Bitcoin blackmail virus in home network
Publish: 2021-04-29 23:25:29
1. In the evening of May 12, the wanna cry worm virus broke out in more than 74 countries around the world. At least 45000 machines have been infected. The network system of some colleges and universities in China has become a disaster area, and the network payment system of PetroChina gas station has also been affected
it is reported that the virus can spread rapidly in the local area network by taking advantage of the vulnerability of port 445 of windows system, but large local area networks such as schools have not done similar prevention, so it has become the target of attack
the success probability of brute force cracking is 0
a person in bitcoin instry said that bitcoin blackmail virus had existed as early as 2014. This time, the technology used by hackers is more high-end than last time, and the scope of influence is wider, but the identity of hackers is still unclear
moreover, the "variability" of this virus lies in the addition of automatic transmission for windows 445 port. As long as the windows system machine fails to upgrade the latest patch, making port 445 open, the virus can invade the machine
the virus requires the intruder to pay $300 worth of bitcoin ransom within six hours, and then the ransom will rise every other time
some netizens pointed out that it is difficult to crack the virus by violence. If bitcoin blackmail virus wants to crack by violence, the possibility is infinitely small, and it is impossible to complete it by virtue of personal ability
port 445 enables users to easily access all kinds of shared folders or shared printers in the LAN
port 445 gives an opportunity for malicious attackers. The normal home network has been limited by the operators to 445 port access, but the school and other large LAN did not do similar prevention, so it became the target of attack
in this virus attack, most of the domestic students who are affected are in Colleges and universities, and the seniors who are about to graate are affected, and the documents related to the design papers are locked. Many universities, including Shandong University, Nanchang University, Guangxi Normal University and Northeast University of Finance and economics, have issued emergency notices to remind teachers and students to take precautions
this virus is more accurately an encryption method. The virus will encrypt all the key files in the computer and make people pay for the unlock password, but whether the hacker will keep his promise and provide the unlock password is his problem
bitcoin blackmail virus has appeared many times
one of the characteristics of this type of virus is to ask the victim to pay bitcoin as ransom. According to many people in the instry, bitcoin is usually used as a tool for cross-border payment and remittance because of its global characteristics. In addition, as a kind of network encryption virtual currency, bitcoin has the characteristics of decentralization and anonymity. The flow of funds is not easy to track, so it is convenient for hackers to make use of its collection and payment, and it is more convenient for them to hide their identities
"if you transfer money to a hacker, you essentially give him a small string of encrypted codes that can be quickly transmitted on the Internet and stored in an electronic wallet." Some people in the instry told reporters that the anonymity of bitcoin is often the reason why computer fans, financial speculators and even drug dealers are fascinated by it
according to the current attacked computers, hackers ask for a ransom of $300 (about RMB 2069.16) worth of bitcoin for each computer
but the area of this virus infection is very large. If everyone pays the ransom, will malicious attackers be able to unlock it in time? Because it is not clear whether the virus will be unlocked manually or online. If it is handled manually, it is likely that it will be too late to handle. However, online processing is fully automatic. After bitcoin has paid, it will automatically collect money and then issue the unlock code
therefore, it is not recommended that the victim pay a ransom to the hacker, because even if you pay, the hacker may not know which computer you have
it is worth mentioning that the outbreak of bitcoin blackmail virus has pushed bitcoin to the top of the wave again. "Bitcoin virus" has become a hot search keyword, and many bitcoin insiders have expressed their concerns about bitcoin's "stigmatization"“ Good tools should not be blamed because they are used by bad people. " A person in the bitcoin instry said, "bitcoin is bitcoin, virus is virus, injustice has a head, debt has owner, so it is unnecessary to have hostility to bitcoin."
now, the most important thing is that the victims should install the patch released by Microsoft as soon as possible to prevent unfamiliar e-mail, and important files should be backed up to the cloud platform and local offline hard disk
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
it is reported that the virus can spread rapidly in the local area network by taking advantage of the vulnerability of port 445 of windows system, but large local area networks such as schools have not done similar prevention, so it has become the target of attack
the success probability of brute force cracking is 0
a person in bitcoin instry said that bitcoin blackmail virus had existed as early as 2014. This time, the technology used by hackers is more high-end than last time, and the scope of influence is wider, but the identity of hackers is still unclear
moreover, the "variability" of this virus lies in the addition of automatic transmission for windows 445 port. As long as the windows system machine fails to upgrade the latest patch, making port 445 open, the virus can invade the machine
the virus requires the intruder to pay $300 worth of bitcoin ransom within six hours, and then the ransom will rise every other time
some netizens pointed out that it is difficult to crack the virus by violence. If bitcoin blackmail virus wants to crack by violence, the possibility is infinitely small, and it is impossible to complete it by virtue of personal ability
port 445 enables users to easily access all kinds of shared folders or shared printers in the LAN
port 445 gives an opportunity for malicious attackers. The normal home network has been limited by the operators to 445 port access, but the school and other large LAN did not do similar prevention, so it became the target of attack
in this virus attack, most of the domestic students who are affected are in Colleges and universities, and the seniors who are about to graate are affected, and the documents related to the design papers are locked. Many universities, including Shandong University, Nanchang University, Guangxi Normal University and Northeast University of Finance and economics, have issued emergency notices to remind teachers and students to take precautions
this virus is more accurately an encryption method. The virus will encrypt all the key files in the computer and make people pay for the unlock password, but whether the hacker will keep his promise and provide the unlock password is his problem
bitcoin blackmail virus has appeared many times
one of the characteristics of this type of virus is to ask the victim to pay bitcoin as ransom. According to many people in the instry, bitcoin is usually used as a tool for cross-border payment and remittance because of its global characteristics. In addition, as a kind of network encryption virtual currency, bitcoin has the characteristics of decentralization and anonymity. The flow of funds is not easy to track, so it is convenient for hackers to make use of its collection and payment, and it is more convenient for them to hide their identities
"if you transfer money to a hacker, you essentially give him a small string of encrypted codes that can be quickly transmitted on the Internet and stored in an electronic wallet." Some people in the instry told reporters that the anonymity of bitcoin is often the reason why computer fans, financial speculators and even drug dealers are fascinated by it
according to the current attacked computers, hackers ask for a ransom of $300 (about RMB 2069.16) worth of bitcoin for each computer
but the area of this virus infection is very large. If everyone pays the ransom, will malicious attackers be able to unlock it in time? Because it is not clear whether the virus will be unlocked manually or online. If it is handled manually, it is likely that it will be too late to handle. However, online processing is fully automatic. After bitcoin has paid, it will automatically collect money and then issue the unlock code
therefore, it is not recommended that the victim pay a ransom to the hacker, because even if you pay, the hacker may not know which computer you have
it is worth mentioning that the outbreak of bitcoin blackmail virus has pushed bitcoin to the top of the wave again. "Bitcoin virus" has become a hot search keyword, and many bitcoin insiders have expressed their concerns about bitcoin's "stigmatization"“ Good tools should not be blamed because they are used by bad people. " A person in the bitcoin instry said, "bitcoin is bitcoin, virus is virus, injustice has a head, debt has owner, so it is unnecessary to have hostility to bitcoin."
now, the most important thing is that the victims should install the patch released by Microsoft as soon as possible to prevent unfamiliar e-mail, and important files should be backed up to the cloud platform and local offline hard disk
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
2. Wannacry (also known as wanna decryptor), a kind of "worm like" blackmail virus software, with a size of 3.3mb, is spread by criminals using the dangerous vulnerability "eternal blue" leaked by NSA (National Security Agency)
the malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, which cancelled the kill switch and spread faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted.
the malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, which cancelled the kill switch and spread faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted.
3. The device that has been infected with the virus is reinstalled. Delete all disks and recreate them
4. < / UL >
At present, there is no comprehensive unlocking method. Unfortunately, Windows users are attacked by wana series blackmail virus (bitcoin virus). The current solutions are as follows: (never pay ransom in any case. There is a lot of evidence that even if ransom files are paid, they cannot be decrypted.) < UL >
Windows users can completely eliminate wanacry blackmail virus on devices by formatting all hard disks The encrypted files in other hard disks cannot be unlocked by simply performing system reload.)
indivial users can contact domestic and foreign security manufacturers, such as Qihoo 360, Jinshan drug bully, Kaspersky, mcfel, Tencent security manager and other security centers for assistance in recovering important data
use the file recovery tool to recover. Users who have been infected with the virus can use the computer manager - file recovery tool for file recovery, with a certain probability of recovering your documents
note: we will continue to pay attention to the handling methods of relevant security manufacturers and wait for a more superior perfect unlocking scheme
5. In short, blackmail virus is a computer virus that uses Windows system vulnerability to maliciously encrypt user files and then extort money < / UL >
{rrrrrrr}
10
(3) in view of the current technical means, if blackmail virus can not be solved, it can only be completely formatted, Then, the system is reinstalled and the system vulnerability patch is made to prevent the secondary poisoning
6. What is blackmail virus< Different from other similar blackmail viruses, wannacry virus is a kind of worm that can infect other computers automatically and spread rapidly e to chain reaction
2. This kind of blackmail virus mainly infects windows system. It will use encryption technology to lock files, forbid users to access, and blackmail users
3. The attacker claimed that he could only unlock the file after asking for more than $300 worth of bitcoin. In fact, even if the ransom is paid, it may not be able to unlock the file
Why are they infected
once the blackmail worm attacks a user machine that can connect to the public network, it will scan the IP of the intranet and the public network. If the scanned IP has opened port 445, it will use the "enternal blue" vulnerability to install the back door. Once the backdoor is executed, a blackmailer virus named wana crypt0r will be released to encrypt all documents and files on the user's machine for blackmail
why use bitcoin
bitcoin is a kind of point-to-point network payment system and virtual pricing tool, commonly known as digital currency. Bitcoin is popular among cyber criminals because it is decentralized, unregulated and almost untraceable< Background of transmission and infection
this round of blackmailer worm virus mainly includes two family variants onion and wncry, which first broke out in Britain, Russia and other countries, and many enterprises and medical institutions were recruited in the system, resulting in heavy losses
global monitoring of security agencies has found that as many as 74 countries have suffered this blackmailer worm attack
since May 12, the spread of infection in China has also begun to increase sharply, and the outbreak has been intensified in many universities and enterprises
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
2. This kind of blackmail virus mainly infects windows system. It will use encryption technology to lock files, forbid users to access, and blackmail users
3. The attacker claimed that he could only unlock the file after asking for more than $300 worth of bitcoin. In fact, even if the ransom is paid, it may not be able to unlock the file
Why are they infected
once the blackmail worm attacks a user machine that can connect to the public network, it will scan the IP of the intranet and the public network. If the scanned IP has opened port 445, it will use the "enternal blue" vulnerability to install the back door. Once the backdoor is executed, a blackmailer virus named wana crypt0r will be released to encrypt all documents and files on the user's machine for blackmail
why use bitcoin
bitcoin is a kind of point-to-point network payment system and virtual pricing tool, commonly known as digital currency. Bitcoin is popular among cyber criminals because it is decentralized, unregulated and almost untraceable< Background of transmission and infection
this round of blackmailer worm virus mainly includes two family variants onion and wncry, which first broke out in Britain, Russia and other countries, and many enterprises and medical institutions were recruited in the system, resulting in heavy losses
global monitoring of security agencies has found that as many as 74 countries have suffered this blackmailer worm attack
since May 12, the spread of infection in China has also begun to increase sharply, and the outbreak has been intensified in many universities and enterprises
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
7. blockchain technology is best known in the financial sector: its origins are integrated with cryptocurrencies that rely on blockchain transparency and unparalleled security to accelerate their success. In essence, through a decentralized distributed digital ledger, the blockchain can record any valuable transaction in the whole computer system, so that no record can be changed quietly without the consensus of the whole computer system
in the financial field, blockchain has been explored and actively used for financial transactions and even contract management. For the supply chain, the benefits are not limited to just keeping accurate records: the blockchain fundamentally reces the time spent on paperwork and authorization. At present, most of the proct or material delivery delays are e to these two points. However, in the blockchain, it does not take time to verify the previous records, only a digital signature is needed to ensure the accuracy and authenticity of digital paper records< At present, consumers have to rely on certificates to verify the authenticity of gemstones. A piece of paper can be easily changed. When many diamond owners value their diamonds with the intention of selling them, they will find that their perfect diamonds are only a little more valuable than glass or smaller diamonds
with the application of blockchain, diamonds can be used as raw stones for unique barcode coding when they are just mined from the vegetable market. While maintaining the integrity of their information, changes made and records handled, they can circulate in the whole supply chain. Throughout the supply chain, authenticity can be verified and there are no unauthorized changes, so the end buyer can track the origin of the diamond (in fact, any other material used to make the final proct) and its entire circulation
similarly, through the blockchain, we can trace the origin, service and ownership history of used cars, so as to rece service fraud (such as the place where the odometer is recalibrated) and the number of stolen vehicles in circulation, and also hope that these instries will be completely terminated
transparency and security
Security and transparency are not usually terms that go hand in hand, but they do on blockchains. As mentioned above, the security of blockchain does not allow any form of unauthorized changes and ensures the authenticity of data. By storing the same "block" information that needs to be collectively approved on its network, the blockchain can not be controlled by any single entity, and there will be no single point of failure, which makes it the most secure platform so far
blockchain can provide transparency, however, its programming mode only allows authorized entities to access information related to their specific interests. For example, buyers may be able to view transaction history, but will be denied access to sensitive or personal information, such as addresses
from a compliance perspective, this helps to ensure that all parties comply with laws, such as the EU's general data protection regulation (gdpr) and South Africa's Personal Information Protection Act (Popi), while still being able to share or access information related to their own parts of the supply chain
there are many application examples of blockchain technology, and supply chain is one of them. However, e to the complexity and number of parties involved in the supply chain, blockchain is considered to be the perfect solution to all the challenges so far, including security, delay and authenticity.
in the financial field, blockchain has been explored and actively used for financial transactions and even contract management. For the supply chain, the benefits are not limited to just keeping accurate records: the blockchain fundamentally reces the time spent on paperwork and authorization. At present, most of the proct or material delivery delays are e to these two points. However, in the blockchain, it does not take time to verify the previous records, only a digital signature is needed to ensure the accuracy and authenticity of digital paper records< At present, consumers have to rely on certificates to verify the authenticity of gemstones. A piece of paper can be easily changed. When many diamond owners value their diamonds with the intention of selling them, they will find that their perfect diamonds are only a little more valuable than glass or smaller diamonds
with the application of blockchain, diamonds can be used as raw stones for unique barcode coding when they are just mined from the vegetable market. While maintaining the integrity of their information, changes made and records handled, they can circulate in the whole supply chain. Throughout the supply chain, authenticity can be verified and there are no unauthorized changes, so the end buyer can track the origin of the diamond (in fact, any other material used to make the final proct) and its entire circulation
similarly, through the blockchain, we can trace the origin, service and ownership history of used cars, so as to rece service fraud (such as the place where the odometer is recalibrated) and the number of stolen vehicles in circulation, and also hope that these instries will be completely terminated
transparency and security
Security and transparency are not usually terms that go hand in hand, but they do on blockchains. As mentioned above, the security of blockchain does not allow any form of unauthorized changes and ensures the authenticity of data. By storing the same "block" information that needs to be collectively approved on its network, the blockchain can not be controlled by any single entity, and there will be no single point of failure, which makes it the most secure platform so far
blockchain can provide transparency, however, its programming mode only allows authorized entities to access information related to their specific interests. For example, buyers may be able to view transaction history, but will be denied access to sensitive or personal information, such as addresses
from a compliance perspective, this helps to ensure that all parties comply with laws, such as the EU's general data protection regulation (gdpr) and South Africa's Personal Information Protection Act (Popi), while still being able to share or access information related to their own parts of the supply chain
there are many application examples of blockchain technology, and supply chain is one of them. However, e to the complexity and number of parties involved in the supply chain, blockchain is considered to be the perfect solution to all the challenges so far, including security, delay and authenticity.
8.
In the evening of May 12, the wanna cry worm virus broke out in more than 74 countries around the world. At least 45000 machines have been infected. The network system of some colleges and universities in China has become a disaster area, and the network payment system of PetroChina gas station has also been affected
it is reported that the virus can spread rapidly in the local area network by taking advantage of the vulnerability of port 445 of windows system, but large local area networks such as schools have not done similar prevention, so it has become the target of attack
{rrrrrrr}
therefore, it is not recommended that the victim pay ransom to the hacker, because even if you pay, the hacker may not know which computer you have
it is worth mentioning that the outbreak of bitcoin blackmail virus has pushed bitcoin to the top of the wave again. "Bitcoin virus" has become a hot search keyword, and many bitcoin insiders have expressed their concerns about bitcoin's "stigmatization"“ Good tools should not be blamed because they are used by bad people. " A person in the bitcoin instry said, "bitcoin is bitcoin, virus is virus, injustice has a head, debt has owner, so it is unnecessary to have hostility to bitcoin."
now, the most important thing is that victims should install the patch released by Microsoft as soon as possible to prevent strange mail, and important files should be backed up to the cloud platform and local offline hard disk
9. Evgeniy
Mikhailovich
bogachev, the author of the "bitcoin blackmailer" Trojan family, is a Russian hacker, ranking second on the list of the top ten most wanted hackers by the FBI and the leader of a cyber criminal group.
Mikhailovich
bogachev, the author of the "bitcoin blackmailer" Trojan family, is a Russian hacker, ranking second on the list of the top ten most wanted hackers by the FBI and the leader of a cyber criminal group.
10. First, let's take a look at the ports that are open in the current system. Use the shortcut key win + R to call out the running window, and enter CMD to enter the command program window, Next, enter the command "netstat - Na" interface, and you can see that port 445 is already open at this time
2, In the CMD window, enter the following command:
Netsh advfirewall set allprofile state on
Netsh advfirewall add rule name = deny445 dir = in action = block protocol = TCP localport = 445 < / OL >
2, In the CMD window, enter the following command:
Netsh advfirewall set allprofile state on
Netsh advfirewall add rule name = deny445 dir = in action = block protocol = TCP localport = 445
to open the windows update, so as to ensure that the system updates can be received at the first time
1 manually check whether there are any UN updated patches, And update
2 open Windows Defender regular scanning function
3 open windows defender, and bury fast scanning, if there is a problem, then deal with:
4 install an anti-virus software, and open real-time defense, regularly check and kill the virus
Hot content