Wannacry, bitcoin blackmail virus
Publish: 2021-05-12 16:28:27
1. Wannacry (also known as wanna decryptor), a kind of "worm like" blackmail virus software, with a size of 3.3mb, is spread by criminals using the dangerous vulnerability "eternal blue" leaked by NSA (National Security Agency)
the malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, which cancelled the kill switch and spread faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted.
the malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, which cancelled the kill switch and spread faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted.
2. Version 3.0 embodies further decentralization and bottom-up thinking. If this meaning and function is concerned, it mainly embodies a four set idea of the whole person, or a person's whole idea, um, some ideas about the private science.
3. In recent days, massive blackmail worm attacks have rapidly spread to more than 100 countries and regions around the world. The virus locks user data and computer files until the user pays a ransom of $300-600 worth of bitcoin. It is unprecedented for hackers to blackmail global computer users on such a large scale, which can be regarded as a threat to the whole world
specific behaviors and prevention methods
today we will have a deep understanding of what kind of virus this virus is, how it spreads, and why it causes such serious consequences<
the virus originated from the network weapon library leaked by the US National Security Agency (NSA) in the early stage
the "wannacry" virus spreading all over the world belongs to the worm type blackmail software, which actively infects the victims by using the windows vulnerability (known as "eternal blue") numbered ms17-010. Previously, the US National Security Agency (NSA) controlled almost all the banks and financial institutions in the Middle East through the "eternal blue" weapon
because this vulnerability information was leaked and exploited by hackers, it led to this global virus spreading event<
extortion worm virus broke out three times in four days, variant
version 0.1: hackers spread through network weapons, blackmail users, no worm function
version 1.0: worm function, large-scale spread, main spread from May 12 to May 14
version 2.0: blackmail virus, replacing and canceling the "suicide switch". The so-called "suicide switch" is a "switch" set by virus authors in order to prevent the outbreak of worms out of control. If a specific domain name is registered, it will not continue to be infected. On May 14, version 2.0 changed the switch domain name and was soon registered. On May 14, the second variant of blackmail virus 2.0 cancelled the suicide switch and continued to spread
regarding the current spread of the virus, sun Xiaojun, the person in charge of 360 security procts, said: from the perspective of indivial users, the infection rate of blackmail worm has slowed down. Among the 500 million users of 360 security guard, the vast majority of users repaired the vulnerability in March and were not affected. About 200000 users who did not patch their computers were attacked by viruses and almost all of them were intercepted
what lessons should we learn from the rampant blackmail worm incident
network security experts say: this virus exploits a vulnerability of Microsoft, which Microsoft has released a patch in March this year to fix. But some of our users are not in the habit of patching and did not fix the vulnerability in time, which led to the computer being attacked
the blackmail virus attack has once again sounded the alarm of network security. The rapid development of Internet and other information technology has brought great benefits to people, but also unprecedented network security challenges
it is suggested that we should pay attention to network security issues, install security protection software in time, upgrade security patches of operating system and various applications in time, set high security password and change it regularly, do not download and install application software with unknown origin, and take backup measures for particularly important data.
specific behaviors and prevention methods
today we will have a deep understanding of what kind of virus this virus is, how it spreads, and why it causes such serious consequences<
the virus originated from the network weapon library leaked by the US National Security Agency (NSA) in the early stage
the "wannacry" virus spreading all over the world belongs to the worm type blackmail software, which actively infects the victims by using the windows vulnerability (known as "eternal blue") numbered ms17-010. Previously, the US National Security Agency (NSA) controlled almost all the banks and financial institutions in the Middle East through the "eternal blue" weapon
because this vulnerability information was leaked and exploited by hackers, it led to this global virus spreading event<
extortion worm virus broke out three times in four days, variant
version 0.1: hackers spread through network weapons, blackmail users, no worm function
version 1.0: worm function, large-scale spread, main spread from May 12 to May 14
version 2.0: blackmail virus, replacing and canceling the "suicide switch". The so-called "suicide switch" is a "switch" set by virus authors in order to prevent the outbreak of worms out of control. If a specific domain name is registered, it will not continue to be infected. On May 14, version 2.0 changed the switch domain name and was soon registered. On May 14, the second variant of blackmail virus 2.0 cancelled the suicide switch and continued to spread
regarding the current spread of the virus, sun Xiaojun, the person in charge of 360 security procts, said: from the perspective of indivial users, the infection rate of blackmail worm has slowed down. Among the 500 million users of 360 security guard, the vast majority of users repaired the vulnerability in March and were not affected. About 200000 users who did not patch their computers were attacked by viruses and almost all of them were intercepted
what lessons should we learn from the rampant blackmail worm incident
network security experts say: this virus exploits a vulnerability of Microsoft, which Microsoft has released a patch in March this year to fix. But some of our users are not in the habit of patching and did not fix the vulnerability in time, which led to the computer being attacked
the blackmail virus attack has once again sounded the alarm of network security. The rapid development of Internet and other information technology has brought great benefits to people, but also unprecedented network security challenges
it is suggested that we should pay attention to network security issues, install security protection software in time, upgrade security patches of operating system and various applications in time, set high security password and change it regularly, do not download and install application software with unknown origin, and take backup measures for particularly important data.
4. At present, the wanna series of blackmail viruses have been controlled to a certain extent, but the virus is constantly fighting against the upgrade. The effective prevention of this wanna blackmail virus can be avoided through the following actions
first, temporarily close the port. Windows users can use firewall to filter personal computers, and temporarily turn off 3389 remote login on ports 135, 137 and 445 (if they don't want to turn off 3389 remote login, at least turn off the smart card login function), and pay attention to update security procts for defense, so as to minimize the risk of computer attack
Second, update the released security patches of windows in time. When the ms17-010 vulnerability was first exposed in March, Microsoft had provided security updates for win7, win10 and other systems; After the outbreak of this incident, Microsoft also quickly released a special patch for Windows XP and other systems that had not provided official support before
the third is to use the "blackmail virus immune tool" to repair. Users download the offline version of Tencent computer manager "blackmail virus immunity tool" through other computers, and the files to a safe and non-toxic U disk; Then turn on the designated computer when WiFi is turned off, the network cable is unplugged and the network is disconnected, and back up important files as soon as possible; Then use the offline version of "blackmail virus immunity tool" to fix the vulnerability with one click through USB flash disk; Network can be normal use of the computer
fourthly, use the "file recovery tool" to recover. Users who have been infected with the virus can use the computer manager - file recovery tool for file recovery, with a certain probability of recovering your documents
in addition, enterprise network administrators can use the "Administrator Assistant" to detect the security of computer equipment. Tencent's anti-virus laboratory security team, after tackling key technical problems, launched a computer housekeeper "Administrator Assistant" diagnostic tool for vulnerable enterprise customers on the evening of the 14th. The enterprise network administrator only needs to download the diagnostic tool and input the IP or device name of the target computer to diagnose whether the target computer is infected with blackmail virus; Under the guidance of the diagnosis report, the health equipment that has not been patched can be patched and defense can be arranged in time
note: Windows users should try their best to avoid visiting high-risk web pages in the near future. If they are poisoned, they should not pay ransom. They can contact the security manufacturer to help recover valuable data, or they can completely eliminate the virus by formatting the hard disk.
first, temporarily close the port. Windows users can use firewall to filter personal computers, and temporarily turn off 3389 remote login on ports 135, 137 and 445 (if they don't want to turn off 3389 remote login, at least turn off the smart card login function), and pay attention to update security procts for defense, so as to minimize the risk of computer attack
Second, update the released security patches of windows in time. When the ms17-010 vulnerability was first exposed in March, Microsoft had provided security updates for win7, win10 and other systems; After the outbreak of this incident, Microsoft also quickly released a special patch for Windows XP and other systems that had not provided official support before
the third is to use the "blackmail virus immune tool" to repair. Users download the offline version of Tencent computer manager "blackmail virus immunity tool" through other computers, and the files to a safe and non-toxic U disk; Then turn on the designated computer when WiFi is turned off, the network cable is unplugged and the network is disconnected, and back up important files as soon as possible; Then use the offline version of "blackmail virus immunity tool" to fix the vulnerability with one click through USB flash disk; Network can be normal use of the computer
fourthly, use the "file recovery tool" to recover. Users who have been infected with the virus can use the computer manager - file recovery tool for file recovery, with a certain probability of recovering your documents
in addition, enterprise network administrators can use the "Administrator Assistant" to detect the security of computer equipment. Tencent's anti-virus laboratory security team, after tackling key technical problems, launched a computer housekeeper "Administrator Assistant" diagnostic tool for vulnerable enterprise customers on the evening of the 14th. The enterprise network administrator only needs to download the diagnostic tool and input the IP or device name of the target computer to diagnose whether the target computer is infected with blackmail virus; Under the guidance of the diagnosis report, the health equipment that has not been patched can be patched and defense can be arranged in time
note: Windows users should try their best to avoid visiting high-risk web pages in the near future. If they are poisoned, they should not pay ransom. They can contact the security manufacturer to help recover valuable data, or they can completely eliminate the virus by formatting the hard disk.
5. Try Tencent computer housekeeper protection, more comprehensive in function, more intelligent, more intimate
the main functions include security protection, system optimization and software management, which are suitable for Internet users to use every day
real time protection to protect computer security, such as system firewall: computer manager system firewall selects the key locations vulnerable to virus Trojan horse attacks, covering the registry, system services, system files, processes and other protection locations, to protect your system security in an all-round way
Internet Security Firewall: the housekeeper web firewall can monitor the network in real time and effectively intercept the attacks of the Pegasus website on the system. All round guarantee your Internet security
entrance firewall: real time monitoring of USB flash disk can effectively prevent virus Trojan horse from invading the system through USB flash disk.
the main functions include security protection, system optimization and software management, which are suitable for Internet users to use every day
real time protection to protect computer security, such as system firewall: computer manager system firewall selects the key locations vulnerable to virus Trojan horse attacks, covering the registry, system services, system files, processes and other protection locations, to protect your system security in an all-round way
Internet Security Firewall: the housekeeper web firewall can monitor the network in real time and effectively intercept the attacks of the Pegasus website on the system. All round guarantee your Internet security
entrance firewall: real time monitoring of USB flash disk can effectively prevent virus Trojan horse from invading the system through USB flash disk.
6. Wanacry: wannacry, a 3.3mb "worm like" blackmail software, is spread by criminals using the dangerous vulnerability "eternal blue" leaked by NSA (National
Security Agency)
the malware will scan the TCP 445 port (server message
block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry extortion virus appeared: wannacry 2.0, killing switch was canceled, and the transmission speed was faster or faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted
at present, the security instry has not been able to effectively break the malicious encryption behavior of the blackmail software. Brad Smith, President and chief legal officer of Microsoft, said that the U.S. national security agency did not disclose more security loopholes, which gave criminal organizations an opportunity to take advantage of and eventually brought the blackmail virus that attacked 150 countries this time
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
Security Agency)
the malware will scan the TCP 445 port (server message
block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry extortion virus appeared: wannacry 2.0, killing switch was canceled, and the transmission speed was faster or faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted
at present, the security instry has not been able to effectively break the malicious encryption behavior of the blackmail software. Brad Smith, President and chief legal officer of Microsoft, said that the U.S. national security agency did not disclose more security loopholes, which gave criminal organizations an opportunity to take advantage of and eventually brought the blackmail virus that attacked 150 countries this time
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
7. Yes, it seems that a bitcoin costs 10000 yuan. Do you think it's worth it?
8. In order to prevent wannacry (blackmail virus) from spreading wantonly and causing unnecessary losses, we need to do the following
1. Important files should be backed up with USB flash disk in advance
2. Turn on 360 security guard anti blackmail service
3. Strengthen security awareness, don't download unidentified links, don't download unidentified files, and don't click Open unidentified emails
4. Download a patch from Microsoft's official website:
ms17-010
5. Download NSA Arsenal immunization tool: http://dl.360safe.com/nsa/nsatool.exe
6 https://guanjia.qq.com/wannacry/?ADTAG=innerenter.gj.client.opentips
1. Important files should be backed up with USB flash disk in advance
2. Turn on 360 security guard anti blackmail service
3. Strengthen security awareness, don't download unidentified links, don't download unidentified files, and don't click Open unidentified emails
4. Download a patch from Microsoft's official website:
ms17-010
5. Download NSA Arsenal immunization tool: http://dl.360safe.com/nsa/nsatool.exe
6 https://guanjia.qq.com/wannacry/?ADTAG=innerenter.gj.client.opentips
9. Wannacry (want to cry, also known as wanna decryptor), a kind of "worm like" blackmail virus software, with a size of 3.3mb, is spread by criminals using the dangerous vulnerability "eternal blue" leaked by NSA (National Security Agency). The malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600. On May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, canceling kill switch and spreading faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected, and campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
Hot content