Bitcoin virus blackmail information

2. Wannacry (also known as wanna decryptor), a kind of "worm like" blackmail virus software, with a size of 3.3mb, is spread by criminals using the dangerous vulnerability "eternal blue" leaked by NSA (National Security Agency)
the malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, which cancelled the kill switch and spread faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted.

3. In short, blackmail virus is a computer virus that uses Windows system vulnerability to maliciously encrypt user files and then extort money

{rrrrrrr}

10

(3) in view of the current technical means, if blackmail virus can not be solved, it can only be completely formatted, Then, the system is reinstalled and the system vulnerability patch is made to prevent the secondary poisoning

< / UL >

4. What is blackmail virus< Different from other similar blackmail viruses, wannacry virus is a kind of worm that can infect other computers automatically and spread rapidly e to chain reaction
2. This kind of blackmail virus mainly infects windows system. It will use encryption technology to lock files, forbid users to access, and blackmail users
3. The attacker claimed that he could only unlock the file after asking for more than $300 worth of bitcoin. In fact, even if the ransom is paid, it may not be able to unlock the file
Why are they infected
once the blackmail worm attacks a user machine that can connect to the public network, it will scan the IP of the intranet and the public network. If the scanned IP has opened port 445, it will use the "enternal blue" vulnerability to install the back door. Once the backdoor is executed, a blackmailer virus named wana crypt0r will be released to encrypt all documents and files on the user's machine for blackmail
why use bitcoin
bitcoin is a kind of point-to-point network payment system and virtual pricing tool, commonly known as digital currency. Bitcoin is popular among cyber criminals because it is decentralized, unregulated and almost untraceable< Background of transmission and infection
this round of blackmailer worm virus mainly includes two family variants onion and wncry, which first broke out in Britain, Russia and other countries, and many enterprises and medical institutions were recruited in the system, resulting in heavy losses
global monitoring of security agencies has found that as many as 74 countries have suffered this blackmailer worm attack
since May 12, the spread of infection in China has also begun to increase sharply, and the outbreak has been intensified in many universities and enterprises
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.

5. Only the Barry underground can collect ore. But in the seaside can collect ore fragments, such as Kela coast, eluk waterfall gold panning, etc. Ore fragments have the same function as ore, and occupy less lattice than ore, so it is easy to obtain, so now few people go to Bari underground mining.

6. 1、 Before being infected with the virus, you must regularly backup and save the important things in the computer. It's better to prepare another hard disk for regular backup.
2. After being infected with the virus, it's recommended to report to the public security organ immediately for the record, and it's better not to go to the prefecture level or above, county level or below, because as far as I know, many county-level organs are often overstaffed, What is more important is that they basically do not have the relevant technical processing ability and conditions, and many cases may have to be transferred to the higher authorities. As for how the police deal with it, it's out of the question
Third, prepare a new computer. This is the best way to minimize the loss. Never smash the computer or deal with it separately. Instead, you should listen to the arrangement of the police, because if the police are responsible, they may take this as a clue to carry out new detection. On the one hand, it is also a way to eliminate harm for the public, and on the other hand, it may bring some compensation for the loss

7. Bitcoin virus is a virus spread by using Microsoft Windows "eternal blue" vulnerability for the purpose of extorting bitcoin. The most important thing is to prevent the virus if there is no virus. We can take measures such as closing port 445, patching windows, installing immune tools, and killing the virus with anti-virus software; The most important thing is to recover the encrypted files. I personally tested the data recovery software to be effective, and released the video of recovering the infected data. You can watch it in Youku search "recover the files encrypted by wannacry blackmailer virus". Although the file encryption has no key and can't be recovered by any algorithm, the source files deleted by the virus in the disk can be recovered, It is suggested to use master Tu's data recovery software for recovery. The official provides a free registration code for the students who are recruited by blackmail virus: tudrzyujt5h8cbwt5wlz, hoping to help more people