Blackmail virus has sounded the alarm for the whole world.


Blackmail virus has sounded the alarm for the whole world.

The picture comes from the Internet.

The picture comes from the Internet.

  Cctv news(Reporter Gao Yuting, Wang Jiazhu) Since May 12, an Internet blackmail virus targeting the Windows operating system — "WannaCry" (want to cry) swept the world. At present, 200,000 computers in more than 150 countries and regions have been attacked.

  The destructive power of "wanting to cry" far exceeds the value of ransom.

  "Want to cry" made many people "cry". After being attacked by the virus, the data and documents in the computer were encrypted at the first time. The attackers said that they had to pay 300 dollars worth of bitcoin to unlock it, and some had to pay up to 5 bitcoins to unlock it. As of 15: 22 on May 17th, Beijing time, the highest value of domestic 1 bitcoin was RMB 10,299.90.

  It is understood that computers in hospitals, education, energy, communications, manufacturing, public security and government departments in China are infected.

  Due to the frequent occurrence of worms spreading through port 445 in China, some operators blocked port 445 for individual users. However, the Education Network does not have this restriction, and there are a large number of machines with 445 ports exposed, so colleges and universities have become the hardest hit areas for criminals to use NSA hacking weapons.

  Relevant information shows that although hackers have only extorted a ransom of $50,000, the losses they have brought are far more than that. For example, when the hospital was attacked, doctors could not access the case data and were forced to cancel treatment and surgery. The blackmail virus caused some recent graduates’ papers to be encrypted and tampered with, which affected the graduation defense.

  The virus originated from the National Security Agency?

  According to Flipboard social media, in August 2016, a group named "ShadowBrokers" declared that the National Security Agency (NSA) had been hacked to obtain relevant information and intrusion tools.

  In January of this year, ShadowBrokers sold stolen Windows vulnerabilities, including SMB zero-day vulnerabilities. This may be the "eternal blue" used in WannaCry.

  In March of this year, Microsoft quietly fixed a number of vulnerabilities, including "eternal blue".

  In May this year, "WannaCry" based on "Eternal Blue" was released and spread to about 200,000 computers around the world.

  Brad smith, president of Microsoft, recently published a long article on his official blog, calling for urgent joint action to protect the public from surfing the Internet safely.

  Brad smith also accused the US government of collecting and storing security loopholes, which affected the world’s network security.

  The article points out that this cyber attack once again shows why it is a huge problem for government agencies to collect and store security vulnerabilities, and this risk will gradually emerge after 2017. We have seen Wikileaks publish the security vulnerabilities stored by the Central Intelligence Agency (CIA), and the vulnerabilities stolen from the National Security Agency (NSA) have affected computer users all over the world.

  "We have seen again and again that vulnerability attacks from government agencies have been leaked to the public domain, causing large-scale harm. This kind of harm is comparable to that of the US military. Tomahawk missile ’ Stolen. " Brad smith said.

  Solution: update your computer continuously and download service patches in time.

  Brad smith said that as a technology company, Microsoft has the first responsibility to solve these problems. In March of this year, Microsoft developed and released a security patch; Last Friday (May 12th), Microsoft quickly updated WindowsDefender** to protect users from detecting WannaCrypt attacks.

  Two months later, because most computer users didn’t realize the importance of network security and didn’t have the habit of updating their computers and installing genuine software in time, they were easily attacked by viruses that had been planned for a long time for existing loopholes, and thus became the hardest hit households in this attack. This attack also sounded the alarm for users once again. In short, it is to continuously update computers and download service patches in time.

  The spread of the virus has been controlled.

  After the emergency coordination of major network security incidents, the spread trend of "WannaCry" ransomware worm in the whole network has been effectively controlled after the afternoon of May 14th.

  As of 7: 00 am on May 16th, about 3.041 million IP addresses in the world were attacked by the "eternal blue" SMB vulnerability, mainly distributed in the United Arab Emirates, Taiwan Province, China, the United States and Russia, among which there were about 94,000 IP addresses in China.

  At the same time, monitoring found that the number of IP addresses that launched the "WannaCry" worm virus attack (which may have been infected with the virus) was nearly 52,000, mainly distributed in Chinese mainland, Taiwan Province, China, United Arab Emirates and Russia, among which the number of IP addresses in China was about 26,000.

  On May 17th, the National Internet Emergency Center released the recent spread trend of "WannaCry" ransomware worm again, saying that although it has been effectively controlled, it should still be highly concerned.

  According to the announcement, from May 15th to May 16th, the number of hosts (probably infected by Wannacry worm) that attempted SMB vulnerability attacks dropped to about 814/hour, and the number of hosts that attempted SMB vulnerability attacks dropped to about 213,000/hour. It can be seen that the number of SMB vulnerability attacks launched by worm propagation has been greatly reduced, and the spread trend has been effectively controlled.

  Do a good job of protection, don’t worry about the mutant virus.

The picture comes from the Internet.

The picture comes from the Internet.

  According to the monitoring of Tencent Security Anti-virus Lab, the development paths of suspected hackers were found, and the names of some samples have changed to "WannaSister.exe", from "WannaCry" to "WannaSister".

  As far as the information is concerned, since the outbreak of No.12 virus, there have been at least four ways to counter the killing of security software, which once again proves that WannaCry is still evolving.

  However, according to Microsoft’s latest user guidance on the protection of WannaCrypt malicious attacks, the specific prevention methods are pointed out for everyone. As long as users update software and install patches on time, they will not be attacked by viruses.

  Microsoft provide emergency security patch updates for user using earlier software, including WindowsXP, Windows8 and WindowsServer2003. The Windows10 user is not the target of this malware attack.

  In March this year, Microsoft released a security update to specifically address the security vulnerabilities exploited by this attack. For organizations and individuals who haven’t implemented the security patch update, it is recommended to update and deploy immediately according to Microsoft security bulletin MS17-010.

  For useUsers of Windows Defender terminal protection scheme, Microsoft also released an update earlier on May 12th, 2017, which can detect the threat of malicious software Ransom:Win32/WannaCrypt. As one of the enhanced "deep" protection measures, users need to install the latest anti-malware software in their computers.


admin administrator