Bitcoin virus text content
Yesterday, I went to the electronic reading room. Not long after I plugged in the USB flash drive, the teacher suddenly asked everyone to unplug the USB flash drive. Some students found that all the files in the USB flash drive could not be opened, and there were two more documents asking for money
so everyone rushed to check, as long as the U disk inserted in the school computer were poisoned, large-scale computer poisoning occurred in the evening
a lot of people's information and graation thesis are in the computer. I really feel that hacker's behavior is disgusting. For the sake of money, regardless of the future of students, teachers' lifelong scientific research achievements...
hope to catch criminals as soon as possible and give them severe punishment by law
this virus will scan windows devices with open 445 file sharing port. As long as the user's device is on the Internet, hackers can implant blackmail software, remote control Trojan horse, virtual currency mining machine and other malicious programs in computers and servers
some security researchers point out that this large-scale network attack seems to be deployed through a worm application, and wannacry can spread among computers. What's more terrible is that unlike most malicious programs, this program can replicate and spread on its own in the network, and most of the current viruses still need to rely on the successful users to spread by cheating them to click the attachment with the attack code
the attack has affected 99 countries and as many as 75000 computers, but because the virus uses anonymous network and bitcoin anonymous transaction to obtain ransom, it is very difficult to track and locate the originator of the virus
The virus in the "bitcoin virus" incident is known as "ransomware". By encrypting the files in the victim's computer, you can't open them completely to ask for ransom. This is a virus attack launched by lawless elements by using "eternal blue" leaked from NSA hacker's weapon library. It does not need any operation of users. As long as it is turned on and connected to the Internet, lawless elements can implant blackmail software into computers and servers
What's more terrible is that this is just the beginning. Now this blackmail virus has spread to all over the world, including many colleges and universities in China. You can see many students on the Internet showing pictures of their computers being attacked. I have to say that hackers are really well intentioned, even in simplified Chinese
1. Install the latest security patch for your computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immune tool" to detect whether there are loopholes in the system, and close the ports affected by the loopholes, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP or windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
the malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, which cancelled the kill switch and spread faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted
at present, the security instry has not been able to effectively break the malicious encryption behavior of the blackmail software. Brad Smith, President and chief legal officer of Microsoft, said that the U.S. national security agency did not disclose more security vulnerabilities, which gave criminal organizations an opportunity to take advantage of, and eventually brought the blackmail virus that attacked 150 countries this time
data reference: Network
Evgeniy Mikhailovich bogachev, the author of the bitcoin blackmailer Trojan family, is a Russian hacker, Reuters reported
according to the official website of the US Federal Bureau of investigation (FBI), bogchev ranks second in the list of the top 10 most wanted hackers of the FBI and is the leader of a cyber criminal group
on August 22, 2012, bogchev was charged by the federal grand jury of Nebraska with the nickname "lucky 12345", including conspiracy to commit bank fraud, computer fraud and identity theft. On May 19, 2014, he was once again accused by the US Court of computer fraud, bank fraud, money laundering, telecommunications fraud and other charges. On May 30, 2014, his nickname "lucky 12345" was charged for the third time with conspiracy to commit bank fraud
according to the FBI investigation, bogchev's "terminator Zeus" Trojan horse virus and "bitcoin blackmailer" blackmail virus alone have infected more than one million computers in 12 countries and caused economic losses of more than 100 million US dollars
the FBI offered a huge reward for the arrest of bogchev. According to the reward order, those arrested for providing key information will receive a reward of $3 million, which is also the highest reward offered by the United States in the fight against cybercrime
according to the introction, when the Trojan horse first paid for bitcoin, it did not use anonymous network, which led to the exposure of the server, and the identity of the author of the virus was found out. Since the disclosure of bogchev's identity, the design of the "bitcoin blackmailer" family Trojan horse has become increasingly cunning, and the bitcoin payment link has been changed to Tor (onion network), which makes it more difficult for the police to arrest bogchev
to protect computer virus, just install an antivirus software,
install a computer housekeeper, with real-time protection function,
after it is turned on, it keeps running in the background, so that the virus will be automatically found and deleted when it enters the computer
2. If you can't kill the virus, after backing up the important data, boot with the system disk, then format the computer partition, re install the system, and install the corresponding official system patch (kb4012598).