Shulou(Shulou.com)06/01 Report--

Recently, many friends in WeChat moments have issued relevant email reminders about Locky virus blackmail. It seems that this virus has a great influence. Let's talk about how to prevent the invasion of Locky blackmail virus.

What is Locky blackmail virus?

Locky extortion virus mainly spreads Office documents containing malicious macros in the form of e-mail and evil chain *, which is confusing to users. Once infected with the virus, important data such as documents and pictures in the computer will be encrypted by the virus. At the same time, blackmail prompt files will be generated on the desktop and other obvious locations to guide users to pay ransom (usually bitcoin). Otherwise, the file cannot be opened.

It is generally recommended that:

1. Do not open Office attachments to suspicious messages

2. Disable Office macros

3. Make daily backups of important data.

4. Update security software in a timely manner

In fact, this virus has been prevalent abroad in the early stage, but it is not so early in China. It has spread to China in the near future. First, let's take a look at the Locky virus flow. * the Email,word document with malicious word document contains * malicious macro code in the victim's mailbox. After the victim opens the word document and runs the macro code, the host actively connects to the specified web server, downloads locky malicious software to the local Temp directory, and enforces it. After the locky malicious code is loaded and executed, actively connect to the * ClearC server, upload local information, and download the encrypted public key. Locky traverses all local disks and folders, finds files with specific suffixes, and encrypts them to ".locky" files. The blackmail prompt file is generated after the encryption is completed.

At present, some well-known network security teams have updated the virus database. Here is an announcement:

In April 15, a security team began to monitor the harmful behavior of blackmail virus-like emails. after a lot of tracking, it released an update at the end of March 16 and prompted the user to update the virus database. what percentage of viruses can be effectively protected? Moreover, it shows that there is no better way to deal with the poisoned machines, only to hand over bitcoin, and there is no good way to do anything else. Then said some defensive measures and so on, the first point do not open the unknown source of the email, the second point do not click the Office macro prompt. It is omitted here.

As we can see, the better way at present is, the first point is not to … Second, don't. For so many don't, is there a better way! If, can let the user not receive this email at all! The next series of steps do not need to be done at all. Generally speaking, in today's enterprise mailboxes, the anti-virus modules that come with them are automatically updated regularly, for example, once a week and once a month. Of course, there are roots that do not have this module or will not be updated at all. This will greatly reduce the timeliness of anti-virus. May cause unnecessary losses.

U-Mail Anti-Spam Gateway solution

U-Mail email security gateway uses the following process module, sending mail first through the mail gateway, after a series of scanning, and then sending normal mail to the user's server, which greatly reduces the security risk. And U-Mail email security gateway anti-spam and virus policies will be updated in real time to filter spam and virus emails. And the effect of anti-spam is centralized (centralized: if one of the users using the U-Mail mail gateway reports a message as spam, the rule will apply to all users). This has a quantitative change to a qualitative change in the amount of the virus bank compared with the antivirus bank of a single user.

Of course, for Locky virus messages, the U-Mail email Anti-Spam Gateway responds within minutes of the virus outbreak, filtering out such and its derivative virus messages 100%.

U-Mail 's anti-spam gateway is famous for its "zero misjudgment" and high spam interception rate in the industry. As for whether the actual use effect is so good as officially advertised, it is that mules are pulled out for a walk.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.