Bitcoin virus extorts content
Publish: 2021-04-25 15:55:45
1.
In my opinion, I don't know if it's right. We still need criticism and correction. I don't think this virus has anything to do with which way you use to access the Internet, and it also has nothing to do with which kind of computer (PC or laptop) you use. He mainly aims at some loopholes in the Current Windows operating system. We all know that when a software is downloaded, it must have the highest administrator authority to install the software on this computer. This should be a security policy of the computer operating system. However, there are loopholes in everything, and the operating system is no exception. For example, this virus outbreak, in fact, the patch was released as early as March, but many users didn't pay attention to it and didn't fix it. So, now as long as you are connected to the network, and the system vulnerability is not repaired in time, you can scan the port, use the vulnerability of a port, directly install the encryption software (virus) to your computer in the background, and encrypt your important files, so as to achieve the purpose of blackmail. So it's better not to turn off the self-renewal function of windows for convenience. At the same time, it's also recommended to turn off some ports that are not often used but are very dangerous, such as 445, 135, 137, 138 and 139—— Finally, WiFi is just a way to access the Internet. It can also spread viruses. So, quickly update and patch it .... There is also a video here. I think it's very good, but I don't know if I can watch it http://weibo.com/tv/v/?fid=1034 :
2. Wannacry (also known as wanna decryptor), a kind of "worm like" blackmail virus software, with a size of 3.3mb, is spread by criminals using the dangerous vulnerability "eternal blue" leaked by NSA (National Security Agency)
the malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, which cancelled the kill switch and spread faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted.
the malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, which cancelled the kill switch and spread faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted.
3. In short, blackmail virus is a computer virus that uses Windows system vulnerability to maliciously encrypt user files and then extort money < / UL >
{rrrrrrr}
10
(3) in view of the current technical means, if blackmail virus can not be solved, it can only be completely formatted, Then, the system is reinstalled and the system vulnerability patch is made to prevent the secondary poisoning
4. What is blackmail virus< Different from other similar blackmail viruses, wannacry virus is a kind of worm that can infect other computers automatically and spread rapidly e to chain reaction
2. This kind of blackmail virus mainly infects windows system. It will use encryption technology to lock files, forbid users to access, and blackmail users
3. The attacker claimed that he could only unlock the file after asking for more than $300 worth of bitcoin. In fact, even if the ransom is paid, it may not be able to unlock the file
Why are they infected
once the blackmail worm attacks a user machine that can connect to the public network, it will scan the IP of the intranet and the public network. If the scanned IP has opened port 445, it will use the "enternal blue" vulnerability to install the back door. Once the backdoor is executed, a blackmailer virus named wana crypt0r will be released to encrypt all documents and files on the user's machine for blackmail
why use bitcoin
bitcoin is a kind of point-to-point network payment system and virtual pricing tool, commonly known as digital currency. Bitcoin is popular among cyber criminals because it is decentralized, unregulated and almost untraceable< Background of transmission and infection
this round of blackmailer worm virus mainly includes two family variants onion and wncry, which first broke out in Britain, Russia and other countries, and many enterprises and medical institutions were recruited in the system, resulting in heavy losses
global monitoring of security agencies has found that as many as 74 countries have suffered this blackmailer worm attack
since May 12, the spread of infection in China has also begun to increase sharply, and the outbreak has been intensified in many universities and enterprises
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
2. This kind of blackmail virus mainly infects windows system. It will use encryption technology to lock files, forbid users to access, and blackmail users
3. The attacker claimed that he could only unlock the file after asking for more than $300 worth of bitcoin. In fact, even if the ransom is paid, it may not be able to unlock the file
Why are they infected
once the blackmail worm attacks a user machine that can connect to the public network, it will scan the IP of the intranet and the public network. If the scanned IP has opened port 445, it will use the "enternal blue" vulnerability to install the back door. Once the backdoor is executed, a blackmailer virus named wana crypt0r will be released to encrypt all documents and files on the user's machine for blackmail
why use bitcoin
bitcoin is a kind of point-to-point network payment system and virtual pricing tool, commonly known as digital currency. Bitcoin is popular among cyber criminals because it is decentralized, unregulated and almost untraceable< Background of transmission and infection
this round of blackmailer worm virus mainly includes two family variants onion and wncry, which first broke out in Britain, Russia and other countries, and many enterprises and medical institutions were recruited in the system, resulting in heavy losses
global monitoring of security agencies has found that as many as 74 countries have suffered this blackmailer worm attack
since May 12, the spread of infection in China has also begun to increase sharply, and the outbreak has been intensified in many universities and enterprises
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
5. Dig bitcoin, the better the performance of the graphics card, the higher the efficiency. What is bitcoin? Please visit the Internet by yourself.
6. Petya blackmail virus is a new type of blackmail virus, which does great harm
you only need to install a computer housekeeper and fix all system vulnerabilities in time.
you can be immune to Petya blackmail virus attacks by not clicking suspicious attachments ring the Internet access
you only need to install a computer housekeeper and fix all system vulnerabilities in time.
you can be immune to Petya blackmail virus attacks by not clicking suspicious attachments ring the Internet access
7. 1. You can install a computer manager on your computer, and then open the toolbox to find the document Guardian
3. Through this function, there is a file recovery function to recover the files deleted or encrypted by blackmail virus
3. Through this function, there is a file recovery function to recover the files deleted or encrypted by blackmail virus
8. 1. Don't give money. Even if you hand it in, you may not be able to recover the data
2. 3. Install anti extortion protection tools, do not visit the website, do not open suspicious mail and files
4. Turn off the computer, including TCP and UDP protocol ports 135 and 445. Pay special attention to win7 system, do not use campus network, nor CMCC
5. If you still can't understand it, cut off the network
[how to prevent bitcoin blackmailer virus] some suggestions on Security:
backup important personal data. Pay attention to personal computer security maintenance, regularly update system patches, safe and reliable antivirus software.
2. 3. Install anti extortion protection tools, do not visit the website, do not open suspicious mail and files
4. Turn off the computer, including TCP and UDP protocol ports 135 and 445. Pay special attention to win7 system, do not use campus network, nor CMCC
5. If you still can't understand it, cut off the network
[how to prevent bitcoin blackmailer virus] some suggestions on Security:
backup important personal data. Pay attention to personal computer security maintenance, regularly update system patches, safe and reliable antivirus software.
9. In recent days, massive blackmail worm attacks have rapidly spread to more than 100 countries and regions around the world. The virus locks user data and computer files until the user pays a ransom of $300-600 worth of bitcoin. It is unprecedented for hackers to blackmail global computer users on such a large scale, which can be regarded as a threat to the whole world
specific behaviors and prevention methods
today we will have a deep understanding of what kind of virus this virus is, how it spreads, and why it causes such serious consequences<
the virus originated from the network weapon library leaked by the US National Security Agency (NSA) in the early stage
the "wannacry" virus spreading all over the world belongs to the worm type blackmail software, which actively infects the victims by using the windows vulnerability (known as "eternal blue") numbered ms17-010. Previously, the US National Security Agency (NSA) controlled almost all the banks and financial institutions in the Middle East through the "eternal blue" weapon
because this vulnerability information was leaked and exploited by hackers, it led to this global virus spreading event<
extortion worm virus broke out three times in four days, variant
version 0.1: hackers spread through network weapons, blackmail users, no worm function
version 1.0: worm function, large-scale spread, main spread from May 12 to May 14
version 2.0: blackmail virus, replacing and canceling the "suicide switch". The so-called "suicide switch" is a "switch" set by virus authors in order to prevent the outbreak of worms out of control. If a specific domain name is registered, it will not continue to be infected. On May 14, version 2.0 changed the switch domain name and was soon registered. On May 14, the second variant of blackmail virus 2.0 cancelled the suicide switch and continued to spread
regarding the current spread of the virus, sun Xiaojun, the person in charge of 360 security procts, said: from the perspective of indivial users, the infection rate of blackmail worm has slowed down. Among the 500 million users of 360 security guard, the vast majority of users repaired the vulnerability in March and were not affected. About 200000 users who did not patch their computers were attacked by viruses and almost all of them were intercepted
what lessons should we learn from the rampant blackmail worm incident
network security experts say: this virus exploits a vulnerability of Microsoft, which Microsoft has released a patch in March this year to fix. But some of our users are not in the habit of patching and did not fix the vulnerability in time, which led to the computer being attacked
the blackmail virus attack has once again sounded the alarm of network security. The rapid development of Internet and other information technology has brought great benefits to people, but also unprecedented network security challenges
it is suggested that we should pay attention to network security issues, install security protection software in time, upgrade security patches of operating system and various applications in time, set high security password and change it regularly, do not download and install application software with unknown origin, and take backup measures for particularly important data.
specific behaviors and prevention methods
today we will have a deep understanding of what kind of virus this virus is, how it spreads, and why it causes such serious consequences<
the virus originated from the network weapon library leaked by the US National Security Agency (NSA) in the early stage
the "wannacry" virus spreading all over the world belongs to the worm type blackmail software, which actively infects the victims by using the windows vulnerability (known as "eternal blue") numbered ms17-010. Previously, the US National Security Agency (NSA) controlled almost all the banks and financial institutions in the Middle East through the "eternal blue" weapon
because this vulnerability information was leaked and exploited by hackers, it led to this global virus spreading event<
extortion worm virus broke out three times in four days, variant
version 0.1: hackers spread through network weapons, blackmail users, no worm function
version 1.0: worm function, large-scale spread, main spread from May 12 to May 14
version 2.0: blackmail virus, replacing and canceling the "suicide switch". The so-called "suicide switch" is a "switch" set by virus authors in order to prevent the outbreak of worms out of control. If a specific domain name is registered, it will not continue to be infected. On May 14, version 2.0 changed the switch domain name and was soon registered. On May 14, the second variant of blackmail virus 2.0 cancelled the suicide switch and continued to spread
regarding the current spread of the virus, sun Xiaojun, the person in charge of 360 security procts, said: from the perspective of indivial users, the infection rate of blackmail worm has slowed down. Among the 500 million users of 360 security guard, the vast majority of users repaired the vulnerability in March and were not affected. About 200000 users who did not patch their computers were attacked by viruses and almost all of them were intercepted
what lessons should we learn from the rampant blackmail worm incident
network security experts say: this virus exploits a vulnerability of Microsoft, which Microsoft has released a patch in March this year to fix. But some of our users are not in the habit of patching and did not fix the vulnerability in time, which led to the computer being attacked
the blackmail virus attack has once again sounded the alarm of network security. The rapid development of Internet and other information technology has brought great benefits to people, but also unprecedented network security challenges
it is suggested that we should pay attention to network security issues, install security protection software in time, upgrade security patches of operating system and various applications in time, set high security password and change it regularly, do not download and install application software with unknown origin, and take backup measures for particularly important data.
10. Wannacry blackmail virus prevention methods:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
Hot content