Bitcoin virus hit area
Yesterday, I went to the electronic reading room. Not long after I plugged in the USB flash drive, the teacher suddenly asked everyone to unplug the USB flash drive. Some students found that all the files in the USB flash drive could not be opened, and there were two more documents asking for money
so everyone rushed to check, as long as the U disk inserted in the school computer were poisoned, large-scale computer poisoning occurred in the evening
a lot of people's information and graation thesis are in the computer. I really feel that hacker's behavior is disgusting. For the sake of money, regardless of the future of students, teachers' lifelong scientific research achievements...
hope to catch criminals as soon as possible and give them severe punishment by law
this virus will scan windows devices with open 445 file sharing port. As long as the user's device is on the Internet, hackers can implant blackmail software, remote control Trojan horse, virtual currency mining machine and other malicious programs in computers and servers
some security researchers point out that this large-scale network attack seems to be deployed through a worm application, and wannacry can spread among computers. What's more terrible is that unlike most malicious programs, this program can replicate and spread on its own in the network, and most of the current viruses still need to rely on the successful users to spread by cheating them to click the attachment with the attack code
the attack has affected 99 countries and as many as 75000 computers, but because the virus uses anonymous network and bitcoin anonymous transaction to obtain ransom, it is very difficult to track and locate the originator of the virus
in this global computer virus incident, mobile China also received a blackmail. Fortunately, the machine that received the email was a testing machine, which did not affect us. However, it's different for college students in the graation season. The thesis is locked, which is related to graation. So in the face of this outbreak of blackmail virus, how should we deal with it and what protective measures should we take<
first of all, let's understand the characteristics of this virus
the computer virus initiated by hackers will encrypt a large number of files on the system into files with. Onion suffix. After poisoning, they are required to pay bitcoin ransom to decrypt and recover the files, causing serious losses to personal data, and anti-virus software cannot decrypt these encrypted files. But we must not listen to the hacker's so-called "give money to decrypt" saying, because hackers do not necessarily keep their promises, in addition, bitcoin is expensive, and it is also a large number for ordinary users< Secondly, we need to pay attention to the background of the virus outbreak.
according to the domestic experts, according to the network security agencies, this is a virus attack event launched by lawless elements using the "eternal blue" leaked from NSA hacker's weapon library“ "Eternal blue" will scan windows machines with open 445 file sharing port, without any user operation. As long as the machine is turned on and connected to the Internet, criminals can plant blackmail software, remote control Trojan horse, virtual currency mining machine and other malicious programs in computers and servers
e to the previous outbreak of worms using port 445 in China, operators have blocked port 445 for indivial users, but the ecation network has no such restriction, and there are still a large number of machines exposing port 445. According to the statistics of relevant institutions, at present, more than 5000 machines in China are attacked by NSA "eternal blue" hacker weapons every day, and the ecation network is the hardest hit area
What are the coping methods
1. Close port 445, and you can search and query by yourself
2. At present, Microsoft has released a patch ms17-010 to fix the system vulnerability of "eternal blue" attack. You can install this patch for your computer as soon as possible
as for XP, 2003 and other Microsoft machines that no longer provide security updates, microblog professionals recommend using "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being attacked by blackmail software and other viruses
The virus in the "bitcoin virus" incident is known as "ransomware". By encrypting the files in the victim's computer, you can't open them completely to ask for ransom. This is a virus attack launched by lawless elements by using "eternal blue" leaked from NSA hacker's weapon library. It does not need any operation of users. As long as it is turned on and connected to the Internet, lawless elements can implant blackmail software into computers and servers
What's more terrible is that this is just the beginning. Now this blackmail virus has spread to all over the world, including many colleges and universities in China. You can see many students on the Internet showing pictures of their computers being attacked. I have to say that hackers are really well intentioned, even in simplified Chinese
Tencent computer housekeeper adopts the technology of checking and killing Tencent cloud, which can forcibly check and kill the latest Trojan horse programs, keep the computer away from the threat of viruses, and protect your computer in real time. It can also protect the Internet pages, system files, USB flash drives, browsers, etc. some viruses even tamper with computer files, All of them can protect your computer from being threatened and give you a clean Internet environment.
specific steps:
1. General search and kill, open Tencent computer manager - virus search and kill
2. Search and kill in safe mode, restart the computer, press F8, the screen displays WinXP system startup menu, press the key to move to "safe mode with command prompt", enter; Find the anti-virus software inside the computer to kill the virus.
Internet security once again because of a large-scale outbreak of computer viruses and caused everyone's attention: bit virus. The emergence of this virus will make the computer's documents locked, hackers to coerce ransom, and most of the places are important units. For example, Chinese universities and British hospitals. The data of these units are very important. Most of the time, the school is not only an ecational unit, many key universities also undertake a lot of scientific research tasks. From a certain point of view, it also shows that hackers are very selective and targeted
Of course, the explanation given by Microsoft said that the virus was an attack against the vulnerability supplemented in March. In a way, hackers are also a test of users' security awareness. Microsoft has added software to the vulnerability in March. From this point of view, the hacker's attack is not brilliant. Because it is through the official patch, and then imagine no patch defects, so as to attack. Hackers also know the update awareness and security awareness of users. Of course, as a domestic company, 360 also seized this opportunity to quickly adjust the security housekeeper to check and kill the virusfrom this point of view, Microsoft's vulnerability supplement is targeted and prescient, and the possible vulnerabilities should be supplemented in time
from the user's point of view, this virus attack is different from the previous one. In the past, it is generally in the form of camouflage and loading to ince customers to take the initiative to download. And this time the virus is mostly spread through the LAN, as long as you boot, the virus will invade. The document cannot be opened normally
if this virus attack has any inspiration for us to use computers and pay attention to Internet security, I think it can be inspired from at least two aspects: the first is to strengthen the security of computer systems, such as using official patches to repair vulnerabilities in time; the other is to install regular anti-virus software, update it in time, and strengthen the firewall
-
many countries suffered from network attacks
< / OL >
on May 12, many countries around the world suffered from large-scale network attacks. After the computers of the attackers were locked, they were required to pay bitcoin to unlock. The spread of malware began in the UK. At present, no hacker organization has claimed the attack
According to a report released by Kaspersky laboratory, a Russian network security enterprise, on the 12th, it was found that 74 countries and regions around the world had suffered the attack, and the actual scope may be wider. The agency said that in the 20 most attacked countries and regions, Russia was far more vulnerable than other victims, and Chinese mainland ranked fifth. p>ZHENG Wenbin said that there has been a worm virus spreading through port 445 in China, so some operators have blocked port 445 for indivial users. However, because the ecation network does not have this restriction, the campus network has become a "disaster area" attacked by blackmail virus
ZHENG Wenbin said that for computer users infected with blackmail virus whose files are encrypted, if they want to get the files back, at present, they can only pay bitcoin, and there is no other better way. But even if they pay bitcoin according to the requirements of criminals, there is no guarantee that they can get the encrypted files back. "We are also trying to find a way, Try to see if you can decrypt the encrypted file, but there is no other way
according to Zheng Wenbin, according to their monitoring, at present, in addition to the ecation network and campus network of some domestic colleges and universities, enterprises have also been affected by viruses, and some civil facilities, such as the computer systems of gas stations, have also been attacked by viruses.