Shulou(Shulou.com)06/03 Report--

Bilibili's highly popular UP host "witty party sister" released a video saying that he had been attacked and blackmailed by hackers, once again drawing attention to cyber security and privacy protection.

The story goes something like this. Due to the large video clips and rendering material files of the party sister team, the company spent more than 100,000 yuan to build a NAS system within the company, which is equivalent to a public hard drive within the team. However, on the first day after NAS was built and tested for a period of time, it encountered the invasion and attack of blackmail virus.

Party sister said that at present, hundreds of GB video files are all encrypted by the virus, and customers said through a TXT format blackmail that they have to contact the hackers to pay a "ransom" to get the material back.

According to cyber security experts, there is currently no way to repair and decrypt the blackmail virus, known as Buran.

If you want to get the material back, it is almost impossible to save yourself, and the cyber security company says there is nothing you can do about it, while the police cannot file a case because there is no definite economic loss, so you have to negotiate with the hackers and pay the ransom.

This may not work either. Not to mention whether the hackers are trustworthy or not, whether there will be layers of increase in the negotiations, just because of the social effects of this incident, if hackers also see these reports, they may not dare to continue trading.

Therefore, the hope of saving these data is very slim, and the party sister also said that she should learn a lesson and make a safe backup. Some small UP owners told the media that they had never considered the hidden dangers of network security and material theft, because they had fewer fans and would not be targeted.

But "will not be targeted" is actually an illusion, because hackers carry out random indiscriminate attacks across the network. It's not a hit right now. It's just a loophole that hasn't been discovered by hackers.

The misery of the party sister team is actually a wake-up call for the fast-growing video self-media industry. With the development of video industry, video material, as a data asset, has become a means of production with economic value, which should be paid enough attention to and protected by creators.

How to do a good job in the security protection of video materials, and what new safe storage methods there are, all need to be considered by video media practitioners and related industries.

When video self-media began to encounter network security problems

You may also wonder why the online underground industry is looking for the video self-media industry that is working conscientiously.

First of all, video self-media has sprung up as an industry and become valuable. The technical threshold for video shooting and editing has been lowered again and again, and the prosperity of UGC video platforms represented by bilibili, Douyin and Kuaishou has led to the rise of a large number of grassroots video bloggers. At the same time, the scale of attention brought by video traffic has produced huge economic benefits. Video production has changed from a "ticket-playing" nature to an industry with commercial value. In a word, the material resource of video self-media has become a valuable data asset.

Secondly, the storage, sharing and rapid use of these massive video materials has become a new problem. As the party sister said, the production of a video has changed from hundreds of MB to dozens of GB now, and their own computer hard drives and external hard drives have been unable to store and share these material resources. Therefore, NAS public network disk has become the first choice of many video studios, UP owners and photography enthusiasts, which is equivalent to building a small private cloud.

Then, the problem arises: either the builders of these NAS are not equipped with IT technicians with corresponding network security to maintain them on a regular basis, or they do not have enough awareness of security protection, do not turn off some permissions, or set very weak passwords for convenience, resulting in the server system being exposed to security threats.

Then, as we pointed out, there is no difference in the attacks of extortion viruses such as Buran. It scans the IP port on the public network, and the virus breaks through the flawed port protection to enter the system, then violently cracked the password, and finally infected and encrypted the data files of the system.

The tragedy occurs when the high storage requirements and low security awareness of video production are encountered by malicious hackers searching for prey on the public network.

How to protect data security under NAS public network disk?

Why does NAS public network disk become the first choice of current video self-media team and UP owners?

First of all, NAS under simple popular science, its full name is Network Attactched Storage, that is, network-attached cloud storage server. It is a device that can connect to the network and has data storage capabilities, and can support a variety of protocols and operating systems. To put it simply, NAS is a private network disk equipped with multiple mechanical hard disks with large capacity to form a RAID (redundant independent disk array), which can centrally manage and process data.

The advantages of large-capacity storage of NAS, stability of 7X24 hours, high-speed operation in large broadband network environment, and the convenience of multi-scene, multi-user and multi-device access have become the main factors for video producers to choose. The multi-permission function of NAS can set corresponding access and read and write permissions for different creators, and improve the matching degree of the team and the efficiency of production.

Of course, qualified NAS products should be equipped with mature RAID scheme, hard disk detection scheme, encrypted transmission and multi-user management to ensure that data will not be leaked and lost due to malicious intrusion or accident.

According to the analysis, specific to the security loopholes encountered by the main team of this UP, on the one hand, their NAS server uses the WindowsServer operating system specifically targeted at the blackmail virus, and some high-risk ports are not closed; on the other hand, they may have set up public network access, exposing that the account password configured for the software by the public network IP; is too simple and has been violently cracked.

If they have a backup of their data in advance, they can recover their losses when the files in the NAS server are attacked. At present, the lack of backup of the data makes this virus infection a serious disaster for the team.

With the video self-media moving towards regularization and team operation, both individuals and teams should make up for the lessons of network security protection from the following aspects.

1. On the whole, convenience and security contradict each other. Data in the future is one of the most important assets of a company, so doing a good job of daily safe operation and maintenance and repairing system vulnerabilities in time will become a work habit that all team members should adhere to.

2. The core method is that the data needs to be backed up regularly, and it is recommended to use a separate file server to store the backup files in isolation.

3. Strengthen the security configuration and improve the security baseline, such as high-strength passwords, put an end to weak passwords, increase the difficulty of blackmail virus intrusion, close unnecessary file sharing, close 3389, 445 and other unused high-risk ports.

4. Upgrade the operating system in time, choose antivirus software with strong technical ability, and prevent blackmail virus attacks in advance.

5. usually strengthen the awareness of network security, remind team members not to click on emails from unknown sources, and do not download software from unknown websites.

So, apart from NAS, are there any other options for video self-media?

What are the new options for video self-media to ensure data security?

At present, considering the factors such as cost and convenience, mobile hard disk must be the first choice for many small and medium-sized up owners, while network cloud disks such as Baidu Cloud have become a tool for many people to back up their data. But if faced with the same material scale and production requirements as the party sister team, NAS is already the best choice.

In the future, with the popularity of 5G network and Wi-Fi6, when network speed is no longer the bottleneck of video upload and download, it may be a better choice to choose public cloud storage service.

First of all, the security and reliability of the public cloud is naturally much higher than that of the local private cloud, by supporting server encryption, hotlink protection, IP blacklist and whitelist, VPC network isolation, log audit, and fine-grained permission control to ensure the security and credibility of the data; secondly, through disaster recovery backup, you can almost provide permanent backup protection for the data, so that the data will never be lost. In addition, through intelligent scheduling and transmission acceleration, we can provide a stable low-delay, large-bandwidth and ultra-high-speed experience for remote data access, and solve the problems of multi-terminal cooperative sharing and fast download and use of video resources.

At present, the cost of using public cloud services for storage may still be high for many small and medium-sized UP owners, but with the explosive growth of such storage demand, some public cloud vendors may come up with more economical and cost-effective storage solutions and pricing solutions.

Coincidentally, on the same day that the party sister team was threatened by the virus and blackmailed, the State Cyber Information Office, together with 12 departments, jointly issued the Cyber Security Review measures, which will be formally implemented on June 1 this year.

The network digital world is no longer an out-of-law place, and the processing and transmission of network information will more strictly follow the requirements of confidentiality, security and integrity. Network security has become a regular preventive measure for the operation of the whole society like fire prevention and anti-theft.

For the video free media industry, which is in the process of explosive growth, the security problem encountered by the party sister team has an incident worthy of being "marked". This will remind UP owners who are bald for creativity and flow that they need one more effort to protect their most important digital assets.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.