Shulou(Shulou.com)06/02 Report--

The massive infection of WannaCry has benefited from a timeless blue loophole leaked by shadow brokers, and although Microsoft has released security updates, many users have not yet installed it. It has been 18 months since the initial outbreak, but so far hundreds of thousands of users have been infected with WannaCry ransomware.

In the middle of last year, WannaCry ransomware broke out in many countries and regions around the world, infecting a large number of individual and corporate users in a very short time.

The massive infection of WannaCry has benefited from a timeless blue loophole leaked by shadow brokers, and although Microsoft has released security updates, many users have not yet installed it.

It has been 18 months since the initial outbreak, but so far hundreds of thousands of users have been infected with WannaCry ransomware.

It feels like a good time to quickly end the year. Take a look at our WannaCry data. I will publish some charts and different metrics in this topic. To the @ Cloudflare staff, they provided us with the help of the kill switch almost from the very beginning.

-Jamie Hankins (@ 2sec4u) December 21, 2018

WannaCry will first verify the reserved unregistered domain name. If the virus cannot connect to the domain name, it will continue to destroy and infect it.

At first, some researchers found domain name switching and registered domain names. After registration, WannaCry can connect to the domain name, so the momentum of communication immediately drops.

Researchers can also use the domain name to monitor people who want to be infected, and so far it has received 17 million connections a week.

There are 630000 unique visitors from 194 countries and regions around the world every week, which means that more than 630000 computers are infected every week.

As mentioned above, the WannaCry domain name switch has been registered, so after the domain name is detected on the network, although the virus runs in the background, the file is not encrypted.

For the intranet, if the external network cannot be connected, the file will be encrypted, and the propagation of the intranet worm will be relatively more convenient.

Many internal machines do not install security updates and use old systems all the year round. Once invaded, all machines on the intranet will be infected at the same time.

Therefore, in addition to system upgrades and bug fixes, it is also important to back up important files every day to avoid reluctance to consider countermeasures.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.