Bitcoin worm

1.

Yesterday, I went to the electronic reading room. Not long after I plugged in the USB flash drive, the teacher suddenly asked everyone to unplug the USB flash drive. Some students found that all the files in the USB flash drive could not be opened, and there were two more documents asking for money

so everyone rushed to check, as long as the U disk inserted in the school computer were poisoned, large-scale computer poisoning occurred in the evening

a lot of people's information and graation thesis are in the computer. I really feel that hacker's behavior is disgusting. For the sake of money, regardless of the future of students, teachers' lifelong scientific research achievements...

hope to catch criminals as soon as possible and give them severe punishment by law

this virus will scan windows devices with open 445 file sharing port. As long as the user's device is on the Internet, hackers can implant blackmail software, remote control Trojan horse, virtual currency mining machine and other malicious programs in computers and servers

some security researchers point out that this large-scale network attack seems to be deployed through a worm application, and wannacry can spread among computers. What's more terrible is that unlike most malicious programs, this program can replicate and spread on its own in the network, and most of the current viruses still need to rely on the successful users to spread by cheating them to click the attachment with the attack code

the attack has affected 99 countries and as many as 75000 computers, but because the virus uses anonymous network and bitcoin anonymous transaction to obtain ransom, it is very difficult to track and locate the originator of the virus

2. Wannacry virus is spread based on Windows system, and smartphone users will not be affected. To prevent viruses, please open the system control panel - system and security - install system patches. If you do not open the system patch function, please open and repair all vulnerabilities immediately. It is recommended to upgrade the system for systems below Windows 7. Thank you for your support and trust in Tencent housekeeper.

3. In the evening of May 12, the wanna cry worm virus broke out in more than 74 countries around the world. At least 45000 machines have been infected. The network system of some colleges and universities in China has become a disaster area, and the network payment system of PetroChina gas station has also been affected
it is reported that the virus can spread rapidly in the local area network by taking advantage of the vulnerability of port 445 of windows system, but large local area networks such as schools have not done similar prevention, so it has become the target of attack
the success probability of brute force cracking is 0

a person in bitcoin instry said that bitcoin blackmail virus had existed as early as 2014. This time, the technology used by hackers is more high-end than last time, and the scope of influence is wider, but the identity of hackers is still unclear

moreover, the "variability" of this virus lies in the addition of automatic transmission for windows 445 port. As long as the windows system machine fails to upgrade the latest patch, making port 445 open, the virus can invade the machine

the virus requires the intruder to pay $300 worth of bitcoin ransom within six hours, and then the ransom will rise every other time
some netizens pointed out that it is difficult to crack the virus by violence. If bitcoin blackmail virus wants to crack by violence, the possibility is infinitely small, and it is impossible to complete it by virtue of personal ability
port 445 enables users to easily access all kinds of shared folders or shared printers in the LAN

port 445 gives an opportunity for malicious attackers. The normal home network has been limited by the operators to 445 port access, but the school and other large LAN did not do similar prevention, so it became the target of attack
in this virus attack, most of the domestic students who are affected are in Colleges and universities, and the seniors who are about to graate are affected, and the documents related to the design papers are locked. Many universities, including Shandong University, Nanchang University, Guangxi Normal University and Northeast University of Finance and economics, have issued emergency notices to remind teachers and students to take precautions
this virus is more accurately an encryption method. The virus will encrypt all the key files in the computer and make people pay for the unlock password, but whether the hacker will keep his promise and provide the unlock password is his problem
bitcoin blackmail virus has appeared many times

one of the characteristics of this type of virus is to ask the victim to pay bitcoin as ransom. According to many people in the instry, bitcoin is usually used as a tool for cross-border payment and remittance because of its global characteristics. In addition, as a kind of network encryption virtual currency, bitcoin has the characteristics of decentralization and anonymity. The flow of funds is not easy to track, so it is convenient for hackers to make use of its collection and payment, and it is more convenient for them to hide their identities
"if you transfer money to a hacker, you essentially give him a small string of encrypted codes that can be quickly transmitted on the Internet and stored in an electronic wallet." Some people in the instry told reporters that the anonymity of bitcoin is often the reason why computer fans, financial speculators and even drug dealers are fascinated by it
according to the current attacked computers, hackers ask for a ransom of $300 (about RMB 2069.16) worth of bitcoin for each computer

but the area of this virus infection is very large. If everyone pays the ransom, will malicious attackers be able to unlock it in time? Because it is not clear whether the virus will be unlocked manually or online. If it is handled manually, it is likely that it will be too late to handle. However, online processing is fully automatic. After bitcoin has paid, it will automatically collect money and then issue the unlock code
therefore, it is not recommended that the victim pay a ransom to the hacker, because even if you pay, the hacker may not know which computer you have

it is worth mentioning that the outbreak of bitcoin blackmail virus has pushed bitcoin to the top of the wave again. "Bitcoin virus" has become a hot search keyword, and many bitcoin insiders have expressed their concerns about bitcoin's "stigmatization"“ Good tools should not be blamed because they are used by bad people. " A person in the bitcoin instry said, "bitcoin is bitcoin, virus is virus, injustice has a head, debt has owner, so it is unnecessary to have hostility to bitcoin."
now, the most important thing is that the victims should install the patch released by Microsoft as soon as possible to prevent unfamiliar e-mail, and important files should be backed up to the cloud platform and local offline hard disk
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.

4. Wannacry (also known as wanna decryptor), a kind of "worm like" blackmail virus software, with a size of 3.3mb, is spread by criminals using the dangerous vulnerability "eternal blue" leaked by NSA (National Security Agency)
the malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, which cancelled the kill switch and spread faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted.

6. Bitcoin is still very hot, but most countries do not recognize the status and value of bitcoin. So it's hard to determine what the future of bitcoin will be. After all, the market value is a number
if it is not officially recognized by the world, mining is a waste of energy.

7. That's a good question. Let's not say you go to the moon to mine, just say this flying saucer. If you can invent one, it will give you a Nobel Prize for best carpenter!

8. Hello, this kind of virus is not easy to handle. It is recommended that the computer install the latest security patch. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible at the website of https://technet.microsoft.com/zh-cn/library/security/ms17-010; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immune tool" to detect whether there are loopholes in the system, and close the ports affected by the loopholes, so as to avoid being infringed by blackmail software and other viruses. Download address: http://dl.360safe.com/nsa/nsatool.exe
then close ports 445, 135, 137, 138 and 139 to turn off network sharing. So it's safe.

9. In recent days, massive blackmail worm attacks have rapidly spread to more than 100 countries and regions around the world. The virus locks user data and computer files until the user pays a ransom of $300-600 worth of bitcoin. It is unprecedented for hackers to blackmail global computer users on such a large scale, which can be regarded as a threat to the whole world
specific behaviors and prevention methods

today we will have a deep understanding of what kind of virus this virus is, how it spreads, and why it causes such serious consequences<

the virus originated from the network weapon library leaked by the US National Security Agency (NSA) in the early stage

the "wannacry" virus spreading all over the world belongs to the worm type blackmail software, which actively infects the victims by using the windows vulnerability (known as "eternal blue") numbered ms17-010. Previously, the US National Security Agency (NSA) controlled almost all the banks and financial institutions in the Middle East through the "eternal blue" weapon

because this vulnerability information was leaked and exploited by hackers, it led to this global virus spreading event<
extortion worm virus broke out three times in four days, variant

version 0.1: hackers spread through network weapons, blackmail users, no worm function

version 1.0: worm function, large-scale spread, main spread from May 12 to May 14

version 2.0: blackmail virus, replacing and canceling the "suicide switch". The so-called "suicide switch" is a "switch" set by virus authors in order to prevent the outbreak of worms out of control. If a specific domain name is registered, it will not continue to be infected. On May 14, version 2.0 changed the switch domain name and was soon registered. On May 14, the second variant of blackmail virus 2.0 cancelled the suicide switch and continued to spread
regarding the current spread of the virus, sun Xiaojun, the person in charge of 360 security procts, said: from the perspective of indivial users, the infection rate of blackmail worm has slowed down. Among the 500 million users of 360 security guard, the vast majority of users repaired the vulnerability in March and were not affected. About 200000 users who did not patch their computers were attacked by viruses and almost all of them were intercepted

what lessons should we learn from the rampant blackmail worm incident

network security experts say: this virus exploits a vulnerability of Microsoft, which Microsoft has released a patch in March this year to fix. But some of our users are not in the habit of patching and did not fix the vulnerability in time, which led to the computer being attacked

the blackmail virus attack has once again sounded the alarm of network security. The rapid development of Internet and other information technology has brought great benefits to people, but also unprecedented network security challenges

it is suggested that we should pay attention to network security issues, install security protection software in time, upgrade security patches of operating system and various applications in time, set high security password and change it regularly, do not download and install application software with unknown origin, and take backup measures for particularly important data.

10. Wannacry (also known as wanna decryptor), a 3.3mb "worm like" blackmail virus software, is spread by criminals by using the dangerous vulnerability "eternal blue" leaked by NSA (National Security Agency).
the malicious software will scan the TCP 445 port (server message block / SMB) on the computer, Spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600.