According to the report, the infected countries include Britain, Spain, Italy, Portugal, Russia and Ukraine. In Britain, the National Health Service (NHS) has also become one of the victims. On that day, public clinics in many parts of Britain could only work with paper and pens. In Spain, telecom giant Telefonica also issued a statement that it was attacked by cyber attacks, but its customers and services were not affected.
In addition, the ransomware is still spreading, and it has spread to China. Last night, some college students in China reported that their computers were attacked by viruses and their files were encrypted. The attacker said that he had to pay bitcoin to unlock it. However, it is reported that users still cannot decrypt the data after paying.
It is understood that the hardest hit area of the virus is the campus network. At present, universities in Hezhou University, Guilin University of Electronic Technology, Guilin Institute of Aerospace Industry and Guangxi are affected. In addition, some netizens reported that Dalian Maritime University and Shandong University were also attacked by viruses.
According to Avast, an anti-virus software manufacturer, at least 75,000 computers are infected. The ransomware "Wana CryptoR2.0" has also been found in 99 countries.
According to the Financial Times and The New York Times, the virus publisher upgraded a ransomware in February this year using Eternal Blue, a Windows hacking tool designed by the National Security Agency (NSA), which was stolen last year.
"Eternal Blue" can remotely attack Windows port 445 (file * * *). If the Microsoft patch of March this year is not installed in the system, the user does not need any operation. As long as the computer is turned on, "Eternal Blue" can execute arbitrary code and implant malicious programs such as ransomware in the computer.
Infected Windows users must pay Bitcoin as ransom within 7 days, otherwise the computer data will be completely deleted and cannot be repaired. It is reported that the planner is a Russian hacker, ranking second in the list of the top ten hackers wanted by the FBI, and using NSA hacking weapons to attack Windows vulnerabilities.
Due to many outbreaks of worms spreading through port 445 in China, operators have blocked port 445 for individual users, but there is no such restriction in Education Network, and a large number of machines still expose port 445. According to the statistics of relevant institutions, at present, more than 5,000 machines are attacked by NSA's "eternal blue" hacker weapon every day, and the education network is the hardest hit!
Of course, users who have updated the Microsoft patch don't have to worry. On March 14, Microsoft provided a system security upgrade patch to prevent this virus attack. Users who have run Microsoft free antivirus software and updated security packages are not in danger.
However, for everyone, we should still have a cautious heart, often update computer patches and back up important information!