Bitcoin variant virus Android

1.

Yesterday, I went to the electronic reading room. Not long after I plugged in the USB flash drive, the teacher suddenly asked everyone to unplug the USB flash drive. Some students found that all the files in the USB flash drive could not be opened, and there were two more documents asking for money

so everyone rushed to check, as long as the U disk inserted in the school computer were poisoned, large-scale computer poisoning occurred in the evening

a lot of people's information and graation thesis are in the computer. I really feel that hacker's behavior is disgusting. For the sake of money, regardless of the future of students, teachers' lifelong scientific research achievements...

hope to catch criminals as soon as possible and give them severe punishment by law

this virus will scan windows devices with open 445 file sharing port. As long as the user's device is on the Internet, hackers can implant blackmail software, remote control Trojan horse, virtual currency mining machine and other malicious programs in computers and servers

some security researchers point out that this large-scale network attack seems to be deployed through a worm application, and wannacry can spread among computers. What's more terrible is that unlike most malicious programs, this program can replicate and spread on its own in the network, and most of the current viruses still need to rely on the successful users to spread by cheating them to click the attachment with the attack code

the attack has affected 99 countries and as many as 75000 computers, but because the virus uses anonymous network and bitcoin anonymous transaction to obtain ransom, it is very difficult to track and locate the originator of the virus

2. Wannacry virus is spread based on Windows system, and smartphone users will not be affected. To prevent viruses, please open the system control panel - system and security - install system patches. If you do not open the system patch function, please open and repair all vulnerabilities immediately. It is recommended to upgrade the system for systems below Windows 7. Thank you for your support and trust in Tencent housekeeper.

3. 1、 Win10 prevention process
win10 platform is relatively simple, because Microsoft has released relevant patches for this virus vulnerability in early March, so as long as your win10 has been automatically updated and upgraded to the latest version (version number is higher than 1511), you can successfully resist wannacrypt virus
operation steps:
1. "Settings" → "update and security" → "Windows Update", check that this item is on
2. Click the Cortana search box in the taskbar, enter "winver" and confirm that the version number is higher than 1511<

win10 users directly upgrade the latest version
II. Win7, win8.1, WINXP processing flow
for non win10 platform computers, because most of them have exceeded the service period, or e to various reasons, they have not opened the update and received the security patch, which is the hardest hit area of this attack. The solution is to download ms17-010 patch manually. At present, Microsoft has urgently released ms17-010 patch for different platforms, and the direct link address is as follows:
Windows XP (kb4012598)
32 bits:
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-chs_. Exe
64 bit:
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_. Exe
Windows 7 (kb4012212, kb4012215)
32-bit:
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x86_. msu KB4012212
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/03/windows6.1-kb4012215-x86_. MSU (kb4012215)
64 bits:
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x64_. msu KB4012212
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows6.1-kb4012215-x64_. MSU (kb4012215)
windows 8.1 (kb4012213, kb4012216)
32-bit:
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/02/windows8.1-kb4012213-x86_. msu KB4012213
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows8.1-kb4012216-x86_. MSU (kb4012216)
64 bits:
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/02/windows8.1-kb4012213-x64_. msu KB4012213
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/03/windows8.1-kb4012216-x64_. MSU (kb4012216)
for other platforms or server versions, please go to https://technet.microsoft.com/zh-cn/library/security/MS17-010 Download the corresponding patch file

to search your own windows platform, you need to pay attention to the number of version bits (such as 32-bit / 64 bit)

confirm the platform version number again, click the download button of the corresponding version

click the link to download the patch of this platform directly. It should be noted that indivial platforms (such as win7) will contain two patches, Please download and install in order
3. Temporary disposal method
if it is not convenient for the computer to install the patch, or if you don't have a downloaded patch file on hand, you can consider the following temporary disposal method. The temporary disposal method is to shut down the corresponding port number of the system for immunization, which is effective for the current version of the virus, but it does not rule out the possibility of breaking the virus after it has a variant, The specific methods are as follows:
1. Download the 360 NSA immunization tool
NSA Arsenal immunization tool
software version: XP version
software size: 125.34mb
software license: free
applicable platform: WinXP Vista win8 win7
download address: http://dl.pconline.com.cn/download/996906.html
download the NSA immunization tool released by 360 company immediately, It has the characteristics of time-saving, labor-saving and low operation difficulty. The whole toolkit is 125mb. Double click to decompress automatically. Later, you will enter a main interface and operate according to the screen prompts. When the interface is green, it means the system is safe

NSA immune tool released by 360 company
2. Manually close windows 445, 135, 137, 138, 139 ports
in addition to the existing tools, you can also manually close 445, 135, 137, 138, 139 ports to resist virus attacks. The specific operation steps are as follows:
2.1 close ports 135, 137 and 138
1. Run and input "dcomcnfg"
2. On the right side of the computer option, right-click My Computer and select properties
3. In the default properties tab of my computer properties dialog box, remove the check box before enable Distributed COM on this computer
4. Select the default protocol tab, select connection oriented TCP / IP, and click delete
5. Right click on the network neighborhood to select properties, right click the network tab, and remove the check boxes of Microsoft network file and printer sharing and Microsoft network client to close ports 135, 137, 138 of the sharing end

manually close port
2.2 close port 139
open "network and dial up connection" → "local connection", select "Internet Protocol (TCP / IP)" attribute, enter "advanced TCP / IP settings" → "wins settings", there is a "disable TCP / IP NetBIOS", check to close port 139
2.3 close port 445
"start" → "run", enter "regedit", confirm and locate to "HKEY"_ LOCAL_ MACHINE\ SYSTEM\ CurrentControlSet\ Servi ces\ NetBT\ Parameters ", create a new DWORD value named" smbdeviceenabled "and set it to 0, then port 445 can be closed
note: after manually closing the port number, some intranet services (such as file and printer sharing) may fail. Please choose carefully
write at the end
wannacrypt is one of the most harmful viruses in recent years, second only to the shock wave of that year. The most important thing is that this virus will affect the hard disk data, and it is almost impossible to crack at present. The current method is that wannacrypt will automatically delete the original file before encryption, so some professional data recovery software can be used to try to recover. In short, keeping the system up-to-date is the best way to defend against viruses.

4.

In fact, the recent wncry virus is not the first time that blackmail software has become powerful. Not long ago, Android system also appeared a blackmail software, mobile phone encryption after ransom. After the software was checked and killed, it soon made a comeback with an upgraded version. This new version of blackmail software infects files with a random key, and even attackers don't know how to unlock it. Even users pay ransom in vain

we can see that with the continuous development of IT technology, although there are many IT employees, the main employees are mainly concentrated in the fields of mobile platform, cloud and artificial intelligence, and the most popular programming language has graally evolved from C and C + + for underlying operation to managed Java or even go language for modeling. The field of information security is a technology that directly faces the bottom. Fewer and fewer people are engaged in the bottom programming, which means that the number of practitioners of information security is getting smaller and smaller. The direct consequence of this phenomenon is that the backward technology can attack the advanced technology in the network world, which is very similar to the invasion of advanced civilization by the backward barbarians in human society. The recent outbreak of wncry virus may come from North Korea, which also confirms this trend from the side. Some organizations and even countries are not qualified to engage in high-end technology, but the virus they write can spread all over the world. Blackmailer software has further expanded the scope of attack, such as online games, smart cars and wearable devices have a large number of leaks. Reviewing the history of such software can be roughly divided into the following stages

from the current situation, there is no sign of easing the bifurcations of bitcoin, but the emergence of bitcoin ETF and wncry virus has pushed the price of bitcoin to new highs. Personally, I think the short-term rate of bitcoin will probably exceed 20000 RMB. However, considering that there is not all the competition for bifurcations among varieties such as lightcoin, from the perspective of investment, if bitcoin falls again e to the competition for bifurcations, it is actually good for lightcoin. Therefore, if some readers hold a lot of bitcoin and do not want to sell it, You can consider hedging with long Leyte

from the perspective of information security, the bifurcation problem is likely to affect bitcoin's status as a ransom for blackmail virus. The author thinks that the virus accepting Wright coin and ether coin as ransom will be born soon

however, blockchain currencies are more or less troubled by processing speed, and the encryption algorithm is not easy to upgrade. In the long run, the risk is relatively high, and the signs of short-term price manipulation are relatively obvious. If the psychological enrance is not strong, just watch their running track

5. Wannacry (also known as wanna decryptor), a kind of "worm like" blackmail virus software, with a size of 3.3mb, is spread by criminals using the dangerous vulnerability "eternal blue" leaked by NSA (National Security Agency)
the malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, which cancelled the kill switch and spread faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted.

6. Although the answer may make you despair, but still have to tell you

7. In short, blackmail virus is a computer virus that uses Windows system vulnerability to maliciously encrypt user files and then extort money

{rrrrrrr}

10

(3) in view of the current technical means, if blackmail virus can not be solved, it can only be completely formatted, Then, the system is reinstalled and the system vulnerability patch is made to prevent the secondary poisoning

< / UL >

8. Petya blackmail virus is a new type of blackmail virus, which does great harm
you only need to install a computer housekeeper and fix all system vulnerabilities in time.
you can be immune to Petya blackmail virus attacks by not clicking suspicious attachments ring the Internet access

9. Try to protect Tencent's computer housekeeper by launching a 2-in-1 anti-virus version with a "4 + 1" engine architecture. On the basis of the "housekeeper anti-virus engine, Jinshan cloud search engine, xiaohongsan local search engine, and guanjiayun engine" four core search engine, the housekeeper system repair engine is enabled, and the construction of the "cloud security" platform and the research and development ability of the self-developed engine are strengthened, The anti-virus effect is better.