Why is there a virtual currency digging virus
Yesterday, I went to the electronic reading room. Not long after I plugged in the USB flash drive, the teacher suddenly asked everyone to unplug the USB flash drive. Some students found that all the files in the USB flash drive could not be opened, and there were two more documents asking for money
so everyone rushed to check, as long as the U disk inserted in the school computer were poisoned, large-scale computer poisoning occurred in the evening
a lot of people's information and graation thesis are in the computer. I really feel that hacker's behavior is disgusting. For the sake of money, regardless of the future of students, teachers' lifelong scientific research achievements...
hope to catch criminals as soon as possible and give them severe punishment by law
this virus will scan windows devices with open 445 file sharing port. As long as the user's device is on the Internet, hackers can implant blackmail software, remote control Trojan horse, virtual currency mining machine and other malicious programs in computers and servers
some security researchers point out that this large-scale network attack seems to be deployed through a worm application, and wannacry can spread among computers. What's more terrible is that unlike most malicious programs, this program can replicate and spread on its own in the network, and most of the current viruses still need to rely on the successful users to spread by cheating them to click the attachment with the attack code
the attack has affected 99 countries and as many as 75000 computers, but because the virus uses anonymous network and bitcoin anonymous transaction to obtain ransom, it is very difficult to track and locate the originator of the virus
in this global computer virus incident, mobile China also received a blackmail. Fortunately, the machine that received the email was a testing machine, which did not affect us. However, it's different for college students in the graation season. The thesis is locked, which is related to graation. So in the face of this outbreak of blackmail virus, how should we deal with it and what protective measures should we take<
first of all, let's understand the characteristics of this virus
the computer virus initiated by hackers will encrypt a large number of files on the system into files with. Onion suffix. After poisoning, they are required to pay bitcoin ransom to decrypt and recover the files, causing serious losses to personal data, and anti-virus software cannot decrypt these encrypted files. But we must not listen to the hacker's so-called "give money to decrypt" saying, because hackers do not necessarily keep their promises, in addition, bitcoin is expensive, and it is also a large number for ordinary users< Secondly, we need to pay attention to the background of the virus outbreak.
according to the domestic experts, according to the network security agencies, this is a virus attack event launched by lawless elements using the "eternal blue" leaked from NSA hacker's weapon library“ "Eternal blue" will scan windows machines with open 445 file sharing port, without any user operation. As long as the machine is turned on and connected to the Internet, criminals can plant blackmail software, remote control Trojan horse, virtual currency mining machine and other malicious programs in computers and servers
e to the previous outbreak of worms using port 445 in China, operators have blocked port 445 for indivial users, but the ecation network has no such restriction, and there are still a large number of machines exposing port 445. According to the statistics of relevant institutions, at present, more than 5000 machines in China are attacked by NSA "eternal blue" hacker weapons every day, and the ecation network is the hardest hit area
What are the coping methods
1. Close port 445, and you can search and query by yourself
2. At present, Microsoft has released a patch ms17-010 to fix the system vulnerability of "eternal blue" attack. You can install this patch for your computer as soon as possible
as for XP, 2003 and other Microsoft machines that no longer provide security updates, microblog professionals recommend using "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being attacked by blackmail software and other viruses
it is reported that the virus can spread rapidly in the local area network by taking advantage of the vulnerability of port 445 of windows system, but large local area networks such as schools have not done similar prevention, so it has become the target of attack
the success probability of brute force cracking is 0
a person in bitcoin instry said that bitcoin blackmail virus had existed as early as 2014. This time, the technology used by hackers is more high-end than last time, and the scope of influence is wider, but the identity of hackers is still unclear
moreover, the "variability" of this virus lies in the addition of automatic transmission for windows 445 port. As long as the windows system machine fails to upgrade the latest patch, making port 445 open, the virus can invade the machine
the virus requires the intruder to pay $300 worth of bitcoin ransom within six hours, and then the ransom will rise every other time
some netizens pointed out that it is difficult to crack the virus by violence. If bitcoin blackmail virus wants to crack by violence, the possibility is infinitely small, and it is impossible to complete it by virtue of personal ability
port 445 enables users to easily access all kinds of shared folders or shared printers in the LAN
port 445 gives an opportunity for malicious attackers. The normal home network has been limited by the operators to 445 port access, but the school and other large LAN did not do similar prevention, so it became the target of attack
in this virus attack, most of the domestic students who are affected are in Colleges and universities, and the seniors who are about to graate are affected, and the documents related to the design papers are locked. Many universities, including Shandong University, Nanchang University, Guangxi Normal University and Northeast University of Finance and economics, have issued emergency notices to remind teachers and students to take precautions
this virus is more accurately an encryption method. The virus will encrypt all the key files in the computer and make people pay for the unlock password, but whether the hacker will keep his promise and provide the unlock password is his problem
bitcoin blackmail virus has appeared many times
one of the characteristics of this type of virus is to ask the victim to pay bitcoin as ransom. According to many people in the instry, bitcoin is usually used as a tool for cross-border payment and remittance because of its global characteristics. In addition, as a kind of network encryption virtual currency, bitcoin has the characteristics of decentralization and anonymity. The flow of funds is not easy to track, so it is convenient for hackers to make use of its collection and payment, and it is more convenient for them to hide their identities
"if you transfer money to a hacker, you essentially give him a small string of encrypted codes that can be quickly transmitted on the Internet and stored in an electronic wallet." Some people in the instry told reporters that the anonymity of bitcoin is often the reason why computer fans, financial speculators and even drug dealers are fascinated by it
according to the current attacked computers, hackers ask for a ransom of $300 (about RMB 2069.16) worth of bitcoin for each computer
but the area of this virus infection is very large. If everyone pays the ransom, will malicious attackers be able to unlock it in time? Because it is not clear whether the virus will be unlocked manually or online. If it is handled manually, it is likely that it will be too late to handle. However, online processing is fully automatic. After bitcoin has paid, it will automatically collect money and then issue the unlock code
therefore, it is not recommended that the victim pay a ransom to the hacker, because even if you pay, the hacker may not know which computer you have
it is worth mentioning that the outbreak of bitcoin blackmail virus has pushed bitcoin to the top of the wave again. "Bitcoin virus" has become a hot search keyword, and many bitcoin insiders have expressed their concerns about bitcoin's "stigmatization"“ Good tools should not be blamed because they are used by bad people. " A person in the bitcoin instry said, "bitcoin is bitcoin, virus is virus, injustice has a head, debt has owner, so it is unnecessary to have hostility to bitcoin."
now, the most important thing is that the victims should install the patch released by Microsoft as soon as possible to prevent unfamiliar e-mail, and important files should be backed up to the cloud platform and local offline hard disk
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
Internet security once again because of a large-scale outbreak of computer viruses and caused everyone's attention: bit virus. The emergence of this virus will make the computer's documents locked, hackers to coerce ransom, and most of the places are important units. For example, Chinese universities and British hospitals. The data of these units are very important. Most of the time, the school is not only an ecational unit, many key universities also undertake a lot of scientific research tasks. From a certain point of view, it also shows that hackers are very selective and targeted
Of course, the explanation given by Microsoft said that the virus was an attack against the vulnerability supplemented in March. In a way, hackers are also a test of users' security awareness. Microsoft has added software to the vulnerability in March. From this point of view, the hacker's attack is not brilliant. Because it is through the official patch, and then imagine no patch defects, so as to attack. Hackers also know the update awareness and security awareness of users. Of course, as a domestic company, 360 also seized this opportunity to quickly adjust the security housekeeper to check and kill the virusfrom this point of view, Microsoft's vulnerability supplement is targeted and prescient, and the possible vulnerabilities should be supplemented in time
from the user's point of view, this virus attack is different from the previous one. In the past, it is generally in the form of camouflage and loading to ince customers to take the initiative to download. And this time the virus is mostly spread through the LAN, as long as you boot, the virus will invade. The document cannot be opened normally
if this virus attack has any inspiration for us to use computers and pay attention to Internet security, I think it can be inspired from at least two aspects: the first is to strengthen the security of computer systems, such as using official patches to repair vulnerabilities in time; the other is to install regular anti-virus software, update it in time, and strengthen the firewall
Bitcoin BTC 2009 Satoshi Nakamoto is bitcoin / org ~ $24.3 billion is SHA-256; LTC 2011 coblee is litecoin / org ~ $3.6 billion is script infinite; IFC 2012 ifccion is ifccoin / ORG~$ $20 million is a script quark, qrk 2012, qrkcion is cgbcion / org - $10 million is a script zeta, ZET 2012 zetcony is ZET / org - $10 million is a script proof of work / POS
In the evening of May 12, the wanna cry worm virus broke out in more than 74 countries around the world. At least 45000 machines have been infected. The network system of some colleges and universities in China has become a disaster area, and the network payment system of PetroChina gas station has also been affected
it is reported that the virus can spread rapidly in the local area network by taking advantage of the vulnerability of port 445 of windows system, but large local area networks such as schools have not done similar prevention, so it has become the target of attack
{rrrrrrr}
therefore, it is not recommended that the victim pay ransom to the hacker, because even if you pay, the hacker may not know which computer you have
it is worth mentioning that the outbreak of bitcoin blackmail virus has pushed bitcoin to the top of the wave again. "Bitcoin virus" has become a hot search keyword, and many bitcoin insiders have expressed their concerns about bitcoin's "stigmatization"“ Good tools should not be blamed because they are used by bad people. " A person in the bitcoin instry said, "bitcoin is bitcoin, virus is virus, injustice has a head, debt has owner, so it is unnecessary to have hostility to bitcoin."
now, the most important thing is that victims should install the patch released by Microsoft as soon as possible to prevent strange mail, and important files should be backed up to the cloud platform and local offline hard disk
the capital flow is not easy to track, which is convenient for hackers to use its collection and payment, and more convenient for them to hide their identities
"if you transfer money to a hacker, you essentially give him a small string of encrypted codes that can be quickly transmitted on the Internet and stored in an electronic wallet." Some people in the instry told reporters that the anonymity of bitcoin is often the reason why computer fans, financial speculators and even drug dealers are fascinated by it.
firstly, bitcoin has certain anonymity, which is convenient for hackers to hide their identities; Secondly, it is not subject to geographical restrictions and can collect money on a global scale
at the same time, bitcoin also has the feature of "decentralization", which allows hackers to automatically process victims' ransom through programs
compared with other digital currencies, bitcoin currently has the largest market share and the best liquidity, so it has become the hacker's choice. This is similar to the logic behind the fact that criminals like to use US dollar cash
bitcoin is a network virtual currency born in 2009. It is also the most frequently used virtual currency in the world
starting from the essence of bitcoin, the essence of bitcoin is actually a special solution generated by a bunch of complex algorithms. A special solution is one of the infinite (in fact, bitcoin is finite) solutions that can be obtained from the equations. Every particular solution can solve the equation and is unique. In the metaphor of RMB, bitcoin is the serial number of RMB. If you know the serial number of a note, you have the note. The process of mining is to constantly seek the special solution of the equation system through huge amount of calculation. The equation system is designed to have only 21 million special solutions, so the upper limit of bitcoin is 21 million
the reason why bitcoin is so popular is that it can be accepted, traded and stored by the whole world after it has currency characteristics. It has formed its unique living environment
there are also bitcoin trading platforms in China. After the accident these days, the price has gone up a little
since bitcoin has no issuer and the theoretical total number is 21 million, it has been circulating on the Internet for all kinds of transactions, and there are great hidden dangers. China's attitude towards its development is serious and cautious. Although it is not forbidden, its supervision is very strong
on January 11, 2017, the Shanghai headquarters of the people's Bank of China and the Shanghai Municipal Finance Office carried out on-site inspection of bitcoin China, focusing on whether the enterprise carried out credit, payment, exchange and other related businesses without permission or license; Implementation of anti money laundering system; Fund security risks, etc. On January 12, 2017, the business management department of the people's Bank of China also entered the trading platforms such as "fire coin net" and "currency bank" in Beijing.