, vi\u1ec7c kh\u00f4i ph\u1ee5c t\u1ec7p th\u01b0\u1eddng c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n \u0111\u01b0\u1ee3c m\u00e0 kh\u00f4ng c\u1ea7n m\u1eadt kh\u1ea9u, khi\u1ebfn t\u1ed9i ph\u1ea1m m\u1ea1ng th\u00edch hack, l\u1eeba \u0111\u1ea3o v\u00e0 c\u00e1c ph\u01b0\u01a1ng ph\u00e1p \u0111e d\u1ecda kh\u00e1c.<\/p>\n\n\n\n

3. Ransomware bao g\u1ed3m m\u1eadt m\u00e3 (2009\u20132013).<\/strong><\/p>\n\n\n\n

N\u0103m 2009, virus \u201cVundo\u201d xu\u1ea5t hi\u1ec7n, \u0111\u00e3 m\u00e3 h\u00f3a m\u00e1y t\u00ednh v\u00e0 b\u00e1n b\u1ed9 gi\u1ea3i m\u00e3. Vundo \u0111\u00e3 khai th\u00e1c l\u1ed7 h\u1ed5ng trong plugin tr\u00ecnh duy\u1ec7t \u0111\u01b0\u1ee3c vi\u1ebft b\u1eb1ng Java ho\u1eb7c t\u1ef1 t\u1ea3i xu\u1ed1ng khi ng\u01b0\u1eddi d\u00f9ng nh\u1ea5p v\u00e0o t\u1ec7p \u0111\u00ednh k\u00e8m email \u0111\u1ed9c h\u1ea1i. Sau khi \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t, Vundo \u0111\u00e3 t\u1ea5n c\u00f4ng ho\u1eb7c ng\u0103n ch\u1eb7n c\u00e1c ch\u01b0\u01a1ng tr\u00ecnh ch\u1ed1ng ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i nh\u01b0 Windows Defender v\u00e0 Malwarebytes.<\/p>\n\n\n\n

Ngay sau \u0111\u00f3, v\u00e0o n\u0103m 2010, trojan \u201cWinLock\u201d \u0111\u00e3 xu\u1ea5t hi\u1ec7n. M\u01b0\u1eddi t\u1ed9i ph\u1ea1m m\u1ea1ng \u1edf Moscow \u0111\u00e3 s\u1eed d\u1ee5ng ph\u1ea7n m\u1ec1m n\u00e0y \u0111\u1ec3 kh\u00f3a m\u00e1y t\u00ednh c\u1ee7a n\u1ea1n nh\u00e2n v\u00e0 hi\u1ec3n th\u1ecb n\u1ed9i dung khi\u00eau d\u00e2m cho \u0111\u1ebfn khi n\u1ea1n nh\u00e2n g\u1eedi cho h\u1ecd kho\u1ea3ng 10 \u0111\u00f4 la r\u00fap. Nh\u00f3m n\u00e0y \u0111\u00e3 b\u1ecb b\u1eaft v\u00e0o th\u00e1ng 8 c\u00f9ng n\u0103m, m\u1eb7c d\u00f9 k\u1ebf ho\u1ea1ch n\u00e0y l\u1ea7n \u0111\u1ea7u ti\u00ean thu \u0111\u01b0\u1ee3c 16 tri\u1ec7u \u0111\u00f4 la M\u1ef9.<\/p>\n\n\n\n

V\u00e0o n\u0103m 2011, ph\u1ea7n m\u1ec1m n\u00e0y \u0111\u00e3 \u0111\u01b0\u1ee3c n\u00e2ng c\u1ea5p \u0111\u1ec3 gi\u1ea3 l\u00e0m h\u1ec7 th\u1ed1ng K\u00edch ho\u1ea1t S\u1ea3n ph\u1ea9m Windows. Ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i d\u01b0\u1eddng nh\u01b0 y\u00eau c\u1ea7u c\u00e0i \u0111\u1eb7t l\u1ea1i ph\u1ea7n m\u1ec1m do s\u1eed d\u1ee5ng gian l\u1eadn v\u00e0 cu\u1ed1i c\u00f9ng l\u00e0 t\u1ed1ng ti\u1ec1n d\u1eef li\u1ec7u t\u1eeb n\u1ea1n nh\u00e2n.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Ph\u1ea7n m\u1ec1m t\u1ed1ng ti\u1ec1n \u201cReveton\u201d, xu\u1ea5t hi\u1ec7n v\u00e0o n\u0103m 2012, l\u00e0 m\u1ed9t lo\u1ea1i ph\u1ea7n m\u1ec1m h\u00f9 d\u1ecda hi\u1ec3n th\u1ecb th\u00f4ng b\u00e1o cho n\u1ea1n nh\u00e2n c\u1ee7a n\u00f3 tuy\u00ean b\u1ed1 r\u1eb1ng \u0111\u00f3 l\u00e0 c\u01a1 quan th\u1ef1c thi ph\u00e1p lu\u1eadt Hoa K\u1ef3 v\u00e0 ng\u01b0\u1eddi d\u00f9ng \u0111\u00e3 b\u1ecb ph\u00e1t hi\u1ec7n xem n\u1ed9i dung khi\u00eau d\u00e2m b\u1ea5t h\u1ee3p ph\u00e1p. Trong m\u1ed9t s\u1ed1 tr\u01b0\u1eddng h\u1ee3p, n\u00f3 k\u00edch ho\u1ea1t m\u00e1y \u1ea3nh c\u1ee7a ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 ng\u1ee5 \u00fd r\u1eb1ng ng\u01b0\u1eddi d\u00f9ng \u0111\u00e3 \u0111\u01b0\u1ee3c ghi l\u1ea1i. N\u00f3 c\u0169ng y\u00eau c\u1ea7u n\u1ea1n nh\u00e2n ph\u1ea3i tr\u1ea3 ti\u1ec1n \u0111\u1ec3 tr\u00e1nh b\u1ecb truy t\u1ed1.<\/p>\n\n\n\n

M\u1ed9t bi\u1ebfn th\u1ec3 c\u1ee7a ransomware n\u00e0y c\u0169ng xu\u1ea5t hi\u1ec7n cho Mac, m\u1eb7c d\u00f9 n\u00f3 kh\u00f4ng ph\u1ea3i l\u00e0 m\u00e3 h\u00f3a. N\u00f3 \u0111\u01b0\u1ee3c t\u1ea1o th\u00e0nh t\u1eeb 150 iframe gi\u1ed1ng h\u1ec7t nhau, m\u1ed7i iframe ph\u1ea3i \u0111\u01b0\u1ee3c \u0111\u00f3ng l\u1ea1i, v\u00ec v\u1eady tr\u00ecnh duy\u1ec7t d\u01b0\u1eddng nh\u01b0 \u0111\u00e3 b\u1ecb kh\u00f3a.<\/p>\n\n\n\n

4. Ransomware tr\u1edf n\u00ean th\u1ed1ng tr\u1ecb (2013\u20132016).<\/strong><\/p>\n\n\n\n

V\u00e0o n\u1eeda cu\u1ed1i n\u0103m 2013, \u201cCryptoLocker\u201d \u0111\u00e3 xu\u1ea5t hi\u1ec7n. CryptoLocker l\u00e0 c\u00f4ng ty ti\u00ean phong theo nhi\u1ec1u c\u00e1ch: N\u00f3 l\u00e0 ph\u1ea7n m\u1ec1m t\u1ed1ng ti\u1ec1n \u0111\u1ea7u ti\u00ean \u0111\u01b0\u1ee3c ph\u00e1t t\u00e1n b\u1edfi botnet, trong tr\u01b0\u1eddng h\u1ee3p n\u00e0y l\u00e0 botnet \u201cGameover Zeus\u201d, m\u1eb7c d\u00f9 n\u00f3 c\u0169ng s\u1eed d\u1ee5ng c\u00e1c chi\u1ebfn thu\u1eadt truy\u1ec1n th\u1ed1ng h\u01a1n, ch\u1eb3ng h\u1ea1n nh\u01b0 l\u1eeba \u0111\u1ea3o. C\u0169ng \u0111\u00e1ng ch\u00fa \u00fd l\u00e0 CryptoLocker \u0111\u00e3 s\u1eed d\u1ee5ng m\u00e3 h\u00f3a kh\u00f3a c\u00f4ng khai v\u00e0 kh\u00f3a ri\u00eang RSA 2048-bit, khi\u1ebfn n\u00f3 \u0111\u1eb7c bi\u1ec7t kh\u00f3 b\u1ecb b\u1ebb kh\u00f3a. CryptoLocker \u0111\u00e3 kh\u00f4ng b\u1ecb d\u1eebng l\u1ea1i cho \u0111\u1ebfn khi m\u1ea1ng botnet li\u00ean quan c\u1ee7a n\u00f3, \u201cGameover Zeus,\u201d b\u1ecb g\u1ee1 xu\u1ed1ng v\u00e0o n\u0103m 2014.<\/p>\n\n\n\n

Ph\u1ea7n m\u1ec1m t\u1ed1ng ti\u1ec1n th\u1ef1c s\u1ef1 \u0111\u1ea7u ti\u00ean d\u00e0nh cho Mac, \u201cFileCoder\u201d, c\u0169ng \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n v\u00e0o n\u0103m 2014, m\u1eb7c d\u00f9 sau \u0111\u00f3 n\u00f3 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n c\u00f3 ngu\u1ed3n g\u1ed1c t\u1eeb \u0111\u1ea7u n\u0103m 2012. Ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i n\u00e0y ch\u01b0a bao gi\u1edd k\u1ebft th\u00fac, v\u00ec m\u1eb7c d\u00f9 n\u00f3 \u0111\u00e3 m\u00e3 h\u00f3a c\u00e1c t\u1ec7p v\u00e0 y\u00eau c\u1ea7u thanh to\u00e1n nh\u01b0ng c\u00e1c t\u1ec7p duy nh\u1ea5t m\u00e0 n\u00f3 \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a l\u00e0 c\u1ee7a ri\u00eang n\u00f3.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng phi m\u00e3 h\u00f3a kh\u00e1c v\u00e0o c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng Mac \u0111\u00e3 th\u00e0nh c\u00f4ng h\u01a1n trong n\u0103m \u0111\u00f3. N\u0103m 2014 c\u0169ng ch\u1ee9ng ki\u1ebfn \u200b\u200bcu\u1ed9c t\u1ea5n c\u00f4ng \u201cOleg Pliss\u201d, trong \u0111\u00f3 m\u1ed9t k\u1ebb \u0111e d\u1ecda \u0111\u00e3 s\u1eed d\u1ee5ng th\u00f4ng tin \u0111\u0103ng nh\u1eadp t\u00e0i kho\u1ea3n Apple b\u1ecb \u0111\u00e1nh c\u1eafp \u0111\u1ec3 \u0111\u0103ng nh\u1eadp v\u00e0o c\u00e1c t\u00e0i kho\u1ea3n v\u00e0 sau \u0111\u00f3 s\u1eed d\u1ee5ng c\u00e1c t\u00e0i kho\u1ea3n \u0111\u00f3 \u0111\u1ec3 kh\u00f3a iPhone t\u1eeb xa, s\u1eed d\u1ee5ng t\u00ednh n\u0103ng \u201ct\u00ecm iPhone c\u1ee7a t\u00f4i\u201d. Sau \u0111\u00f3, h\u1ecd y\u00eau c\u1ea7u m\u1ed9t kho\u1ea3n ti\u1ec1n chu\u1ed9c \u0111\u1ec3 m\u1edf kh\u00f3a \u0111i\u1ec7n tho\u1ea1i.<\/p>\n\n\n\n

C\u0169ng gi\u1ed1ng nh\u01b0 Oleg Pliss nh\u1eafm m\u1ee5c ti\u00eau v\u00e0o iPhone, n\u0103m 2014 c\u0169ng ch\u1ee9ng ki\u1ebfn \u200b\u200bcu\u1ed9c t\u1ea5n c\u00f4ng m\u00e3 h\u00f3a \u0111\u1ea7u ti\u00ean v\u00e0o thi\u1ebft b\u1ecb di \u0111\u1ed9ng, v\u1edbi \u201cSpyeng\u201d nh\u1eafm m\u1ee5c ti\u00eau v\u00e0o Android. Spyeng c\u0169ng g\u1eedi tin nh\u1eafn cho t\u1ea5t c\u1ea3 m\u1ecdi ng\u01b0\u1eddi trong danh s\u00e1ch li\u00ean l\u1ea1c c\u1ee7a n\u1ea1n nh\u00e2n v\u1edbi m\u1ed9t li\u00ean k\u1ebft t\u1ea3i xu\u1ed1ng ransomware.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Cu\u1ed9c t\u1ea5n c\u00f4ng ransomware m\u00e3 h\u00f3a th\u00e0nh c\u00f4ng \u0111\u1ea7u ti\u00ean tr\u00ean Mac l\u00e0 v\u00e0o n\u0103m 2016 v\u00e0 \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 \u201cKeRanger\u201d. B\u1ecb r\u00e0ng bu\u1ed9c v\u1edbi phi\u00ean b\u1ea3n 2.90 c\u1ee7a Transmission client torrent, ransomware \u0111\u00e3 kh\u00f3a m\u00e1y t\u00ednh c\u1ee7a n\u1ea1n nh\u00e2n cho \u0111\u1ebfn khi 1 bitcoin (400 \u0111\u00f4 la M\u1ef9 v\u00e0o th\u1eddi \u0111i\u1ec3m \u0111\u00f3) \u0111\u01b0\u1ee3c tr\u1ea3 cho nh\u1eefng k\u1ebb \u0111e d\u1ecda.<\/p>\n\n\n\n

M\u1ed9t ph\u1ea7n m\u1ec1m t\u1ed1ng ti\u1ec1n kh\u00e1c d\u00e0nh cho Mac, \u201cPatcher\u201d, hay c\u00f2n g\u1ecdi l\u00e0 \u201cfilezip\u201d, xu\u1ea5t hi\u1ec7n v\u00e0o th\u00e1ng 2 n\u0103m 2017. N\u00f3 c\u0169ng l\u00e2y nhi\u1ec5m ng\u01b0\u1eddi d\u00f9ng th\u00f4ng qua torrent, trong tr\u01b0\u1eddng h\u1ee3p n\u00e0y b\u1eb1ng c\u00e1ch gi\u1ea3 v\u1edd l\u00e0 m\u1ed9t ph\u1ea7n m\u1ec1m b\u1ebb kh\u00f3a cho c\u00e1c ch\u01b0\u01a1ng tr\u00ecnh ph\u1ea7n m\u1ec1m ph\u1ed5 bi\u1ebfn nh\u01b0 Office 2016 ho\u1eb7c Adobe Premiere CC 2017. \u0110\u00e1ng ch\u00fa \u00fd l\u00e0, do sai s\u00f3t trong thi\u1ebft k\u1ebf c\u1ee7a n\u00f3, Patcher kh\u00f4ng th\u1ec3 \u0111\u01b0\u1ee3c gi\u1ea3i m\u00e3, cho d\u00f9 ti\u1ec1n chu\u1ed9c c\u00f3 \u0111\u01b0\u1ee3c tr\u1ea3 hay kh\u00f4ng.<\/p>\n\n\n\n

S\u1ef1 th\u00e0nh c\u00f4ng c\u1ee7a CryptoLocker d\u1eabn \u0111\u1ebfn s\u1ef1 gia t\u0103ng \u0111\u00e1ng k\u1ec3 c\u00e1c lo\u1ea1i ransomware. CryptoWall n\u1ed5i l\u00ean nh\u01b0 m\u1ed9t s\u1ea3n ph\u1ea9m k\u1ebf th\u1eeba c\u1ee7a CryptoLocker, \u0111\u01b0\u1ee3c bi\u1ebft \u0111\u1ebfn v\u00e0o n\u0103m 2014, m\u1eb7c d\u00f9 n\u00f3 \u0111\u00e3 th\u1ef1c s\u1ef1 \u0111\u01b0\u1ee3c l\u01b0u h\u00e0nh \u00edt nh\u1ea5t l\u00e0 t\u1eeb th\u00e1ng 11 n\u0103m 2013. Ph\u1ea7n l\u1edbn lan truy\u1ec1n qua email l\u1eeba \u0111\u1ea3o spam, \u0111\u1ebfn th\u00e1ng 3 n\u0103m 2014, CryptoWall \u0111\u00e3 tr\u1edf th\u00e0nh m\u1ed1i \u0111e d\u1ecda ransomware h\u00e0ng \u0111\u1ea7u. CryptoWall t\u1ecf ra \u0111\u1eb7c bi\u1ec7t ngoan c\u01b0\u1eddng v\u00e0 m\u1ed9t s\u1ed1 b\u00e1o c\u00e1o cho r\u1eb1ng v\u00e0o n\u0103m 2018, n\u00f3 \u0111\u00e3 g\u00e2y ra thi\u1ec7t h\u1ea1i 325 tri\u1ec7u \u0111\u00f4 la M\u1ef9.<\/p>\n\n\n\n

5. S\u1ef1 xu\u1ea5t hi\u1ec7n c\u1ee7a RaaS (2016\u20132018).<\/strong><\/p>\n\n\n\n

\u0110\u1ebfn n\u0103m 2016, c\u00e1c bi\u1ebfn th\u1ec3 ransomware ng\u00e0y c\u00e0ng tr\u1edf n\u00ean ph\u1ed5 bi\u1ebfn. C\u00e1c bi\u1ebfn th\u1ec3 ransomware-as-a-service (RaaS) \u0111\u1ea7u ti\u00ean xu\u1ea5t hi\u1ec7n, quan h\u1ec7 \u0111\u1ed1i t\u00e1c trong \u0111\u00f3 m\u1ed9t nh\u00f3m vi\u1ebft m\u00e3 ransomware v\u00e0 h\u1ee3p t\u00e1c v\u1edbi tin t\u1eb7c, nh\u1eefng k\u1ebb t\u00ecm ra l\u1ed7 h\u1ed5ng trong h\u1ec7 th\u1ed1ng. M\u1ed9t s\u1ed1 ph\u1ea7n m\u1ec1m n\u1ed5i ti\u1ebfng h\u01a1n l\u00e0 \u201cRansom32\u201d (ph\u1ea7n m\u1ec1m t\u1ed1ng ti\u1ec1n \u0111\u1ea7u ti\u00ean \u0111\u01b0\u1ee3c vi\u1ebft b\u1eb1ng  JavaScript), \u201cshark\u201d (\u0111\u01b0\u1ee3c l\u01b0u tr\u1eef tr\u00ean m\u1ed9t trang web WordPress c\u00f4ng c\u1ed9ng v\u00e0 \u0111\u01b0\u1ee3c cung c\u1ea5p tr\u00ean c\u01a1 s\u1edf chia 80\/20, c\u00f3 l\u1ee3i cho nh\u00e0 ph\u00e2n ph\u1ed1i) v\u00e0 \u201cStampado\u201d (c\u00f3 s\u1eb5n v\u1edbi gi\u00e1 ch\u1ec9 $39).<\/p>\n\n\n\n

N\u0103m 2016 c\u0169ng ch\u1ee9ng ki\u1ebfn \u200b\u200bs\u1ef1 xu\u1ea5t hi\u1ec7n c\u1ee7a ransomware \u201cPetya\u201d n\u1ed5i ti\u1ebfng. Ban \u0111\u1ea7u, ph\u1ea7n m\u1ec1m t\u1ed1ng ti\u1ec1n n\u00e0y k\u00e9m th\u00e0nh c\u00f4ng h\u01a1n so v\u1edbi CryptoWall, nh\u01b0ng v\u00e0o ng\u00e0y 17 th\u00e1ng 6 n\u0103m 2017, m\u1ed9t bi\u1ebfn th\u1ec3 m\u1edbi \u0111\u00e3 xu\u1ea5t hi\u1ec7n, \u0111\u01b0\u1ee3c Kaspersky \u0111\u1eb7t t\u00ean l\u00e0 \u201cnotPetya\u201d \u0111\u1ec3 ph\u00e2n bi\u1ec7t n\u00f3 v\u1edbi phi\u00ean b\u1ea3n g\u1ed1c. N\u00f3 b\u1eaft \u0111\u1ea7u \u1edf Ukraine v\u00e0 nhanh ch\u00f3ng lan r\u1ed9ng ra to\u00e0n th\u1ebf gi\u1edbi th\u00f4ng qua l\u1ed7 h\u1ed5ng Windows \u201cEternalBlue\u201d do NSA ph\u00e1t hi\u1ec7n. Theo Nh\u00e0 Tr\u1eafng, NotPetya ch\u1ecbu tr\u00e1ch nhi\u1ec7m v\u1ec1 thi\u1ec7t h\u1ea1i 10 t\u1ef7 USD. Ch\u00ednh ph\u1ee7 Hoa K\u1ef3, V\u01b0\u01a1ng qu\u1ed1c Anh v\u00e0 \u00dac \u0111\u1ed5 l\u1ed7i cho Nga v\u1ec1 ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

\u201cLeakerLocker\u201d, m\u1ed9t ransomware di \u0111\u1ed9ng d\u00e0nh cho Android, c\u0169ng xu\u1ea5t hi\u1ec7n v\u00e0o n\u0103m 2017. Kh\u00f4ng gi\u1ed1ng nh\u01b0 c\u00e1c ransomware truy\u1ec1n th\u1ed1ng kh\u00e1c, LeakerLocker kh\u00f4ng th\u1ef1c s\u1ef1 m\u00e3 h\u00f3a b\u1ea5t k\u1ef3 t\u1ec7p n\u00e0o. \u0110\u01b0\u1ee3c nh\u00fang trong c\u00e1c \u1ee9ng d\u1ee5ng \u0111\u1ed9c h\u1ea1i tr\u00ean c\u1eeda h\u00e0ng Play y\u00eau c\u1ea7u quy\u1ec1n cao h\u01a1n, LeakerLocker \u0111\u00e3 hi\u1ec3n th\u1ecb d\u1eef li\u1ec7u m\u1eabu t\u1eeb \u0111i\u1ec7n tho\u1ea1i c\u1ee7a ng\u01b0\u1eddi d\u00f9ng v\u00e0 tuy\u00ean b\u1ed1 r\u1eb1ng n\u00f3 s\u1ebd g\u1eedi to\u00e0n b\u1ed9 n\u1ed9i dung \u0111i\u1ec7n tho\u1ea1i c\u1ee7a ng\u01b0\u1eddi d\u00f9ng t\u1edbi m\u1ecdi ng\u01b0\u1eddi trong danh s\u00e1ch li\u00ean h\u1ec7 c\u1ee7a h\u1ecd n\u1ebfu kh\u00f4ng tr\u1ea3 ti\u1ec1n chu\u1ed9c.<\/p>\n\n\n\n

Ph\u1ea7n m\u1ec1m t\u1ed1ng ti\u1ec1n \u201cWannaCry\u201d, m\u1ed9t trong nh\u1eefng ph\u1ea7n m\u1ec1m t\u1ed1ng ti\u1ec1n ti\u1ec1n \u0111i\u1ec7n t\u1eed n\u1ed5i ti\u1ebfng nh\u1ea5t, c\u0169ng xu\u1ea5t hi\u1ec7n v\u00e0o n\u0103m 2017. Gi\u1ed1ng nh\u01b0 notPetya, WannaCry l\u00e2y lan qua khai th\u00e1c EternalBlue. Sau khi xu\u1ea5t hi\u1ec7n v\u00e0o th\u00e1ng 5 n\u0103m 2017, n\u00f3 \u0111\u00e3 l\u00e2y nhi\u1ec5m kho\u1ea3ng 230.000 m\u00e1y t\u00ednh \u1edf 150 qu\u1ed1c gia, g\u00e2y thi\u1ec7t h\u1ea1i 4 t\u1ef7 USD. M\u1eb7c d\u00f9 Microsoft \u0111\u00e3 ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 cho l\u1ed7 h\u1ed5ng n\u00e0y hai th\u00e1ng tr\u01b0\u1edbc khi WannaCry xu\u1ea5t hi\u1ec7n, nh\u01b0ng nhi\u1ec1u ng\u01b0\u1eddi d\u00f9ng \u0111\u00e3 kh\u00f4ng c\u1eadp nh\u1eadt h\u1ec7 th\u1ed1ng c\u1ee7a h\u1ecd, v\u00ec v\u1eady ransomware \u0111\u00e3 c\u00f3 th\u1ec3 l\u00e2y lan.<\/p>\n\n\n\n

6. H\u1ee3p nh\u1ea5t ransomware v\u00e0 ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i (2018-2019).<\/strong><\/p>\n\n\n\n

Th\u00e1ng 1 n\u0103m 2018 l\u00e0 th\u1eddi \u0111i\u1ec3m b\u01b0\u1edbc ngo\u1eb7t \u0111\u1ed1i v\u1edbi ransomware, \u0111\u00e1nh d\u1ea5u s\u1ef1 xu\u1ea5t hi\u1ec7n c\u1ee7a \u201cGandCrab\u201d. M\u1eb7c d\u00f9 b\u1ea3n th\u00e2n GandCrab kh\u00f4ng c\u00f3 g\u00ec \u0111\u1eb7c bi\u1ec7t, nh\u01b0ng c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n v\u1eabn ti\u1ebfp t\u1ee5c ph\u00e1t h\u00e0nh c\u00e1c phi\u00ean b\u1ea3n ng\u00e0y c\u00e0ng cao c\u1ea5p h\u01a1n v\u00e0 cu\u1ed1i c\u00f9ng t\u00edch h\u1ee3p n\u00f3 v\u1edbi ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i \u0111\u00e1nh c\u1eafp th\u00f4ng tin \u201cVidar\u201d, t\u1ea1o ra m\u1ed9t ransomware v\u1eeba \u0111\u00e1nh c\u1eafp v\u1eeba kh\u00f3a c\u00e1c t\u1ec7p c\u1ee7a n\u1ea1n nh\u00e2n. GandCrab nhanh ch\u00f3ng tr\u1edf th\u00e0nh RaaS ph\u1ed5 bi\u1ebfn nh\u1ea5t v\u00e0 l\u00e0 ch\u1ee7ng ransomware ho\u1ea1t \u0111\u1ed9ng m\u1ea1nh nh\u1ea5t t\u1eeb \u200b\u200bn\u0103m 2018 \u0111\u1ebfn 2019.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

\u201cTeam Snatch\u201d, m\u1ed9t nh\u00f3m c\u00e1c hacker n\u1ed5i l\u00ean v\u00e0o n\u0103m 2018, l\u00e0 \u0111\u1ed1i t\u00e1c c\u1ee7a GandCrab v\u00e0 m\u1edf ra xu h\u01b0\u1edbng m\u1edbi l\u00e0 c\u00f4ng b\u1ed1 d\u1eef li\u1ec7u n\u1ea1n nh\u00e2n \u0111\u1ec3 t\u1ed1ng ti\u1ec1n. Nh\u00f3m Snatch b\u1eaft \u0111\u1ea7u c\u00f4ng b\u1ed1 d\u1eef li\u1ec7u n\u1ea1n nh\u00e2n v\u00e0o th\u00e1ng 4 n\u0103m 2019. Snatch \u0111\u01b0\u1ee3c th\u00e0nh l\u1eadp b\u1edfi \u201cTruniger\u201d, ng\u01b0\u1eddi \u0111i\u1ec1u h\u00e0nh Exploit. V\u00e0o ng\u00e0y 28 th\u00e1ng 4 n\u0103m 2019, Truniger \u0111\u00e3 \u0111\u0103ng tr\u00ean Exploit r\u1eb1ng Citycomp, m\u1ed9t trong nh\u1eefng n\u1ea1n nh\u00e2n c\u1ee7a h\u1ecd, \u0111\u00e3 t\u1eeb ch\u1ed1i tr\u1ea3 ti\u1ec1n chu\u1ed9c v\u00e0 do \u0111\u00f3 d\u1eef li\u1ec7u c\u1ee7a h\u1ecd s\u1ebd \u0111\u01b0\u1ee3c \u0111\u0103ng c\u00f4ng khai.<\/p>\n\n\n\n

Tuy nhi\u00ean, ransomware GandCrab hi\u1ec7n kh\u00f4ng c\u00f2n \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng sau khi c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n tuy\u00ean b\u1ed1 h\u1ecd s\u1ebd ng\u1eebng ho\u1ea1t \u0111\u1ed9ng v\u00e0o ng\u00e0y 1 th\u00e1ng 6 n\u0103m 2019 v\u00e0 FBI \u0111\u00e3 ph\u00e1t h\u00e0nh kh\u00f3a gi\u1ea3i m\u00e3 cho ransomware v\u00e0o th\u00e1ng 7 n\u0103m 2019.<\/p>\n\n\n\n

M\u1eb7c d\u00f9 Team Snatch \u0111\u00e3 bi\u1ebfn m\u1ea5t v\u00e0o n\u0103m 2019 sau m\u1ed9t tranh ch\u1ea5p tr\u00ean di\u1ec5n \u0111\u00e0n Exploit, nh\u01b0ng h\u00e0nh \u0111\u1ed9ng c\u1ee7a h\u1ecd \u0111\u00e3 t\u1ea1o ti\u1ec1n \u0111\u1ec1 cho ph\u1ea7n m\u1ec1m t\u1ed1ng ti\u1ec1n Maze v\u00e0 s\u1ef1 gia t\u0103ng c\u1ee7a c\u00e1c trang web r\u00f2 r\u1ec9.<\/p>\n\n\n\n

7. S\u1ef1 gia t\u0103ng c\u1ee7a c\u00e1c leak site(2019\u20132020).<\/strong><\/p>\n\n\n\n

V\u00e0o th\u00e1ng 11 n\u0103m 2019, nh\u00f3m ransomware \u201cMaze\u201d \u0111\u00e3 r\u00f2 r\u1ec9 t\u00e0i li\u1ec7u tr\u1ecb gi\u00e1 700 MB b\u1ecb \u0111\u00e1nh c\u1eafp t\u1eeb Allied Universal nh\u1eb1m g\u00e2y \u00e1p l\u1ef1c bu\u1ed9c ch\u00fang v\u00e0 c\u00e1c n\u1ea1n nh\u00e2n trong t\u01b0\u01a1ng lai ph\u1ea3i tr\u1ea3 ti\u1ec1n chu\u1ed9c. \u0110i\u1ec1u n\u00e0y t\u1ea1o ra xu h\u01b0\u1edbng c\u00e1c nh\u00f3m ransomware thi\u1ebft l\u1eadp c\u00e1c leak site \u0111\u1ec3 g\u00e2y \u00e1p l\u1ef1c cho n\u1ea1n nh\u00e2n c\u1ee7a ch\u00fang. B\u1eb1ng c\u00e1ch xu\u1ea5t b\u1ea3n d\u1eef li\u1ec7u b\u1ecb \u0111\u00e1nh c\u1eafp, nh\u1eefng k\u1ebb \u0111i\u1ec1u h\u00e0nh ransomware khi\u1ebfn n\u1ea1n nh\u00e2n ph\u1ea3i ch\u1ecbu t\u1ed5n th\u1ea5t t\u00e0i ch\u00ednh b\u1ed5 sung, ch\u1eb3ng h\u1ea1n nh\u01b0 d\u1eef li\u1ec7u t\u00e0i ch\u00ednh nh\u1ea1y c\u1ea3m, th\u00f4ng tin nh\u1eadn d\u1ea1ng c\u00e1 nh\u00e2n c\u1ee7a kh\u00e1ch h\u00e0ng (PII) ho\u1eb7c b\u00ed m\u1eadt th\u01b0\u01a1ng m\u1ea1i b\u1ecb l\u1ed9.<\/p>\n\n\n\n

\u0110\u00f2n b\u1ea9y b\u1ed5 sung n\u00e0y c\u00f3 th\u1ec3 \u0111\u1eb7c bi\u1ec7t hi\u1ec7u qu\u1ea3 n\u1ebfu n\u1ea1n nh\u00e2n \u0111\u00e3 sao l\u01b0u d\u1eef li\u1ec7u c\u1ee7a h\u1ecd v\u00e0 do \u0111\u00f3 kh\u00f4ng c\u00f3 \u0111\u1ed9ng c\u01a1 tr\u1ea3 ti\u1ec1n cho nh\u1eefng k\u1ebb t\u1ed1ng ti\u1ec1n ch\u1ec9 \u0111\u1ec3 l\u1ea5y kh\u00f3a gi\u1ea3i m\u00e3. Cu\u1ed1i c\u00f9ng, k\u1ef9 thu\u1eadt m\u1edbi c\u00f3 ngh\u0129a l\u00e0 vi\u1ec7c sao l\u01b0u d\u1eef li\u1ec7u kh\u00f4ng c\u00f2n gi\u1ea3m thi\u1ec3u nguy c\u01a1 b\u1ecb t\u1ea5n c\u00f4ng b\u1eb1ng m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

K\u1ef9 thu\u1eadt m\u1edbi n\u00e0y \u0111\u00e3 l\u00e0m t\u0103ng \u0111\u00e1ng k\u1ec3 kh\u1ea3 n\u0103ng hi\u1ec3n th\u1ecb c\u1ee7a ransomware v\u00e0 d\u01b0\u1eddng nh\u01b0 c\u0169ng \u0111\u00e3 t\u0103ng m\u1ee9c \u0111\u1ed9 ph\u1ed5 bi\u1ebfn c\u1ee7a n\u00f3. V\u00e0o n\u0103m 2020, ch\u1ec9 ri\u00eang nh\u00f3m NetWalker \u0111\u00e3 ki\u1ebfm \u0111\u01b0\u1ee3c h\u01a1n 25 tri\u1ec7u \u0111\u00f4 la.<\/p>\n\n\n\n

K\u1ec3 t\u1eeb khi Maze ransomware b\u1eaft \u0111\u1ea7u \u0111\u0103ng d\u1eef li\u1ec7u n\u1ea1n nh\u00e2n, c\u00e1c nh\u00f3m ransomware kh\u00e1c \u0111\u00e3 \u0111\u0103ng c\u00e1c trang web c\u1ee7a ri\u00eang h\u1ecd. M\u1ed9t s\u1ed1 h\u1ecd ransomware n\u00e0y \u0111\u00e3 xu\u1ea5t hi\u1ec7n t\u1eeb c\u00e1c m\u1ed1i quan h\u1ec7 \u0111\u1ed1i t\u00e1c tr\u01b0\u1edbc \u0111\u00f3, v\u1edbi c\u00e1c \u201cqu\u1ea3ng c\u00e1o\u201d t\u00edch l\u0169y kinh nghi\u1ec7m c\u1ed9ng t\u00e1c v\u1edbi m\u1ed9t nh\u00f3m ransomware tr\u01b0\u1edbc khi thi\u1ebft l\u1eadp nh\u00f3m c\u1ee7a ri\u00eang h\u1ecd. Kh\u1ea3 n\u0103ng hi\u1ec3n th\u1ecb ng\u00e0y c\u00e0ng t\u0103ng c\u0169ng d\u1eabn \u0111\u1ebfn s\u1ef1 h\u1ee3p t\u00e1c gi\u1eefa c\u00e1c nh\u00f3m ransomware, v\u1edbi vi\u1ec7c Maze h\u00ecnh th\u00e0nh m\u1ed9t \u201ccartel\u201d g\u1ed3m c\u00e1c nh\u00f3m ransomware chia s\u1ebb chi\u1ebfn thu\u1eadt, k\u1ef9 thu\u1eadt v\u00e0 quy tr\u00ecnh (TTP) c\u0169ng nh\u01b0 t\u00e0i nguy\u00ean.<\/p>\n\n\n\n

Gia \u0111\u00ecnh ransomware \u201cSodinokibi\u201d l\u00e0 m\u1ed9t t\u00e1c nh\u00e2n \u0111\u00e1ng ch\u00fa \u00fd kh\u00e1c trong kh\u00f4ng gian n\u00e0y. Sodinokibi n\u1ed5i l\u00ean \u0111\u1ec3 l\u1ea5p \u0111\u1ea7y kho\u1ea3ng tr\u1ed1ng c\u00f2n l\u1ea1i khi c\u00e1c t\u00e1c nh\u00e2n \u0111e d\u1ecda GandCrab ngh\u1ec9 h\u01b0u. \u0110\u01b0\u1ee3c \u0111i\u1ec1u h\u00e0nh b\u1edfi t\u1eadp th\u1ec3 REvil, n\u00f3 \u0111\u00e3 tr\u1edf th\u00e0nh m\u1ed9t trong nh\u1eefng nh\u00f3m ransomware nguy hi\u1ec3m nh\u1ea5t, v\u1edbi nhi\u1ec1u n\u1ea1n nh\u00e2n \u0111\u01b0\u1ee3c \u0111\u0103ng h\u01a1n b\u1ea5t k\u1ef3 nh\u00e0 cung c\u1ea5p n\u00e0o kh\u00e1c ngo\u00e0i Maze.<\/p>\n\n\n\n

8. Ransomware ng\u00e0y nay (2020\u2013hi\u1ec7n t\u1ea1i).<\/strong><\/p>\n\n\n\n

Ng\u00e0y nay, ransomware ti\u1ebfp t\u1ee5c \u0111e d\u1ecda c\u00e1c t\u1ed5 ch\u1ee9c v\u00e0 g\u00e2y thi\u1ec7t h\u1ea1i h\u01a1n 42,9 tri\u1ec7u USD v\u00e0o n\u0103m 2021 theo B\u00e1o c\u00e1o T\u1ed9i ph\u1ea1m Internet n\u0103m 2021 c\u1ee7a FBI. S\u1ef1 tr\u1ed7i d\u1eady c\u1ee7a ransomware l\u00e0 m\u1ed9t qu\u00e1 tr\u00ecnh d\u1ea7n d\u1ea7n k\u00e9o d\u00e0i h\u01a1n ba m\u01b0\u01a1i n\u0103m. M\u1ee9c \u0111\u1ed9 ph\u1ed5 bi\u1ebfn c\u1ee7a n\u00f3 b\u1ecb \u1ea3nh h\u01b0\u1edfng b\u1edfi c\u1ea3 c\u00e1c c\u00f4ng ngh\u1ec7 h\u1ed7 tr\u1ee3 n\u00f3, ch\u1eb3ng h\u1ea1n nh\u01b0 ph\u01b0\u01a1ng ph\u00e1p m\u00e3 h\u00f3a v\u00e0 t\u00edch h\u1ee3p ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i, c\u0169ng nh\u01b0 c\u00e1c c\u00f4ng ngh\u1ec7 xung quanh n\u00f3, ch\u1eb3ng h\u1ea1n nh\u01b0 Bitcoin v\u00e0 m\u1ea1ng Tor \u1ea9n danh, cho ph\u00e9p n\u00f3 ph\u00e1t tri\u1ec3n t\u1eeb m\u1ed9t c\u00f4ng c\u1ee5 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng b\u1edfi m\u1ed9t tin t\u1eb7c ho\u1eb7c m\u1ed9t nh\u00f3m th\u00e0nh m\u1ed9t do m\u1ed9t t\u1eadp th\u1ec3 \u0111i\u1ec1u h\u00e0nh.<\/p>\n\n\n\n

M\u1eb7c d\u00f9 b\u1ea3n th\u00e2n ransomware kh\u00f4ng thay th\u1ebf \u0111\u01b0\u1ee3c c\u00e1c d\u1ea1ng ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i kh\u00e1c, nh\u01b0ng n\u00f3 \u0111\u00e3 tr\u1edf th\u00e0nh m\u1ed9t l\u1ef1a ch\u1ecdn ng\u00e0y c\u00e0ng ph\u1ed5 bi\u1ebfn \u0111\u1ed1i v\u1edbi c\u00e1c hacker khi r\u00e0o c\u1ea3n x\u00e2m nh\u1eadp tr\u1edf n\u00ean th\u1ea5p h\u01a1n. Trong khi m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng b\u1eb1ng m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n th\u01b0\u1eddng y\u00eau c\u1ea7u nhi\u1ec1u n\u0103m ph\u00e1t tri\u1ec3n, m\u00e3 h\u00f3a v\u00e0 kinh nghi\u1ec7m ki\u1ec3m tra th\u00e2m nh\u1eadp \u0111\u1ec3 th\u1ef1c hi\u1ec7n v\u00e0 ch\u1ec9 mang l\u1ea1i l\u1ee3i nhu\u1eadn v\u1eeba ph\u1ea3i, th\u00ec c\u00e1c ch\u01b0\u01a1ng tr\u00ecnh RaaS hi\u1ec7n sinh s\u00f4i n\u1ea3y n\u1edf tr\u00ean c\u00e1c di\u1ec5n \u0111\u00e0n web ng\u1ea7m v\u00e0 b\u1ea5t h\u1ee3p ph\u00e1p, cho ph\u00e9p c\u00e1c hacker h\u1ee3p t\u00e1c v\u1edbi c\u00e1c t\u00e1c gi\u1ea3 c\u1ee7a m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n m\u1ed9t c\u00e1ch d\u1ec5 d\u00e0ng v\u00e0 r\u1ebb ti\u1ec1n. H\u01a1n n\u1eefa, c\u00e1c ch\u01b0\u01a1ng tr\u00ecnh RaaS n\u00e0y \u0111\u01b0\u1ee3c ph\u00e1t tri\u1ec3n cao, v\u1edbi b\u1ea3ng \u0111i\u1ec1u khi\u1ec3n ng\u01b0\u1eddi d\u00f9ng, h\u01b0\u1edbng d\u1eabn v\u00e0 h\u1ed7 tr\u1ee3 k\u1ef9 thu\u1eadt.<\/p>\n\n\n\n

Cu\u1ed1i c\u00f9ng, ph\u1ea7n th\u01b0\u1edfng ng\u00e0y c\u00e0ng l\u1edbn h\u01a1n. Khi c\u00e1c c\u00f4ng c\u1ee5 nh\u01b0 Cobalt Strike v\u00e0 Metasploit t\u1ef1 \u0111\u1ed9ng h\u00f3a th\u1eed nghi\u1ec7m th\u00e2m nh\u1eadp n\u00e2ng cao v\u00e0 c\u00e1c c\u1ed9ng \u0111\u1ed3ng b\u1ea5t h\u1ee3p ph\u00e1p nh\u01b0 Genesis Market cung c\u1ea5p quy\u1ec1n truy c\u1eadp ng\u00e0y c\u00e0ng n\u00e2ng cao v\u00e0o m\u1ea1ng c\u00f4ng ty, quy\u1ec1n truy c\u1eadp v\u00e0o c\u00e1c t\u1eadp \u0111o\u00e0n ng\u00e0y c\u00e0ng tr\u1edf n\u00ean kh\u1ea3 d\u1ee5ng h\u01a1n v\u00e0 \u0111\u00f2i h\u1ecfi ph\u1ea7n m\u1ec1m t\u1ed1ng ti\u1ec1n ng\u00e0y c\u00e0ng l\u1edbn h\u01a1n v\u00e0 mang l\u1ea1i nhi\u1ec1u l\u1ee3i nhu\u1eadn h\u01a1n. Vi\u1ec7c t\u00edch h\u1ee3p m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n v\u1edbi kh\u1ea3 n\u0103ng \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u cho ph\u00e9p \u0111\u00f2i ti\u1ec1n chu\u1ed9c cao h\u01a1n, b\u1eb1ng c\u00e1ch \u0111e d\u1ecda h\u00e0nh \u0111\u1ed9ng ph\u00e1p l\u00fd \u0111\u1ed1i v\u1edbi t\u1eadp \u0111o\u00e0n n\u1ea1n nh\u00e2n. V\u00ec t\u1ea5t c\u1ea3 nh\u1eefng l\u00fd do n\u00e0y, m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n ti\u1ebfp t\u1ee5c ph\u00e1t tri\u1ec3n c\u1ea3 v\u1ec1 \u1ea3nh h\u01b0\u1edfng v\u00e0 kh\u1ea3 n\u0103ng ph\u00e1 ho\u1ea1i.<\/p>\n","protected":false},"excerpt":{"rendered":"

Ransomware \u0111\u00e3 ph\u00e1t tri\u1ec3n \u0111\u1ec3 tr\u1edf th\u00e0nh m\u1ed1i \u0111e d\u1ecda ti\u1ec1m \u1ea9n \u0111\u1ed1i v\u1edbi t\u1ea5t c\u1ea3 c\u00e1c t\u1ed5 ch\u1ee9c, kh\u00f4ng lo\u1ea1i tr\u1eeb ng\u00e0nh ho\u1eb7c quy m\u00f4 n\u00e0o trong m\u1ee5c ti\u00eau chi\u1ebfm gi\u1eef t\u1ec7p v\u00e0 c\u00e1c t\u00e0i s\u1ea3n kh\u00e1c c\u1ee7a c\u00f4ng ty. \u1ede \u0111\u00e2u c\u00f3 d\u1eef li\u1ec7u, \u1edf \u0111\u00f3 c\u00f3 c\u01a1 h\u1ed9i cho c\u00e1c hacker \u0111e […]<\/p>\n","protected":false},"author":12,"featured_media":7209,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[80],"tags":[196,197,198,168,92,199],"class_list":["post-7195","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-huong-dan-tai-lieu","tag-cryptolocker","tag-gandcrab","tag-lich-su-ransomware","tag-raas","tag-ransomware","tag-trojan-aids","entry","has-media"],"_links":{"self":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/7195","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/comments?post=7195"}],"version-history":[{"count":0,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/7195\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media\/7209"}],"wp:attachment":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media?parent=7195"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/categories?post=7195"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/tags?post=7195"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}