Bitcoin virus blackmail development
In my opinion, I don't know if it's right. We still need criticism and correction. I don't think this virus has anything to do with which way you use to access the Internet, and it also has nothing to do with which kind of computer (PC or laptop) you use. He mainly aims at some loopholes in the Current Windows operating system. We all know that when a software is downloaded, it must have the highest administrator authority to install the software on this computer. This should be a security policy of the computer operating system. However, there are loopholes in everything, and the operating system is no exception. For example, this virus outbreak, in fact, the patch was released as early as March, but many users didn't pay attention to it and didn't fix it. So, now as long as you are connected to the network, and the system vulnerability is not repaired in time, you can scan the port, use the vulnerability of a port, directly install the encryption software (virus) to your computer in the background, and encrypt your important files, so as to achieve the purpose of blackmail. So it's better not to turn off the self-renewal function of windows for convenience. At the same time, it's also recommended to turn off some ports that are not often used but are very dangerous, such as 445, 135, 137, 138 and 139—— Finally, WiFi is just a way to access the Internet. It can also spread viruses. So, quickly update and patch it .... There is also a video here. I think it's very good, but I don't know if I can watch it http://weibo.com/tv/v/?fid=1034 :
In fact, the recent wncry virus is not the first time that blackmail software has become powerful. Not long ago, Android system also appeared a blackmail software, mobile phone encryption after ransom. After the software was checked and killed, it soon made a comeback with an upgraded version. This new version of blackmail software infects files with a random key, and even attackers don't know how to unlock it. Even users pay ransom in vain
we can see that with the continuous development of IT technology, although there are many IT employees, the main employees are mainly concentrated in the fields of mobile platform, cloud and artificial intelligence, and the most popular programming language has graally evolved from C and C + + for underlying operation to managed Java or even go language for modeling. The field of information security is a technology that directly faces the bottom. Fewer and fewer people are engaged in the bottom programming, which means that the number of practitioners of information security is getting smaller and smaller. The direct consequence of this phenomenon is that the backward technology can attack the advanced technology in the network world, which is very similar to the invasion of advanced civilization by the backward barbarians in human society. The recent outbreak of wncry virus may come from North Korea, which also confirms this trend from the side. Some organizations and even countries are not qualified to engage in high-end technology, but the virus they write can spread all over the world. Blackmailer software has further expanded the scope of attack, such as online games, smart cars and wearable devices have a large number of leaks. Reviewing the history of such software can be roughly divided into the following stages
from the current situation, there is no sign of easing the bifurcations of bitcoin, but the emergence of bitcoin ETF and wncry virus has pushed the price of bitcoin to new highs. Personally, I think the short-term rate of bitcoin will probably exceed 20000 RMB. However, considering that there is not all the competition for bifurcations among varieties such as lightcoin, from the perspective of investment, if bitcoin falls again e to the competition for bifurcations, it is actually good for lightcoin. Therefore, if some readers hold a lot of bitcoin and do not want to sell it, You can consider hedging with long Leyte
from the perspective of information security, the bifurcation problem is likely to affect bitcoin's status as a ransom for blackmail virus. The author thinks that the virus accepting Wright coin and ether coin as ransom will be born soon
however, blockchain currencies are more or less troubled by processing speed, and the encryption algorithm is not easy to upgrade. In the long run, the risk is relatively high, and the signs of short-term price manipulation are relatively obvious. If the psychological enrance is not strong, just watch their running track
it is reported that the virus can spread rapidly in the local area network by taking advantage of the vulnerability of port 445 of windows system, but large local area networks such as schools have not done similar prevention, so it has become the target of attack
the success probability of brute force cracking is 0
a person in bitcoin instry said that bitcoin blackmail virus had existed as early as 2014. This time, the technology used by hackers is more high-end than last time, and the scope of influence is wider, but the identity of hackers is still unclear
moreover, the "variability" of this virus lies in the addition of automatic transmission for windows 445 port. As long as the windows system machine fails to upgrade the latest patch, making port 445 open, the virus can invade the machine
the virus requires the intruder to pay $300 worth of bitcoin ransom within six hours, and then the ransom will rise every other time
some netizens pointed out that it is difficult to crack the virus by violence. If bitcoin blackmail virus wants to crack by violence, the possibility is infinitely small, and it is impossible to complete it by virtue of personal ability
port 445 enables users to easily access all kinds of shared folders or shared printers in the LAN
port 445 gives an opportunity for malicious attackers. The normal home network has been limited by the operators to 445 port access, but the school and other large LAN did not do similar prevention, so it became the target of attack
in this virus attack, most of the domestic students who are affected are in Colleges and universities, and the seniors who are about to graate are affected, and the documents related to the design papers are locked. Many universities, including Shandong University, Nanchang University, Guangxi Normal University and Northeast University of Finance and economics, have issued emergency notices to remind teachers and students to take precautions
this virus is more accurately an encryption method. The virus will encrypt all the key files in the computer and make people pay for the unlock password, but whether the hacker will keep his promise and provide the unlock password is his problem
bitcoin blackmail virus has appeared many times
one of the characteristics of this type of virus is to ask the victim to pay bitcoin as ransom. According to many people in the instry, bitcoin is usually used as a tool for cross-border payment and remittance because of its global characteristics. In addition, as a kind of network encryption virtual currency, bitcoin has the characteristics of decentralization and anonymity. The flow of funds is not easy to track, so it is convenient for hackers to make use of its collection and payment, and it is more convenient for them to hide their identities
"if you transfer money to a hacker, you essentially give him a small string of encrypted codes that can be quickly transmitted on the Internet and stored in an electronic wallet." Some people in the instry told reporters that the anonymity of bitcoin is often the reason why computer fans, financial speculators and even drug dealers are fascinated by it
according to the current attacked computers, hackers ask for a ransom of $300 (about RMB 2069.16) worth of bitcoin for each computer
but the area of this virus infection is very large. If everyone pays the ransom, will malicious attackers be able to unlock it in time? Because it is not clear whether the virus will be unlocked manually or online. If it is handled manually, it is likely that it will be too late to handle. However, online processing is fully automatic. After bitcoin has paid, it will automatically collect money and then issue the unlock code
therefore, it is not recommended that the victim pay a ransom to the hacker, because even if you pay, the hacker may not know which computer you have
it is worth mentioning that the outbreak of bitcoin blackmail virus has pushed bitcoin to the top of the wave again. "Bitcoin virus" has become a hot search keyword, and many bitcoin insiders have expressed their concerns about bitcoin's "stigmatization"“ Good tools should not be blamed because they are used by bad people. " A person in the bitcoin instry said, "bitcoin is bitcoin, virus is virus, injustice has a head, debt has owner, so it is unnecessary to have hostility to bitcoin."
now, the most important thing is that the victims should install the patch released by Microsoft as soon as possible to prevent unfamiliar e-mail, and important files should be backed up to the cloud platform and local offline hard disk
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
{rrrrrrr}
10
(3) in view of the current technical means, if blackmail virus can not be solved, it can only be completely formatted, Then, the system is reinstalled and the system vulnerability patch is made to prevent the secondary poisoning
Once the computer is infected with this bitcoin blackmail virus, all the file data on the computer will be forcibly encrypted. If it is not delivered in the form of bitcoin to the virus maker & lt; Ransom;, Then these files can't be decrypted and retrieved. Even if the ransom is paid this time, they may be decrypted next time; Patronize & quot& mdash;& mdash; That is to say, this virus is very important to & lt; Pay attention to data & quot; It's hard to estimate the harm that can be caused by the users, especially the enterprise users
How to avoid the harm of bitcoin blackmail virus< p> As soon as bitcoin blackmail virus came into being, it immediately caused an uproar around the world. Major network security organizations and well-known anti-virus software began to pay attention to this problemthere is a lot about & lt; Manually set the firewall to close the sensitive port of the computer, so as to resist the bitcoin blackmail virus; But this kind of method is more suitable for those who know computer better; Non white people;, For example, for a third rate programmer like me, this method is more suitable for me. I can't even use antivirus software
but for the general public, it may be necessary to deal with it in a simpler way
it has been several years since the advent of bitcoin extortion virus. In order to help users' computers fight against bitcoin extortion virus attacks, many anti-virus software have certain defense mechanisms. For example, 360 launched a & lt; Anti blackmail service;, If your data is encrypted by bitcoin extortion virus when 360 is installed on your computer, 360 will compensate for your ransom and recover your data
users who don't know how to use computers can choose to install anti-virus software to defend you against such viruses, but it depends on their hobbies to choose which one
2. This kind of blackmail virus mainly infects windows system. It will use encryption technology to lock files, forbid users to access, and blackmail users
3. The attacker claimed that he could only unlock the file after asking for more than $300 worth of bitcoin. In fact, even if the ransom is paid, it may not be able to unlock the file
Why are they infected
once the blackmail worm attacks a user machine that can connect to the public network, it will scan the IP of the intranet and the public network. If the scanned IP has opened port 445, it will use the "enternal blue" vulnerability to install the back door. Once the backdoor is executed, a blackmailer virus named wana crypt0r will be released to encrypt all documents and files on the user's machine for blackmail
why use bitcoin
bitcoin is a kind of point-to-point network payment system and virtual pricing tool, commonly known as digital currency. Bitcoin is popular among cyber criminals because it is decentralized, unregulated and almost untraceable< Background of transmission and infection
this round of blackmailer worm virus mainly includes two family variants onion and wncry, which first broke out in Britain, Russia and other countries, and many enterprises and medical institutions were recruited in the system, resulting in heavy losses
global monitoring of security agencies has found that as many as 74 countries have suffered this blackmailer worm attack
since May 12, the spread of infection in China has also begun to increase sharply, and the outbreak has been intensified in many universities and enterprises
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
first dig a very deep place, preferably more than ten layers above the bedrock, and then, like in the picture, dig a corridor first, and then dig the corridor every two squares in a carpet style. Generally, you can dig some good mines. Also, don't use a low-grade chisel to dig high-grade ore, it won't drop things. Gold and diamond mines can only be g with iron. In addition, please ignore the red ore, red stone in PE version is just useless box.
At the beginning, I heard that it was so serious all of a sudden. As a practitioner, I really had a sense of fear. Once it spread in my scope, it would cause endless trouble to my work. Moreover, some phenomena were exaggerated in the report, such as unnecessary operation and automatic infection of virus. I don't know how this principle came about. Is it a myth of network technology, Viruses, Trojans and malware become uncontrollable demons
"eternal blue virus" can scan windows machines with open 445 file sharing port to implant malicious programs. There are no absolutely safe operating systems in the world. They are all early systems of foreigners. Besides, there are no flawless things in the world. I have to learn more and take good precautions. I am engaged in enterprise information and security work. I know the dangers of viruses, Trojans and malicious programs, and I can't help the panda who gets up early to burn incense. There are a lot of solutions, but some people are still poisoned
how to shut down ports 445, 135, 137, 138 and 139 and turn off network sharing can also avoid winning. The method is as follows:
run, input "dcomcnfg", right-click "my computer" on the right of "computer" option, and select "properties". In the default properties tab of my computer properties dialog box, remove the check before "enable Distributed COM on this computer", select the default protocol tab, select "connection oriented TCP / IP", click "delete" button,
Close ports 135, 137 and 138: right click the network neighbor to select properties, On the new connection, right-click to select properties, and then select the network tab to remove the check boxes of Microsoft network file and printer sharing and Microsoft network client. In this way, ports 135, 137 and 138 on the shared end are closed
Close port 139: Port 139 is a NetBIOS session port for file and print sharing. The way to close 139 is to select "Internet Protocol (TCP / IP)" attribute in "local connection" in "network and dial-up connection", enter "advanced TCP / IP settings" and "disable TCP / IP NetBIOS" in "wins settings", and check to close 139 port
Close port 445: start - run, input regedit. After confirming, locate to HKEY_ LOCAL_ Machine, system, currentcontrolset, services, NetBt, parameters, create a new DWORD value named smbdeviceenabled, and set it to 0 to close port 445
whether practitioners or ordinary users, it is a difficult problem to face the virus Trojan horse vulnerability and malicious code. How to ensure their own safety is to take action in advance, take precautions, keep the safety warning in mind, and do not surf the Internet, operate or click randomly. There are so many bad guys that it is impossible to prevent them. Then the whole society should take action to make the virus and bad guys have no place to hide