virus
Publish: 2021-04-21 16:32:18
1. In the evening of May 12, the wanna cry worm virus broke out in more than 74 countries around the world. At least 45000 machines have been infected. The network system of some colleges and universities in China has become a disaster area, and the network payment system of PetroChina gas station has also been affected
it is reported that the virus can spread rapidly in the local area network by taking advantage of the vulnerability of port 445 of windows system, but large local area networks such as schools have not done similar prevention, so it has become the target of attack
the success probability of brute force cracking is 0
a person in bitcoin instry said that bitcoin blackmail virus had existed as early as 2014. This time, the technology used by hackers is more high-end than last time, and the scope of influence is wider, but the identity of hackers is still unclear
moreover, the "variability" of this virus lies in the addition of automatic transmission for windows 445 port. As long as the windows system machine fails to upgrade the latest patch, making port 445 open, the virus can invade the machine
the virus requires the intruder to pay $300 worth of bitcoin ransom within six hours, and then the ransom will rise every other time
some netizens pointed out that it is difficult to crack the virus by violence. If bitcoin blackmail virus wants to crack by violence, the possibility is infinitely small, and it is impossible to complete it by virtue of personal ability
port 445 enables users to easily access all kinds of shared folders or shared printers in the LAN
port 445 gives an opportunity for malicious attackers. The normal home network has been limited by the operators to 445 port access, but the school and other large LAN did not do similar prevention, so it became the target of attack
in this virus attack, most of the domestic students who are affected are in Colleges and universities, and the seniors who are about to graate are affected, and the documents related to the design papers are locked. Many universities, including Shandong University, Nanchang University, Guangxi Normal University and Northeast University of Finance and economics, have issued emergency notices to remind teachers and students to take precautions
this virus is more accurately an encryption method. The virus will encrypt all the key files in the computer and make people pay for the unlock password, but whether the hacker will keep his promise and provide the unlock password is his problem
bitcoin blackmail virus has appeared many times
one of the characteristics of this type of virus is to ask the victim to pay bitcoin as ransom. According to many people in the instry, bitcoin is usually used as a tool for cross-border payment and remittance because of its global characteristics. In addition, as a kind of network encryption virtual currency, bitcoin has the characteristics of decentralization and anonymity. The flow of funds is not easy to track, so it is convenient for hackers to make use of its collection and payment, and it is more convenient for them to hide their identities
"if you transfer money to a hacker, you essentially give him a small string of encrypted codes that can be quickly transmitted on the Internet and stored in an electronic wallet." Some people in the instry told reporters that the anonymity of bitcoin is often the reason why computer fans, financial speculators and even drug dealers are fascinated by it
according to the current attacked computers, hackers ask for a ransom of $300 (about RMB 2069.16) worth of bitcoin for each computer
but the area of this virus infection is very large. If everyone pays the ransom, will malicious attackers be able to unlock it in time? Because it is not clear whether the virus will be unlocked manually or online. If it is handled manually, it is likely that it will be too late to handle. However, online processing is fully automatic. After bitcoin has paid, it will automatically collect money and then issue the unlock code
therefore, it is not recommended that the victim pay a ransom to the hacker, because even if you pay, the hacker may not know which computer you have
it is worth mentioning that the outbreak of bitcoin blackmail virus has pushed bitcoin to the top of the wave again. "Bitcoin virus" has become a hot search keyword, and many bitcoin insiders have expressed their concerns about bitcoin's "stigmatization"“ Good tools should not be blamed because they are used by bad people. " A person in the bitcoin instry said, "bitcoin is bitcoin, virus is virus, injustice has a head, debt has owner, so it is unnecessary to have hostility to bitcoin."
now, the most important thing is that the victims should install the patch released by Microsoft as soon as possible to prevent unfamiliar e-mail, and important files should be backed up to the cloud platform and local offline hard disk
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
it is reported that the virus can spread rapidly in the local area network by taking advantage of the vulnerability of port 445 of windows system, but large local area networks such as schools have not done similar prevention, so it has become the target of attack
the success probability of brute force cracking is 0
a person in bitcoin instry said that bitcoin blackmail virus had existed as early as 2014. This time, the technology used by hackers is more high-end than last time, and the scope of influence is wider, but the identity of hackers is still unclear
moreover, the "variability" of this virus lies in the addition of automatic transmission for windows 445 port. As long as the windows system machine fails to upgrade the latest patch, making port 445 open, the virus can invade the machine
the virus requires the intruder to pay $300 worth of bitcoin ransom within six hours, and then the ransom will rise every other time
some netizens pointed out that it is difficult to crack the virus by violence. If bitcoin blackmail virus wants to crack by violence, the possibility is infinitely small, and it is impossible to complete it by virtue of personal ability
port 445 enables users to easily access all kinds of shared folders or shared printers in the LAN
port 445 gives an opportunity for malicious attackers. The normal home network has been limited by the operators to 445 port access, but the school and other large LAN did not do similar prevention, so it became the target of attack
in this virus attack, most of the domestic students who are affected are in Colleges and universities, and the seniors who are about to graate are affected, and the documents related to the design papers are locked. Many universities, including Shandong University, Nanchang University, Guangxi Normal University and Northeast University of Finance and economics, have issued emergency notices to remind teachers and students to take precautions
this virus is more accurately an encryption method. The virus will encrypt all the key files in the computer and make people pay for the unlock password, but whether the hacker will keep his promise and provide the unlock password is his problem
bitcoin blackmail virus has appeared many times
one of the characteristics of this type of virus is to ask the victim to pay bitcoin as ransom. According to many people in the instry, bitcoin is usually used as a tool for cross-border payment and remittance because of its global characteristics. In addition, as a kind of network encryption virtual currency, bitcoin has the characteristics of decentralization and anonymity. The flow of funds is not easy to track, so it is convenient for hackers to make use of its collection and payment, and it is more convenient for them to hide their identities
"if you transfer money to a hacker, you essentially give him a small string of encrypted codes that can be quickly transmitted on the Internet and stored in an electronic wallet." Some people in the instry told reporters that the anonymity of bitcoin is often the reason why computer fans, financial speculators and even drug dealers are fascinated by it
according to the current attacked computers, hackers ask for a ransom of $300 (about RMB 2069.16) worth of bitcoin for each computer
but the area of this virus infection is very large. If everyone pays the ransom, will malicious attackers be able to unlock it in time? Because it is not clear whether the virus will be unlocked manually or online. If it is handled manually, it is likely that it will be too late to handle. However, online processing is fully automatic. After bitcoin has paid, it will automatically collect money and then issue the unlock code
therefore, it is not recommended that the victim pay a ransom to the hacker, because even if you pay, the hacker may not know which computer you have
it is worth mentioning that the outbreak of bitcoin blackmail virus has pushed bitcoin to the top of the wave again. "Bitcoin virus" has become a hot search keyword, and many bitcoin insiders have expressed their concerns about bitcoin's "stigmatization"“ Good tools should not be blamed because they are used by bad people. " A person in the bitcoin instry said, "bitcoin is bitcoin, virus is virus, injustice has a head, debt has owner, so it is unnecessary to have hostility to bitcoin."
now, the most important thing is that the victims should install the patch released by Microsoft as soon as possible to prevent unfamiliar e-mail, and important files should be backed up to the cloud platform and local offline hard disk
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
2. Wannacry (also known as wanna decryptor), a kind of "worm like" blackmail virus software, with a size of 3.3mb, is spread by criminals using the dangerous vulnerability "eternal blue" leaked by NSA (National Security Agency)
the malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, which cancelled the kill switch and spread faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted.
the malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, which cancelled the kill switch and spread faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted.
3. The device that has been infected with the virus is reinstalled. Delete all disks and recreate them
4. In short, blackmail virus is a computer virus that uses Windows system vulnerability to maliciously encrypt user files and then extort money < / UL >
{rrrrrrr}
10
(3) in view of the current technical means, if blackmail virus can not be solved, it can only be completely formatted, Then, the system is reinstalled and the system vulnerability patch is made to prevent the secondary poisoning
5. What is blackmail virus< Different from other similar blackmail viruses, wannacry virus is a kind of worm that can infect other computers automatically and spread rapidly e to chain reaction
2. This kind of blackmail virus mainly infects windows system. It will use encryption technology to lock files, forbid users to access, and blackmail users
3. The attacker claimed that he could only unlock the file after asking for more than $300 worth of bitcoin. In fact, even if the ransom is paid, it may not be able to unlock the file
Why are they infected
once the blackmail worm attacks a user machine that can connect to the public network, it will scan the IP of the intranet and the public network. If the scanned IP has opened port 445, it will use the "enternal blue" vulnerability to install the back door. Once the backdoor is executed, a blackmailer virus named wana crypt0r will be released to encrypt all documents and files on the user's machine for blackmail
why use bitcoin
bitcoin is a kind of point-to-point network payment system and virtual pricing tool, commonly known as digital currency. Bitcoin is popular among cyber criminals because it is decentralized, unregulated and almost untraceable< Background of transmission and infection
this round of blackmailer worm virus mainly includes two family variants onion and wncry, which first broke out in Britain, Russia and other countries, and many enterprises and medical institutions were recruited in the system, resulting in heavy losses
global monitoring of security agencies has found that as many as 74 countries have suffered this blackmailer worm attack
since May 12, the spread of infection in China has also begun to increase sharply, and the outbreak has been intensified in many universities and enterprises
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
2. This kind of blackmail virus mainly infects windows system. It will use encryption technology to lock files, forbid users to access, and blackmail users
3. The attacker claimed that he could only unlock the file after asking for more than $300 worth of bitcoin. In fact, even if the ransom is paid, it may not be able to unlock the file
Why are they infected
once the blackmail worm attacks a user machine that can connect to the public network, it will scan the IP of the intranet and the public network. If the scanned IP has opened port 445, it will use the "enternal blue" vulnerability to install the back door. Once the backdoor is executed, a blackmailer virus named wana crypt0r will be released to encrypt all documents and files on the user's machine for blackmail
why use bitcoin
bitcoin is a kind of point-to-point network payment system and virtual pricing tool, commonly known as digital currency. Bitcoin is popular among cyber criminals because it is decentralized, unregulated and almost untraceable< Background of transmission and infection
this round of blackmailer worm virus mainly includes two family variants onion and wncry, which first broke out in Britain, Russia and other countries, and many enterprises and medical institutions were recruited in the system, resulting in heavy losses
global monitoring of security agencies has found that as many as 74 countries have suffered this blackmailer worm attack
since May 12, the spread of infection in China has also begun to increase sharply, and the outbreak has been intensified in many universities and enterprises
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
6. Only the Barry underground can collect ore. But in the seaside can collect ore fragments, such as Kela coast, eluk waterfall gold panning, etc. Ore fragments have the same function as ore, and occupy less lattice than ore, so it is easy to obtain, so now few people go to Bari underground mining.
7. One of the characteristics of this type of virus is that it requires the victim to pay bitcoin as a ransom. According to many people in the instry, bitcoin is usually used as a tool for cross-border payment and remittance because of its global characteristics. In addition, as a kind of network encryption virtual currency, bitcoin has the characteristics of decentralization and anonymity,
the capital flow is not easy to track, which is convenient for hackers to use its collection and payment, and more convenient for them to hide their identities
"if you transfer money to a hacker, you essentially give him a small string of encrypted codes that can be quickly transmitted on the Internet and stored in an electronic wallet." Some people in the instry told reporters that the anonymity of bitcoin is often the reason why computer fans, financial speculators and even drug dealers are fascinated by it.
the capital flow is not easy to track, which is convenient for hackers to use its collection and payment, and more convenient for them to hide their identities
"if you transfer money to a hacker, you essentially give him a small string of encrypted codes that can be quickly transmitted on the Internet and stored in an electronic wallet." Some people in the instry told reporters that the anonymity of bitcoin is often the reason why computer fans, financial speculators and even drug dealers are fascinated by it.
8. In recent days, massive blackmail worm attacks have rapidly spread to more than 100 countries and regions around the world. The virus locks user data and computer files until the user pays a ransom of $300-600 worth of bitcoin. It is unprecedented for hackers to blackmail global computer users on such a large scale, which can be regarded as a threat to the whole world
specific behaviors and prevention methods
today we will have a deep understanding of what kind of virus this virus is, how it spreads, and why it causes such serious consequences<
the virus originated from the network weapon library leaked by the US National Security Agency (NSA) in the early stage
the "wannacry" virus spreading all over the world belongs to the worm type blackmail software, which actively infects the victims by using the windows vulnerability (known as "eternal blue") numbered ms17-010. Previously, the US National Security Agency (NSA) controlled almost all the banks and financial institutions in the Middle East through the "eternal blue" weapon
because this vulnerability information was leaked and exploited by hackers, it led to this global virus spreading event<
extortion worm virus broke out three times in four days, variant
version 0.1: hackers spread through network weapons, blackmail users, no worm function
version 1.0: worm function, large-scale spread, main spread from May 12 to May 14
version 2.0: blackmail virus, replacing and canceling the "suicide switch". The so-called "suicide switch" is a "switch" set by virus authors in order to prevent the outbreak of worms out of control. If a specific domain name is registered, it will not continue to be infected. On May 14, version 2.0 changed the switch domain name and was soon registered. On May 14, the second variant of blackmail virus 2.0 cancelled the suicide switch and continued to spread
regarding the current spread of the virus, sun Xiaojun, the person in charge of 360 security procts, said: from the perspective of indivial users, the infection rate of blackmail worm has slowed down. Among the 500 million users of 360 security guard, the vast majority of users repaired the vulnerability in March and were not affected. About 200000 users who did not patch their computers were attacked by viruses and almost all of them were intercepted
what lessons should we learn from the rampant blackmail worm incident
network security experts say: this virus exploits a vulnerability of Microsoft, which Microsoft has released a patch in March this year to fix. But some of our users are not in the habit of patching and did not fix the vulnerability in time, which led to the computer being attacked
the blackmail virus attack has once again sounded the alarm of network security. The rapid development of Internet and other information technology has brought great benefits to people, but also unprecedented network security challenges
it is suggested that we should pay attention to network security issues, install security protection software in time, upgrade security patches of operating system and various applications in time, set high security password and change it regularly, do not download and install application software with unknown origin, and take backup measures for particularly important data.
specific behaviors and prevention methods
today we will have a deep understanding of what kind of virus this virus is, how it spreads, and why it causes such serious consequences<
the virus originated from the network weapon library leaked by the US National Security Agency (NSA) in the early stage
the "wannacry" virus spreading all over the world belongs to the worm type blackmail software, which actively infects the victims by using the windows vulnerability (known as "eternal blue") numbered ms17-010. Previously, the US National Security Agency (NSA) controlled almost all the banks and financial institutions in the Middle East through the "eternal blue" weapon
because this vulnerability information was leaked and exploited by hackers, it led to this global virus spreading event<
extortion worm virus broke out three times in four days, variant
version 0.1: hackers spread through network weapons, blackmail users, no worm function
version 1.0: worm function, large-scale spread, main spread from May 12 to May 14
version 2.0: blackmail virus, replacing and canceling the "suicide switch". The so-called "suicide switch" is a "switch" set by virus authors in order to prevent the outbreak of worms out of control. If a specific domain name is registered, it will not continue to be infected. On May 14, version 2.0 changed the switch domain name and was soon registered. On May 14, the second variant of blackmail virus 2.0 cancelled the suicide switch and continued to spread
regarding the current spread of the virus, sun Xiaojun, the person in charge of 360 security procts, said: from the perspective of indivial users, the infection rate of blackmail worm has slowed down. Among the 500 million users of 360 security guard, the vast majority of users repaired the vulnerability in March and were not affected. About 200000 users who did not patch their computers were attacked by viruses and almost all of them were intercepted
what lessons should we learn from the rampant blackmail worm incident
network security experts say: this virus exploits a vulnerability of Microsoft, which Microsoft has released a patch in March this year to fix. But some of our users are not in the habit of patching and did not fix the vulnerability in time, which led to the computer being attacked
the blackmail virus attack has once again sounded the alarm of network security. The rapid development of Internet and other information technology has brought great benefits to people, but also unprecedented network security challenges
it is suggested that we should pay attention to network security issues, install security protection software in time, upgrade security patches of operating system and various applications in time, set high security password and change it regularly, do not download and install application software with unknown origin, and take backup measures for particularly important data.
Hot content