Shulou(Shulou.com)06/01 Report--

The blackmail virus WannaCry is raging all over the world, making use of the loopholes of the Windows operating system. Because the chain reaction spreads rapidly and automatically, campus computers, personal computers and government agencies are all the worst-hit areas. All documents of the poisoned computer are encrypted and will be blackmailed for more than $300. Housekeeper and you, together with prevention and control!

Prevention and control guidelines:

I: Oh, my God! It turns out that the correct boot can prevent virus!

Whether in the home, the company or the public network, the average Internet user can perfectly avoid the blackmail virus as long as he or she completes the following four things before turning on the computer.

1. Disconnect the network before power on

If the computer is plugged in, unplug the network cable first; if you are connected to the wifi through the router, turn off the router first.

2. Back up important documents

Copy important documents from your computer to a removable hard drive or USB drive for backup.

3. Download the immunization tool

On another computer with no important documents, download PC manager's "blackmail virus offline version immunity tool" and copy the tool to a secure USB disk.

Download link: http://url.cn/496kcwV

4. Bug repair

Copy the "blackmail virus offline version immunity tool" in the U disk to the computer, double-click to run it, and restart the computer after the vulnerability repair is completed, you can surf the Internet normally.

[administrator user]

1. Disable access to port 445 between PC segments of access layer switches.

2. All employees are required to follow the steps 1-4 above to fix the vulnerability.

3. "Admin Assistant" can be used to confirm whether employees' computer vulnerabilities have been fixed.

Download link: http://url.cn/499YVsJ

Command line: MS_17_010_Scan.exe 192.168.164.128

II: Gee, I've already turned it on. What should I do?

Users who have already turned on the Internet, do not panic. PC manager will protect your computer in real time.

1. Use PC manager-blackmail virus immunization tool to close the vulnerability port and install the system patch.

Download address: http://url.cn/498da3o

2. Enable PC manager real-time protection, enable document guardian feature, and prevent variants.

Open path: PC manager Toolbox-document Guardian

III: Ah! I'm poisoned! Can it be saved?

You can use the file recovery tool. Users who have been infected with the virus have a certain probability of restoring your documents by using PC manager-File recovery tool.

Download address: http://url.cn/499UAm7

Background of the event:

I: what is the blackmail virus?

Unlike other similar blackmail viruses, WannaCry is a worm that automatically infects other computers and spreads. It breaks out rapidly due to chain reaction.

This extortion virus mainly infects the Windows system. It uses encryption technology to lock files and prohibit users from accessing them, thus blackmailing users.

The attackers claimed that the files could not be unlocked until they asked for more than $300 worth of bitcoin. In fact, even if the ransom is paid, the document may not be unlocked.

II: why did you get infected?

Once the blackmail worm enters a user machine that can connect to the public network, it will scan the ip of the private network and the public network. If the scanned ip opens port 445, it will use the "EternalBlue" vulnerability to install the back door. Once the backdoor is executed, a virus called WanaCrypt0r blackmail is released, which encrypts all document files on the user's machine for extortion.

III: why use Bitcoin?

Bitcoin is a peer-to-peer online payment system and virtual pricing tool, popularly known as digital currency. Bitcoin is popular among cyber criminals because it is fragmented, unregulated and almost difficult to track.

IV: an introduction to historical viruses?

[case 1] Spora blackmailer disguised as Chrome font update program

Introduction: users in the Chrome kernel browser to open part of the website garbled, and prompted the need to download the font update program and execute before normal access. Once the user clicks to download the update, the new blackmail virus Spora runs automatically, encrypting all the user's files.

[case 2] with only one email, you can lock important computer files for blackmail.

Introduce: Wang Wei (not his real name), who is engaged in Internet work, is looking at an email with the theme of Delivery Notification. After opening the attachment, he finds that the file on the computer has been changed into garbled code and cannot be opened, and the desktop background has also been modified into blackmail prompt text. Email attachments are a common channel of communication for blackmailers.

[case 3] "indulgent" blackmailers spread through photo-viewing software *

Introduce: "indulge" domestic blackmailer * initially implanted in a called "recognize the picture to see" in the software, and then through the major social platforms, forums and online disk crazy spread. Once the user is tricked, the names of all documents and files on the computer are modified and cannot be opened normally, so they can only be restored by paying a ransom.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.