Target of bitcoin blackmail virus
Publish: 2021-05-14 07:59:01
1. Wannacry (also known as wanna decryptor), a kind of "worm like" blackmail virus software, with a size of 3.3mb, is spread by criminals using the dangerous vulnerability "eternal blue" leaked by NSA (National Security Agency)
the malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, which cancelled the kill switch and spread faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted.
the malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, which cancelled the kill switch and spread faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted.
2. What is blackmail virus< Different from other similar blackmail viruses, wannacry virus is a kind of worm that can infect other computers automatically and spread rapidly e to chain reaction
2. This kind of blackmail virus mainly infects windows system. It will use encryption technology to lock files, forbid users to access, and blackmail users
3. The attacker claimed that he could only unlock the file after asking for more than $300 worth of bitcoin. In fact, even if the ransom is paid, it may not be able to unlock the file
Why are they infected
once the blackmail worm attacks a user machine that can connect to the public network, it will scan the IP of the intranet and the public network. If the scanned IP has opened port 445, it will use the "enternal blue" vulnerability to install the back door. Once the backdoor is executed, a blackmailer virus named wana crypt0r will be released to encrypt all documents and files on the user's machine for blackmail
why use bitcoin
bitcoin is a kind of point-to-point network payment system and virtual pricing tool, commonly known as digital currency. Bitcoin is popular among cyber criminals because it is decentralized, unregulated and almost untraceable< Background of transmission and infection
this round of blackmailer worm virus mainly includes two family variants onion and wncry, which first broke out in Britain, Russia and other countries, and many enterprises and medical institutions were recruited in the system, resulting in heavy losses
global monitoring of security agencies has found that as many as 74 countries have suffered this blackmailer worm attack
since May 12, the spread of infection in China has also begun to increase sharply, and the outbreak has been intensified in many universities and enterprises
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
2. This kind of blackmail virus mainly infects windows system. It will use encryption technology to lock files, forbid users to access, and blackmail users
3. The attacker claimed that he could only unlock the file after asking for more than $300 worth of bitcoin. In fact, even if the ransom is paid, it may not be able to unlock the file
Why are they infected
once the blackmail worm attacks a user machine that can connect to the public network, it will scan the IP of the intranet and the public network. If the scanned IP has opened port 445, it will use the "enternal blue" vulnerability to install the back door. Once the backdoor is executed, a blackmailer virus named wana crypt0r will be released to encrypt all documents and files on the user's machine for blackmail
why use bitcoin
bitcoin is a kind of point-to-point network payment system and virtual pricing tool, commonly known as digital currency. Bitcoin is popular among cyber criminals because it is decentralized, unregulated and almost untraceable< Background of transmission and infection
this round of blackmailer worm virus mainly includes two family variants onion and wncry, which first broke out in Britain, Russia and other countries, and many enterprises and medical institutions were recruited in the system, resulting in heavy losses
global monitoring of security agencies has found that as many as 74 countries have suffered this blackmailer worm attack
since May 12, the spread of infection in China has also begun to increase sharply, and the outbreak has been intensified in many universities and enterprises
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
3. Wannacry uses the vulnerability of 445 port of Windows operating system to spread, and has the characteristics of self replication and active propagation
after being invaded by the blackmail software, almost all kinds of files such as photos, pictures, documents, audio and video in the user's host system will be encrypted, and the suffix of the encrypted files will be changed to. Wncry, and a blackmail dialog box will pop up on the desktop, asking the victim to pay hundreds of dollars worth of bitcoin to the attacker's bitcoin wallet, And the amount of ransom will increase over time<
types of attacks:
common office files (extensions. PPT,. Doc,. Docx,. Xlsx,. SXi)
are not commonly used, but office file formats (. Sxw,. ODT,. HWP)
compressed documents and media files (. Zip,. Rar,. Tar,. MP4,. MKV)
e-mail and e-mail databases (. EML,. MSG,. OST,. PST . DEB)
database files (. SQL,. Accdb,. MDB,. DBF,. ODB,. MyD)
source code and project files used by developers (. PHP,. Java,. CPP,. PAS,. ASM)
keys and certificates (. Key,. PFX,. PEM,. P12,. CSR,. GPG,. AES)
files used by art designers, artists and photographers (. VSD,. ODG,. Raw,. Nef,. SVG . PSD)
virtual machine files (. VMX,. Vmdk,. VDI)
after being invaded by the blackmail software, almost all kinds of files such as photos, pictures, documents, audio and video in the user's host system will be encrypted, and the suffix of the encrypted files will be changed to. Wncry, and a blackmail dialog box will pop up on the desktop, asking the victim to pay hundreds of dollars worth of bitcoin to the attacker's bitcoin wallet, And the amount of ransom will increase over time<
types of attacks:
common office files (extensions. PPT,. Doc,. Docx,. Xlsx,. SXi)
are not commonly used, but office file formats (. Sxw,. ODT,. HWP)
compressed documents and media files (. Zip,. Rar,. Tar,. MP4,. MKV)
e-mail and e-mail databases (. EML,. MSG,. OST,. PST . DEB)
database files (. SQL,. Accdb,. MDB,. DBF,. ODB,. MyD)
source code and project files used by developers (. PHP,. Java,. CPP,. PAS,. ASM)
keys and certificates (. Key,. PFX,. PEM,. P12,. CSR,. GPG,. AES)
files used by art designers, artists and photographers (. VSD,. ODG,. Raw,. Nef,. SVG . PSD)
virtual machine files (. VMX,. Vmdk,. VDI)
4. For the time being, it's only for windows series systems. To prevent it, please open the system control panel - system and security - install system patches. If you don't open the system patch function, please open and repair all vulnerabilities immediately. It's recommended to upgrade the system for systems below Windows 7. Thank you for your support and trust in Tencent housekeeper.
5. The effective prevention of wanna blackmail virus can be avoided through the following behaviors
first, temporarily close the port. Windows users can use firewall to filter personal computers, and temporarily turn off 3389 remote login on ports 135, 137 and 445 (if they don't want to turn off 3389 remote login, at least turn off the smart card login function), and pay attention to update security procts for defense, so as to minimize the risk of computer attack
Second, update the released security patches of windows in time. When the ms17-010 vulnerability was first exposed in March, Microsoft had provided security updates for win7, win10 and other systems; After the outbreak of this incident, Microsoft also quickly released a special patch for Windows XP and other systems that had not provided official support before
the third is to use the "blackmail virus immune tool" to repair. Users download the offline version of Tencent computer manager "blackmail virus immunity tool" through other computers, and the files to a safe and non-toxic U disk; Then turn on the designated computer when WiFi is turned off, the network cable is unplugged and the network is disconnected, and back up important files as soon as possible; Then use the offline version of "blackmail virus immunity tool" to fix the vulnerability with one click through USB flash disk; Network can be normal use of the computer.
first, temporarily close the port. Windows users can use firewall to filter personal computers, and temporarily turn off 3389 remote login on ports 135, 137 and 445 (if they don't want to turn off 3389 remote login, at least turn off the smart card login function), and pay attention to update security procts for defense, so as to minimize the risk of computer attack
Second, update the released security patches of windows in time. When the ms17-010 vulnerability was first exposed in March, Microsoft had provided security updates for win7, win10 and other systems; After the outbreak of this incident, Microsoft also quickly released a special patch for Windows XP and other systems that had not provided official support before
the third is to use the "blackmail virus immune tool" to repair. Users download the offline version of Tencent computer manager "blackmail virus immunity tool" through other computers, and the files to a safe and non-toxic U disk; Then turn on the designated computer when WiFi is turned off, the network cable is unplugged and the network is disconnected, and back up important files as soon as possible; Then use the offline version of "blackmail virus immunity tool" to fix the vulnerability with one click through USB flash disk; Network can be normal use of the computer.
6. The best network search about the virus, the network has a very detailed introction, in this one or two words are not clear, the network to understand everything
7. It's not that computer poisoning is the most troublesome, and the virus in your computer seems to be very troublesome, but now there are many kinds of anti-virus software, you can choose another one. After boot and restart, you can enter from the safe mode. I use Tencent computer manager's, which has good anti-virus effect. It has al defense of Web firewall, comprehensive interception of bad Web pages, network traffic monitoring function New features, comprehensive management of network use, faster and more free access to the Internet, more comprehensive garbage cleaning, more thorough cleaning system garbage, make the system faster, more relaxed, and occupy less memory, can protect the security of the system
Hot content