Monitoring the response to the government authority "extortion" virus

monitoring the response to the government authority

extortion "infected" virus "blackmail" will be sent to the computer, content to want to unlock the document need to pay $300 worth of COINS.Respondents for figure

12, many universities in China encounter network blackmail virus attacks.Be attacked on a computer document data is locked, the pop-up interface prompt, must pay $300 (RMB 2000) "COINS" to unlock.

blackmail is not limited to virus and colleges and universities in our country.National center for network and information security briefings, said more than 100 countries and regions extortion tens of thousands of computer virus infection.

the national center for Internet emergency emergency announcement, extortion viruses to spread to the end user penetration, and blackmail the currency or other value objects, constitutes a serious threat to attack.Has moved to blackmail and related software to monitor the network attack activities, suggest the user to update Windows security patches released, at the same time in the region of the boundary, internal network, host, assets, data backup completes the related work.

bureau of the ministry of public security may be an official also said that has been focusing on that, and set out to investigate.Has not yet received a report about the virus event, recommend the use of some tools to check the personal computer, network security precautions while at the same time, to prevent poisoning.

computer students receive "blackmail"

12 at 6 PM, nanchang university junior li (a pseudonym) open a computer, receive a roommate paper help to change format, found the net is very card, save is very slow, even white during the half a minute.

"after that, the computer screen shows a blackmail letter, suddenly can choose Chinese, Korean, Japanese, English, etc., is roughly content, want to unlock the file, need to pay $300 equivalent COINS".Li said that most of the file can't open, including double degree thesis, defense PPT and some pictures of recorded information, etc.There are three students in the class encountered a similar situation.

xinchuan school junior students hong-li zhang recalled, his 12 evening 10 when login school mobile download papers, found that the computer poisoning.

"C disk files expand names have been changed at that time, my first reaction is to use the hard disk copy down also sound files, backup hard disk is poisoning."Installed the Microsoft patch also of no help, she said, "want to find a solution as soon as possible, there is no way can only reshipment system."

Beijing news reporter learned that shandong university, zhejiang university, nanchang university, ningbo university, many colleges and universities computer "scam".In students' computer document is locked, the hackers leave contact information, said to restore documents must pay COINS.

in huaiyin institute of technology, a classmate said he is writing his thesis, computer suddenly appear to play a window, then paper, hownet to download documents have become unreadable.Its try to clean out treasure to buy repair services, and ultimately for repair price is too high to choose to rewrite their papers.

hundreds of countries have been "infected"

more than net friend said, when much of the country's gas station come on, can't online payment, can only use cash.

yesterday afternoon, a number of petrochina officials say, group, network failure, are repairing, can only use cash and refueling card consumption, and refueling card cannot use memory functions.

petrochina liaoyang petrochemical company, according to a staff from group, 12 late start, gradually appear on the Windows operating system, racketeers virus, file is encrypted, and for ransom.At present, the company network with suspension system services, computer virus is found, immediately shut down the computer, unplug the network cable.The company network recovery time prior notice.

virus attacks are not limited in our country.National center for network and information security information bulletin released report: at about 12, 20, a new type of "worm" blackmail outbreak, there are more than 100 countries and regions of tens of thousands of computers were infected.

tencent security services provided to the Beijing news, according to preliminary statistics, the "worm" has affected about hundreds of country's schools, hospitals, airports, Banks, gas stations and other equipment, makes the equipment documentation on all encrypted, losses.

according to IT's home to the affected areas are mainly concentrated in central and southeast coastal areas of China, Europe, the United States the great lakes region.In mainland China, Europe is the health care crisis is most severe infection.

reveal 1

the culprit is the "eternal blue" virus

yesterday morning, chairman of the board of directors of the company 360 Zhou Hongyi tweeting, according to the blackmail virus is by the NSA to reveal "the eternal blue" the spread of weapons of hackers."The eternal blue" can be ranged attack Windows 445 port (file-sharing), march Microsoft patch if the system is not installed, the user as long as the boot on the Internet, "the eternal blue" can execute arbitrary code in the computer, embedded blackmail viruses and other malicious programs.

national emergency center is introduced, the Internet has moved to blackmail and related software to monitor the network attack activities, 13 at 9 to 12, in about 1.011 million IP addresses outside of "eternal blue" attack, attack attempts to more than 9300 the number of IP addresses.

emergency center published report, according to blackmail the software using the previously disclosed Windows SMB service vulnerabilities means, to the end user penetration, and blackmail the currency or other value objects.Including universities, energy and other important information system, multiple domestic users is attacked, serious security threat to China's Internet network.

according to the xinhua news agency, the hacking group has yet claimed the attack.But the industry consensus is that virus is the result of the nsa.The nsa was leaked last month, the United States, its research and development of virus Arsenal was exposed.The nsa has yet to respond, the department of homeland security, according to the computer emergency response team is paying close attention to the global hacker attacks.

reveal two

encrypted computer files to blackmail the high "ransom"

360 security guards of the expert points out, "the eternal blue" blackmail virus in the ONION and WNCRY two families is given priority to, the victim machine disk file will be altered into the corresponding suffix, pictures, documents, video, compression package can't open normally, only pay a ransom can decrypt recovery.Two types of virus ransom amount were five COINS (about RMB 50000 yuan) and $300.

360, according to data provided by the company at home is the ONION, the virus first appeared, attack about 200 times per hour on average, peak of more than 1000 times per hour at night;WNCRY blackmail is 12 new virus attacks, the global and campus network quickly spread in China, the peak at night attack about 4000 times per hour.

one well-known domestic currency company executives to remind, it is not clear to pay COINS, after being attacked computer can unlock.The current domestic many currency exchange can't extract the currency, if you want to buy COINS unlock computer, should choose can promote the exchange of money, or you'll secondary losses.

reveal 3

related port exposed college into "disaster zone,"

the national center for Internet emergency notice, the attack is mainly based on port 445, a total of more than 900 900 hosts on the Internet IP exposed the port (port), the Chinese mainland has more than 300 ten thousand units.

education informatization branch of China's higher education institute of network information security working group released a statement, a preliminary investigation, such extortion virus spread use based on port 445 of SMB loopholes, some schools infection number is more, a lot of important information is encrypted.

ZuoXiaoDong, vice President of the China academy of information security, according to domestic once-familiar USES port 445 worm propagation, so some operators to individual users to seal off the port.But no this limit infomation, there are a lot of exposure of the port machine, become a major disaster area of being attacked.Arnhem

hangzhou information technology co., LTD., founder and President of Fan Yuan, said some specific industry network does not limit port 445, so attack becomes "effective", a lot of schools and a small part of the medical institutions are affected."Can be released by updating the Microsoft patch to protect against it, but for the user, under attack solution is still a problem."Its introduction, a sprinkling of extortion virus has been detected a while ago, most units may not be enough.

at tsinghua university, due to adopt measures to ban "refuge".On April 15, the school to prevent internal host campus network attack, banned the TCP port 139, 445, 3389.Yesterday, the school issued a notice, according to two recent outbreak of large-scale network security in the world, has not been widespread harm to the campus network and users.

s tips:

6 steps against "extortion" virus

security working group two preventive measures are put forward: not upgrade processing mode of the operating system (not recommended, temporary ease) : enabled and open the Windows firewall, into the "advanced Settings", in the rules of the inbound disable "file and printer sharing" relevant rules;To upgrade the operating system's handling of (recommended) : suggested that the teachers and students to use the automatic upgrade to the latest version of Windows.

for schools and other units, should be banned the boundary export exchange routing equipment outside the network of campus network 135/137/139/445 port connection, at the same time, prohibit the core in the campus network backbone to exchange routing equipment port connection.

national emergency center proposal, for the Internet users to update Windows released security patch updates, at the same time do a good job as follows:

1. Close 445 ports such as (other associated port, such as 135, 137, 135) of the external network access, the above services on the server shut down unnecessary ports;

2. To strengthen the internal network of 445 ports such as regional access audit, timely find unauthorized act or potential aggression;

3. Update the operating system patches;

4. Install and update anti-virus software;

6. Regular backups on the different storage medium information systems business and personal data.

Beijing news reporter Wang Jing yi ShaLu Zhao Lei Once autumn intern Liu Jingyu

more detailed news please visit Beijing www.bjnews.com.cn

The related content recommendation