Blackmail attacks broke out in many countries around the world, such as Britain, Italy and Russia. A large number of domestic industrial enterprises have been infected on a large scale, and many universities have also been recruited. The education network was seriously damaged, and the attack paralyzed the teaching system, even the campus card system.
Many teachers and students' computer files are encrypted by viruses, which can only be recovered by paying a bitcoin ransom of $300. Because it is the graduation season of colleges and universities, the blackmail virus has caused some recent graduates' papers to be encrypted and tampered with, which directly affects the graduation defense.
What is Bitcoin virus?
This computer virus initiated by hackers will encrypt a large number of files on the system into files with suffix. Onions. After poisoning, you will be asked to pay a bitcoin ransom to decrypt the recovered files, which will cause serious loss of personal data, but anti-virus software cannot decrypt these encrypted files. But don't listen to what hackers call "giving money to decrypt", because hackers may not keep their credit strictly, and bitcoin is expensive, which is not a small amount for ordinary users.
Looking closely at the time when the Bitcoin virus appeared, we can find the following characteristics:
The technology used in this ransomware was leaked by an organization called Shadow Broker, which is an original hacking method of the National Security Agency (NSA).
2. Microsoft, the backdoor used by the virus, has released an update patch on March 14, codenamed MS 17-0 10, so users who open Windows automatic update should be safe.
3. Operating systems that Microsoft no longer supports, such as 3. Windows XP and 2003 are the hardest hit areas.
As long as the Windows file sharing service is started on your computer, even if you do nothing, you may still be infected with this virus.
Shandong University became the hardest hit area because China Education Network didn't ban port 445. Peking University took emergency preventive measures in May 12; Many media praised Tsinghua University for taking precautions, and 1 month banned port 445 to ensure the safety of Tsinghua campus.
6. If you are infected with a virus, your system will be implanted with a back door that uses DOUBLEPULSAR attack, in addition to files being encrypted and blackmailed. This means that even if you pay the ransom, your computer may still be controlled by hackers and become a broiler.
7. In fact, this is not the first time that ransomware has spread. With the emergence of CryptoLocker at the end of 20 13, a large-scale bitcoin blackmail began. 20 13, 12, ZDNet estimated that the virus used bitcoin to extract a huge sum of $27 million from the victim during the period from1215 to 18.
8. Every poisoned machine was blackmailed with $300 worth of bitcoin, which further pushed up the price of bitcoin. But this time things are different from previous applications. Because of the wide spread and the large number of participants, it has added a lot of "heat" to Bitcoin. From the perspective of speculation, the popularity and popularity in the market have brought the soil for speculation. So bitcoin is bullish in the short term.
In case the computer is hacked, you can do this:
1. Immediately organize intranet detection to find all terminals and servers that open 445 SMB service ports.
2. At present, Microsoft has released the patch MS 17-0 10 to fix the system vulnerability of "Eternal Blue" attack. Please install this patch for your computer as soon as possible. For users whose operating systems are XP and 2003, it is recommended to upgrade the operating system version or close the ports affected by the vulnerability.
3. Once the poisoned machine is found, disconnect the network immediately; Enable and open Windows firewall, enter advanced settings, and disable the related rules of "file and printer sharing" in inbound rules. Close UDP ports UDP 135, 445, 137, 138 and 139, and close network file sharing.
4. It is strictly forbidden to use devices that can carry out ferry attacks, such as USB flash drives and mobile hard disks; Back up the important files in the computer to the storage device as soon as possible; Strengthening email security and effectively intercepting phishing emails can eliminate many hidden dangers; Install genuine operating system and office software.
5.360 security guards have provided the "NSA arsenal immunization tool", which can be downloaded and installed.