Bitcoin virus broke out

1.

Yesterday, I went to the electronic reading room. Not long after I plugged in the USB flash drive, the teacher suddenly asked everyone to unplug the USB flash drive. Some students found that all the files in the USB flash drive could not be opened, and there were two more documents asking for money

so everyone rushed to check, as long as the U disk inserted in the school computer were poisoned, large-scale computer poisoning occurred in the evening

a lot of people's information and graation thesis are in the computer. I really feel that hacker's behavior is disgusting. For the sake of money, regardless of the future of students, teachers' lifelong scientific research achievements...

hope to catch criminals as soon as possible and give them severe punishment by law

this virus will scan windows devices with open 445 file sharing port. As long as the user's device is on the Internet, hackers can implant blackmail software, remote control Trojan horse, virtual currency mining machine and other malicious programs in computers and servers

some security researchers point out that this large-scale network attack seems to be deployed through a worm application, and wannacry can spread among computers. What's more terrible is that unlike most malicious programs, this program can replicate and spread on its own in the network, and most of the current viruses still need to rely on the successful users to spread by cheating them to click the attachment with the attack code

the attack has affected 99 countries and as many as 75000 computers, but because the virus uses anonymous network and bitcoin anonymous transaction to obtain ransom, it is very difficult to track and locate the originator of the virus

2. From May 12, bitcoin blackmail computer virus broke out all over the world. At present, 16 hospitals across the UK have been attacked on a large scale, and many Chinese universities have been recruited. Hackers blackmail users for ransom by locking computer files, and only charge bitcoin

in this global computer virus incident, mobile China also received a blackmail. Fortunately, the machine that received the email was a testing machine, which did not affect us. However, it's different for college students in the graation season. The thesis is locked, which is related to graation. So in the face of this outbreak of blackmail virus, how should we deal with it and what protective measures should we take<

first of all, let's understand the characteristics of this virus

the computer virus initiated by hackers will encrypt a large number of files on the system into files with. Onion suffix. After poisoning, they are required to pay bitcoin ransom to decrypt and recover the files, causing serious losses to personal data, and anti-virus software cannot decrypt these encrypted files. But we must not listen to the hacker's so-called "give money to decrypt" saying, because hackers do not necessarily keep their promises, in addition, bitcoin is expensive, and it is also a large number for ordinary users< Secondly, we need to pay attention to the background of the virus outbreak.

according to the domestic experts, according to the network security agencies, this is a virus attack event launched by lawless elements using the "eternal blue" leaked from NSA hacker's weapon library“ "Eternal blue" will scan windows machines with open 445 file sharing port, without any user operation. As long as the machine is turned on and connected to the Internet, criminals can plant blackmail software, remote control Trojan horse, virtual currency mining machine and other malicious programs in computers and servers

e to the previous outbreak of worms using port 445 in China, operators have blocked port 445 for indivial users, but the ecation network has no such restriction, and there are still a large number of machines exposing port 445. According to the statistics of relevant institutions, at present, more than 5000 machines in China are attacked by NSA "eternal blue" hacker weapons every day, and the ecation network is the hardest hit area

What are the coping methods

1. Close port 445, and you can search and query by yourself

2. At present, Microsoft has released a patch ms17-010 to fix the system vulnerability of "eternal blue" attack. You can install this patch for your computer as soon as possible

as for XP, 2003 and other Microsoft machines that no longer provide security updates, microblog professionals recommend using "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being attacked by blackmail software and other viruses

3.

Internet security once again because of a large-scale outbreak of computer viruses and caused everyone's attention: bit virus. The emergence of this virus will make the computer's documents locked, hackers to coerce ransom, and most of the places are important units. For example, Chinese universities and British hospitals. The data of these units are very important. Most of the time, the school is not only an ecational unit, many key universities also undertake a lot of scientific research tasks. From a certain point of view, it also shows that hackers are very selective and targeted

Of course, the explanation given by Microsoft said that the virus was an attack against the vulnerability supplemented in March. In a way, hackers are also a test of users' security awareness. Microsoft has added software to the vulnerability in March. From this point of view, the hacker's attack is not brilliant. Because it is through the official patch, and then imagine no patch defects, so as to attack. Hackers also know the update awareness and security awareness of users. Of course, as a domestic company, 360 also seized this opportunity to quickly adjust the security housekeeper to check and kill the virus

from this point of view, Microsoft's vulnerability supplement is targeted and prescient, and the possible vulnerabilities should be supplemented in time

from the user's point of view, this virus attack is different from the previous one. In the past, it is generally in the form of camouflage and loading to ince customers to take the initiative to download. And this time the virus is mostly spread through the LAN, as long as you boot, the virus will invade. The document cannot be opened normally

if this virus attack has any inspiration for us to use computers and pay attention to Internet security, I think it can be inspired from at least two aspects: the first is to strengthen the security of computer systems, such as using official patches to repair vulnerabilities in time; the other is to install regular anti-virus software, update it in time, and strengthen the firewall

4. If there is a virus in the mobile phone, you can use the virus software on the mobile phone to check and kill the virus on the mobile phone. Go to the homepage of Tencent mobile phone manager, click the "virus check and kill" icon at the bottom of the page, enter the virus check and kill page, you can see the "virus check and kill" option, and then click the "virus scan" button at the bottom to check and kill the virus on the mobile phone.

5. 1、 Before being infected with the virus, you must regularly backup and save the important things in the computer. It's better to prepare another hard disk for regular backup.
2. After being infected with the virus, it's recommended to report to the public security organ immediately for the record, and it's better not to go to the prefecture level or above, county level or below, because as far as I know, many county-level organs are often overstaffed, What is more important is that they basically do not have the relevant technical processing ability and conditions, and many cases may have to be transferred to the higher authorities. As for how the police deal with it, it's out of the question
Third, prepare a new computer. This is the best way to minimize the loss. Never smash the computer or deal with it separately. Instead, you should listen to the arrangement of the police, because if the police are responsible, they may take this as a clue to carry out new detection. On the one hand, it is also a way to eliminate harm for the public, and on the other hand, it may bring some compensation for the loss

6. Blackmail virus can still be prevented, but its global outbreak also shows that there is no absolute security system in the world. On the evening of May 12, Microsoft system computers in nearly 100 countries around the world were attacked by a computer virus called wanna cry or wanna decryptor
if you want to unlock the infected computer, you can only pay the required bitcoin to the other party, otherwise the hard disk will be completely emptied. At present, the blackmail virus has ravaged many universities in China. The National Center for network and information security also released the anti blackmail virus patch address. This blackmail virus attack is fierce, just like an unprecedented disaster. Many media use "occupied" and "dangerous!" And so on
but in fact, as long as our computer system is constantly updated, we will not be attacked by this virus. Microsoft's security update in March this year included a security patch for the exploit of this blackmail virus. The global outbreak of the virus attack also shows two points: there is no absolutely safe system in the world; Don't say any backdoor, as long as it is in the hands of "good people", it is safe. The predecessor of this blackmail virus is the "eternal blue" attack program in NSA hacker's weapon library, which was leaked before. Now it has been transformed into blackmail software by criminals
it's the same as putting the virus into the society to spread if the biological virus in the laboratory is stolen and no money is paid. If you have any impression, you will remember that at the beginning of last year, there was a dispute between the FBI of the United States and Silicon Valley companies such as apple, that is, whether electronic procts should leave a "back door" for law enforcement departments in order to combat terrorists
now you should have the answer in mind. No one can create an absolute security system, and there is no absolute security "back door" only for "good people". As long as the tools are made, the bad guys will always have a way to get them - in this world, there are no weapons that can only be used by the "good guys". Tools are not good or bad. It's the people who use them that decide their pros and cons
system security is always relative. If hackers want to attack your electronic devices, you are not likely to survive. However, for similar computer viruses that are not targeted at specific indivials, ordinary users still have a way to escape. Although blackmail virus is difficult to cure, it can be prevented. As mentioned earlier, if the system is updated in time and patched for security vulnerabilities, this attack has nothing to do with you
for the domestic public, it is particularly important to update the system version and use the genuine system. After the attack, it will be found that many people's systems are still in Windows XP, a system that Microsoft has stopped supporting
Microsoft has to release a special patch this time to help users eliminate the threat. But if someone's system is pirated, it can only be solved in other ways. Now we are getting into the habit of paying for right support such as content and music. We might as well have this awareness in terms of system security. In addition, the backup system and data are also "necessary cultivation"
in fact, the laptops that people bought in the first place were all installed with the genuine system, but when there were various problems later and they could not or could not recover the system, they were directly re installed through the pirated system. And if you have the habit of backup, when something goes wrong, you can master some skills to restore the computer to the state at any time point, and you are not afraid of this blackmail virus.

7. Tencent computer housekeeper can be used to kill viruses. There are three modes: Lightning killing, overall killing and designated location killing. However, the meanings of these three modes are different. Although the lightning killing button is obvious, it does not mean that the anti-virus effect is the best. It is only used to kill viruses in an emergency. Overall killing can be said to be the best, The designated location of killing belongs to the second, but also to save time to set an anti-virus method.