Current location: home page > Industry trends >Text content

On the NSA blackmail virus prevention measures - Chihiro blog share

Dazzle Yi Five years ago (2017-05-13) one thousand five hundred and fifty zero

 On the NSA blackmail virus prevention measures - Qianxun blog share.jpg

  Since May 12, 2017, the network sharing protocol based on windows has been discovered in the network at home and abroad Carry on the attack to spread the worm malicious code, this is the lawless elements through the transformation before the leakage of NSA hacker force The network attack event initiated by the "eternal blue" attack program in the library.          At present, the worms can scan windows machines with open 445 file sharing port, and no user is required How to operate, as long as you turn on the Internet, criminals can implant blackmail programs in computers and servers, and Program control Trojan horse, virtual currency mining machine and other malicious programs.          At present, this worm is widely spread in the education network and Intranet without strict access control on port 445 Broadcast, showing the trend of outbreak, infected system A system that can be blackmailed for high amounts of money and cannot pay ransom on time Data will be destroyed, causing serious losses. The worm attack event has caused very serious practical harm The intranet of similar scale has also faced such threats.          three hundred and sixty security The monitoring and response center will also keep an eye on the progress of the event and update it for you as soon as possible The event information.         
  Previously on the night of April 14, 2017, Beijing time, a large number of new NSA related network attackers And the document is shadowed         Brokers organization, which includes multiple windows system services (SMB, RDP, IIS).

———————————————————


        Global computer blackmail virus attacks on campus networks of Chinese Universities

It home on May 13, 2017

In addition to China, at least 19 NHS owned medical institutions in England and Scotland, including hospitals and general practitioner clinics, have been attacked.

——————————————————

Latest progress: according to the BBC, computer network virus attacks have spread to 74 countries, including the United States, the United Kingdom, China, Russia, Spain, Italy, etc.



According to the report of it home on May 12, many small partners of it home have contributed that at about 20:00 this evening, some college students in China reported that their computers were attacked by viruses and their documents were encrypted. The attacker claimed to pay bitcoin to unlock.

It is reported that the virus is national, suspected to spread through the campus network, very fast. At present, Hezhou University, Guilin University of Electronic Science and technology, Guilin Institute of aerospace industry and universities in Guangxi and other regions are affected.

In addition, some netizens reported that Dalian Maritime University and Shandong University were also attacked by the virus.

The it home requests the schoolchildren of each district, please back up the important documents as soon as possible to avoid being blackmailed, especially the fresh graduates, the thesis must be backed up well!

From the current situation, the virus seems to be spreading, it home will continue to pay attention to it.

In addition, many public hospitals in the UK are suspected to have been attacked by the same virus.

[extended reading] several public hospitals in the UK are under cyber attack and hackers extort money

According to British media reports, on May 12, Britain's national health service system suffered a large-scale network attack, computer systems in several public hospitals almost simultaneously collapsed, and telephone lines were cut off, resulting in many emergency patients being forced to transfer.

According to the daily mail, at least 19 NHS owned medical institutions in England and Scotland, including hospitals and general practitioners' clinics, have been cyber attacked.

Hospital staff said they had pop-up windows on their computer screens. Hackers sent messages that the hospital's computers had been controlled and a ransom had to be paid to prevent all files from being deleted.

A message circulated on the Internet said that hackers demanded a ransom of $300 for each computer being manipulated and paid in the form of virtual currency bitcoin. The pop-up page also has a countdown clock that shows the deadline for next Friday.

According to the report, at least 10 ransoms worth about $300 each have been sent to the bitcoin account provided by hackers.

A similar cyber attack occurred in Los Angeles last year, when hackers received a total ransom of 13140, according to the FBI.


On prevention of onion blackmail Software Emergency notification of virus attack
Campus network users:
Recently, onion blackmail software infection has occurred in many colleges and universities in China. Disk files will be encrypted with. Onion suffix by virus. Only by paying a high ransom can the files be decrypted and recovered, causing serious losses to learning materials and personal data.
According to the network security agency, this is a virus attack initiated by criminals using the "eternal blue" leaked from NSA hacker weapon library. "Eternal blue" will scan windows machines with open 445 file sharing ports. As long as you turn on the Internet, criminals can plant blackmail software, remote control Trojan horse, virtual currency miner and other malicious programs in computers and servers.
Due to the previous outbreaks of worms using port 445 in China, operators have blocked port 445 for individual users. However, education network does not have such restrictions, and there are still a large number of machines exposing port 445. According to the statistics of relevant institutions, at present, more than 5000 machines are attacked by NSA's "eternal blue" hacker weapon every day, and the education network is the hardest hit area!
Here we remind teachers and students:
At present, Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this patch for your computer as soon as possible; For XP, 2003 and other machines that Microsoft no longer provide security updates, it is recommended to use 360 "NSA weapon library immune tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses. Download address: http://dl.360safe.com/nsa/nsatool.exe
        
Methods of infection prevention:
① Control panel → windows firewall → advanced settings → inbound rule → new rule → port → TCP → enter "135445" below → block connection → create a new rule and select UDP


② Apply the latest official patch https://technet.microsoft.com/zh-cn/library/security/MS17-010


③ XP Win2003 or below    https://dl.360safe.com/nsa/nsatool.exe    (360's detection and repair tool)

Tip: after the official patch is completed, you can download the 360 test in the article to see if the repair is complete.


Blogger reminds: Microsoft official released a patch in March, 360 patch may cause the computer system can not start normally. Campus network, office, printing room, company and other public network, equipment use should be cautious. The blogger didn't make a patch and used the restore wizard to backup the important data on the cloud disk or mobile hard disk. Close ports 445, 135, 137, 138 and 139, and close network sharing.   This blackmail outbreak is caused by the lack of security construction and awareness of enterprises and universities on the intranet, which has nothing to do with the information security industry. It has been blackmailed to restart the system and patch it. The local tyrant can also pay for it, but it doesn't have to be solved for you. (it's important to get into the habit of backing up your data!)

Related articles

 [windows] Muzi plum qq8.8.19429_ Full installation version_ QQ medal level acceleration

[windows] Muzi plum qq8.8.19429_ Full installation version_ QQ medal level acceleration

Muzi Li qq8.8 cracking version is the author's latest work, perfect crack the new version of Tencent QQ, support three display, level acceleration and other functions, do not need any permission, download and install can be used, need to download it. This version is a complete installation version, that is to say, it has been compressed into a single file. After downloading, you can click to run it directly, and then you can install it. After that, you can use it normally. The software is super stable and comparable to the official one, i.e. super stable IP (three display), high and wide restrictions (added) - and QQ level is accelerated Gain 0 more every day

 [windows] ice point restore Chinese cracked version (with registration machine) can support 1TB hard disk

[windows] ice point restore Chinese cracked version (with registration machine) can support 1TB hard disk

  Used to freezing point all know, is a very good restore protection software, can be comparable to external disk restore device   Now it's hard to find a freezing point to support 1TB hard disk   Rar password: a5ah | size: 10.3M has been tested by security software, non-toxic, please feel free to download

 How to crack the latest version of [Android] wizard 1.60

How to crack the latest version of [Android] wizard 1.60

  After decompiled with Android kill, locate the code by looking up the registration failure information   Comment out the registration code judgment code in the red box   Back compile, input any registration code to register   Then there is no, as for the software, download it yourself

 After installation, win7 system cannot access the shared files of XP computer. How to open port 445?

After installation, win7 system cannot access the shared files of XP computer. How to open port 445?

  Because NSA "eternal blue" ransomware virus will use port 445 to invade your computer, if no patch suitable for your system is detected in the repair process of "NSA weapon library immune tool" launched by 360, port 445 will be closed. However, in order to open remote connection, users need to re open this port. How to open port 445 is introduced   Method 1   Start - run enter regedit. Modify the registry and add a key value   Hive: HKEY_ LOCAL_ M...

 Bitcoin blackmail virus is conquered - free recovery office tool with infection data!

Bitcoin blackmail virus is conquered - free recovery office tool with infection data!

  [heavyweight! Eternal blue "blackmail virus has been successfully conquered by a network security company in Sichuan, and the exclusive tool for free recovery of infection data has been released!] according to an article published by zuineijiang0832, the official wechat of the Information Office of Neijiang Municipal People's government, the" eternal blue "that has ravaged the Internet recently has been reported Blackmail virus has been a network security company in Sichuan - efficiency source information security technology company to successfully conquer! And released data recovery free products. Bitcoin ransomware. Rar size: 2.5m has been tested by security software. Please feel free to download

 Win 10 the most perfect and simplest way to remove the shortcut small arrow

Win 10 the most perfect and simplest way to remove the shortcut small arrow

Using bat to quickly remove the small arrow of desktop shortcut of win10 system, obsessive-compulsive disorder Special Preface: last night upgraded win10 system, but his desktop shortcut small arrow is really eye-catching, obsessive-compulsive disorder can't stand it! In the past, many small arrows were removed based on win7 system. Many win10 systems have failed. Today, Northwest China shares a method to remove small arrows in win10 system, which is similar to that of win7 system. How to use it: download the attachment, unzip it, and run it with administrator's permission

Comment

 visitor

Welcome to participate in the discussion. Please express your opinions and opinions here.