Blackmail bitcoin virus source code

4. 1. You can install a computer manager on your computer, and then open the toolbox to find the document Guardian
3. Through this function, there is a file recovery function to recover the files deleted or encrypted by blackmail virus

5. Download and install "offline disaster relief version" 360 security guard, which integrates NSA weapon library immunity tool, which can monitor and repair system vulnerabilities, and "file recovery" tool, which can try to decrypt after winning.

6. Wannacry uses the vulnerability of 445 port of Windows operating system to spread, and has the characteristics of self replication and active propagation
after being invaded by the blackmail software, almost all kinds of files such as photos, pictures, documents, audio and video in the user's host system will be encrypted, and the suffix of the encrypted files will be changed to. Wncry, and a blackmail dialog box will pop up on the desktop, asking the victim to pay hundreds of dollars worth of bitcoin to the attacker's bitcoin wallet, And the amount of ransom will increase over time<
types of attacks:
common office files (extensions. PPT,. Doc,. Docx,. Xlsx,. SXi)
are not commonly used, but office file formats (. Sxw,. ODT,. HWP)
compressed documents and media files (. Zip,. Rar,. Tar,. MP4,. MKV)
e-mail and e-mail databases (. EML,. MSG,. OST,. PST . DEB)
database files (. SQL,. Accdb,. MDB,. DBF,. ODB,. MyD)
source code and project files used by developers (. PHP,. Java,. CPP,. PAS,. ASM)
keys and certificates (. Key,. PFX,. PEM,. P12,. CSR,. GPG,. AES)
files used by art designers, artists and photographers (. VSD,. ODG,. Raw,. Nef,. SVG . PSD)
virtual machine files (. VMX,. Vmdk,. VDI)

7.

At the beginning, I heard that it was so serious all of a sudden. As a practitioner, I really had a sense of fear. Once it spread in my scope, it would cause endless trouble to my work. Moreover, some phenomena were exaggerated in the report, such as unnecessary operation and automatic infection of virus. I don't know how this principle came about. Is it a myth of network technology, Viruses, Trojans and malware become uncontrollable demons

"eternal blue virus" can scan windows machines with open 445 file sharing port to implant malicious programs. There are no absolutely safe operating systems in the world. They are all early systems of foreigners. Besides, there are no flawless things in the world. I have to learn more and take good precautions. I am engaged in enterprise information and security work. I know the dangers of viruses, Trojans and malicious programs, and I can't help the panda who gets up early to burn incense. There are a lot of solutions, but some people are still poisoned

how to shut down ports 445, 135, 137, 138 and 139 and turn off network sharing can also avoid winning. The method is as follows:

run, input "dcomcnfg", right-click "my computer" on the right of "computer" option, and select "properties". In the default properties tab of my computer properties dialog box, remove the check before "enable Distributed COM on this computer", select the default protocol tab, select "connection oriented TCP / IP", click "delete" button,

Close ports 135, 137 and 138: right click the network neighbor to select properties, On the new connection, right-click to select properties, and then select the network tab to remove the check boxes of Microsoft network file and printer sharing and Microsoft network client. In this way, ports 135, 137 and 138 on the shared end are closed

Close port 139: Port 139 is a NetBIOS session port for file and print sharing. The way to close 139 is to select "Internet Protocol (TCP / IP)" attribute in "local connection" in "network and dial-up connection", enter "advanced TCP / IP settings" and "disable TCP / IP NetBIOS" in "wins settings", and check to close 139 port

Close port 445: start - run, input regedit. After confirming, locate to HKEY_ LOCAL_ Machine, system, currentcontrolset, services, NetBt, parameters, create a new DWORD value named smbdeviceenabled, and set it to 0 to close port 445

whether practitioners or ordinary users, it is a difficult problem to face the virus Trojan horse vulnerability and malicious code. How to ensure their own safety is to take action in advance, take precautions, keep the safety warning in mind, and do not surf the Internet, operate or click randomly. There are so many bad guys that it is impossible to prevent them. Then the whole society should take action to make the virus and bad guys have no place to hide

8. How to prevent bitcoin extortion virus
1. Don't open strangers or unknown e-mails to prevent attacks through e-mail attachments
2. Try not to click the office macro running prompt to avoid virus infection from office components
3. Download the required software from the official website, do not double-click to open. JS,. VBS and other suffix files
4. Upgrade NGAF to the latest anti-virus and other security features library
5. Upgrade the anti-virus software to the latest anti-virus library to prevent the attack of existing virus samples
6. Regularly back up important data and files in different places, and recover them in case of virus< According to the characteristics of the blackmail virus, we can judge that its variants can usually hide features, but can not hide its key behavior. After summarizing, the behavior of the blackmail virus in the process of running mainly includes the following aspects:
1. HTTP request through script file; 2
2. Download files through script files
3. Read remote server files
4. Collect computer information
5. Traverse the file
6. Call the encryption algorithm library.

9. This blackmail virus has a very romantic name, wanna crypt (eternal blue), also known as "want to cry". However, it is such a blackmail virus that affects nearly 100 countries around the world, including the British medical system, the express company FedEx and the Russian Telecom Company megafon

in order to expand the success of the war, the organization behind the blackmail virus will only decrypt the documents after collecting 300 yuan ransom from the victims. If the ransom is not paid in three days, it will rise to 600 US dollars; Seven days later, if you don't pay the ransom, you tear up the ticket; But for those who haven't paid in half a year, they will draw lottery. Blackmail virus uses one machine and one secret. After payment, the corresponding code is sent to the virus author through anonymous network. After verification, the file can be decrypted< Since the blackmail virus broke out on May 12, more than 99 countries, institutions and indivials have been attacked. Under the blessing of 360 security guard, the vast majority of 500 million users have fixed the vulnerability in March and will not be affected; There are about 200000 users whose computers have not been patched and have been attacked by viruses, and almost all of them have been intercepted. It highlights the responsibility of 360 security guards in an emergency

10. Bitcoin virus is a virus spread by using Microsoft Windows "eternal blue" vulnerability for the purpose of extorting bitcoin. The most important thing is to prevent the virus if there is no virus. We can take measures such as closing port 445, patching windows, installing immune tools, and killing the virus with anti-virus software; The most important thing is to recover the encrypted files. I personally tested the data recovery software to be effective, and released the video of recovering the infected data. You can watch it in Youku search "recover the files encrypted by wannacry blackmailer virus". Although the file encryption has no key and can't be recovered by any algorithm, the source files deleted by the virus in the disk can be recovered, It is suggested to use master Tu's data recovery software for recovery. The official provides a free registration code for the students who are recruited by blackmail virus: tudrzyujt5h8cbwt5wlz, hoping to help more people