Bitcoin blackmail virus vulnerability
the malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, which cancelled the kill switch and spread faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted.
Wanacry blackmail virus is a kind of worm computer virus with blackmail nature written by the professional criminal group of "shadow broker"
because of the wanacry blackmail virus, the windows-445 series port vulnerability ms17-010 is used to attack, which covers all versions of windows and has a huge audience. After wanacry attacks the computer, it will encrypt a large number of users' documents / data / files / photos, and require payment of bitcoin ransom to unlock
< H2 > unfortunately, Windows users are attacked by wanacry blackmail virus. The current solutions are as follows: (never pay ransom in any case, there is a lot of evidence that even if ransom is paid, the file cannot be decrypted.) < UL >
Windows users can completely eliminate wanacry blackmail virus on devices by formatting all hard disks
indivial users can contact domestic and foreign security manufacturers, such as Qihoo 360, Jinshan drug bully, Kaspersky, mcfel, Tencent security manager and other security centers for assistance in recovering important data
use "blackmail virus immune tool" to repair. Users download the offline version of Tencent computer manager "blackmail virus immunity tool" through other computers, and the files to a safe and non-toxic U disk; Then turn on the designated computer when WiFi is turned off, the network cable is unplugged and the network is disconnected, and back up important files as soon as possible; Then use the offline version of "blackmail virus immunity tool" to fix the vulnerability with one click through USB flash disk; Network can be normal use of the computer
use the file recovery tool to recover. Users who have been infected with the virus can use the computer manager - file recovery tool for file recovery, with a certain probability of recovering your documents
note: we will continue to pay attention to the handling methods of relevant security manufacturers, waiting for more superior perfect unlocking
Windows users can completely eliminate wanacry blackmail virus on devices by formatting all hard disks
indivial users can contact security manufacturers at home and abroad, such as Qihoo 360, Jinshan drug tyrant, Kaspersky, mcfel, Tencent security manager and other security centers for assistance in recovering important data
use "blackmail virus immune tool" to repair. Users download the offline version of Tencent computer manager "blackmail virus immunity tool" through other computers, and the files to a safe and non-toxic U disk; Then turn on the designated computer when WiFi is turned off, the network cable is unplugged and the network is disconnected, and back up important files as soon as possible; Then use the offline version of "blackmail virus immunity tool" to fix the vulnerability with one click through USB flash disk; Network can be normal use of the computer
use the file recovery tool to recover. Users who have been infected with the virus can use the computer manager - file recovery tool for file recovery, with a certain probability of recovering your documents
note: we will continue to pay attention to the handling methods of relevant security manufacturers, waiting for more superior perfect unlocking.
{rrrrrrr}
10
(3) in view of the current technical means, if blackmail virus can not be solved, it can only be completely formatted, Then, the system is reinstalled and the system vulnerability patch is made to prevent the secondary poisoning
after being invaded by the blackmail software, almost all kinds of files such as photos, pictures, documents, audio and video in the user's host system will be encrypted, and the suffix of the encrypted files will be changed to. Wncry, and a blackmail dialog box will pop up on the desktop, asking the victim to pay hundreds of dollars worth of bitcoin to the attacker's bitcoin wallet, And the amount of ransom will increase over time<
types of attacks:
common office files (extensions. PPT,. Doc,. Docx,. Xlsx,. SXi)
are not commonly used, but office file formats (. Sxw,. ODT,. HWP)
compressed documents and media files (. Zip,. Rar,. Tar,. MP4,. MKV)
e-mail and e-mail databases (. EML,. MSG,. OST,. PST . DEB)
database files (. SQL,. Accdb,. MDB,. DBF,. ODB,. MyD)
source code and project files used by developers (. PHP,. Java,. CPP,. PAS,. ASM)
keys and certificates (. Key,. PFX,. PEM,. P12,. CSR,. GPG,. AES)
files used by art designers, artists and photographers (. VSD,. ODG,. Raw,. Nef,. SVG . PSD)
virtual machine files (. VMX,. Vmdk,. VDI)
At the beginning, I heard that it was so serious all of a sudden. As a practitioner, I really had a sense of fear. Once it spread in my scope, it would cause endless trouble to my work. Moreover, some phenomena were exaggerated in the report, such as unnecessary operation and automatic infection of virus. I don't know how this principle came about. Is it a myth of network technology, Viruses, Trojans and malware become uncontrollable demons
"eternal blue virus" can scan windows machines with open 445 file sharing port to implant malicious programs. There are no absolutely safe operating systems in the world. They are all early systems of foreigners. Besides, there are no flawless things in the world. I have to learn more and take good precautions. I am engaged in enterprise information and security work. I know the dangers of viruses, Trojans and malicious programs, and I can't help the panda who gets up early to burn incense. There are a lot of solutions, but some people are still poisoned
how to shut down ports 445, 135, 137, 138 and 139 and turn off network sharing can also avoid winning. The method is as follows:
run, input "dcomcnfg", right-click "my computer" on the right of "computer" option, and select "properties". In the default properties tab of my computer properties dialog box, remove the check before "enable Distributed COM on this computer", select the default protocol tab, select "connection oriented TCP / IP", click "delete" button,
Close ports 135, 137 and 138: right click the network neighbor to select properties, On the new connection, right-click to select properties, and then select the network tab to remove the check boxes of Microsoft network file and printer sharing and Microsoft network client. In this way, ports 135, 137 and 138 on the shared end are closed
Close port 139: Port 139 is a NetBIOS session port for file and print sharing. The way to close 139 is to select "Internet Protocol (TCP / IP)" attribute in "local connection" in "network and dial-up connection", enter "advanced TCP / IP settings" and "disable TCP / IP NetBIOS" in "wins settings", and check to close 139 port
Close port 445: start - run, input regedit. After confirming, locate to HKEY_ LOCAL_ Machine, system, currentcontrolset, services, NetBt, parameters, create a new DWORD value named smbdeviceenabled, and set it to 0 to close port 445
whether practitioners or ordinary users, it is a difficult problem to face the virus Trojan horse vulnerability and malicious code. How to ensure their own safety is to take action in advance, take precautions, keep the safety warning in mind, and do not surf the Internet, operate or click randomly. There are so many bad guys that it is impossible to prevent them. Then the whole society should take action to make the virus and bad guys have no place to hide
the virus exploits a vulnerability in Microsoft's windows operating system, which Microsoft released a patch on March 14. Those users who have installed the patch are unlikely to be affected this time. Some spam may be sent in the name of common contacts, so we must be vigilant. For suspicious links or attachments, don't open them easily
the national Internet Emergency Response Center issued emergency response measures yesterday, suggesting that users update the released security patches of windows in time, and do a good job in four aspects:
(1) close the external network access rights of ports 445 (other associated ports such as 135, 137, 139), and close unnecessary service ports above on the server
(2) strengthen the internal network area access audit of port 445 (other associated ports such as 135, 137, 139) to discover unauthorized behavior or potential attack behavior in time
(3) as Microsoft has stopped security updates on some operating systems, it is recommended to check windows xp and Windows Server 2003 hosts (ms17-010 update is no longer supported) and use an alternative operating system< (4) do a good job in the backup of information system business and personal data.