On the evening of June 27, according to foreign media reports, the blackmail worm code named "Petya" was rampant all over the world, with terminal operators in the United States and the Netherlands, Russian oil companies, some commercial banks in Ukraine and some private companies, retail enterprises and the government system They were attacked. Victims have to pay $300 worth of bitcoin to unlock and use the computer (in the past, extortion viruses mostly lock files).
Tinderwood security According to the team's analysis, unlike most extortion viruses, Petya carries out double track transmission. In addition to using virus e-mails, Petya will also spread through the notorious "eternal blue" vulnerability, so the infection rate is very fast. If a computer of a certain enterprise is infected with Petya by virus e-mail, all computers in the intranet containing the "eternal blue" vulnerability may be infected.
Petya attacks two types of users. Attack office2007 / 2010 / 2013 / 2016 by virus email; attack all systems from WindowsXP to windows8.1 by using "eternal blue" vulnerability propagation.
The firefly security team completed the analysis of virus code and the emergency upgrade of virus database overnight, and opened the "firefly security" program Software "The Petya virus can be intercepted and killed.
Tinder engineers suggest that users:
1. Don't click the email attachment with unknown source to avoid being cheated;
2. Patch as soon as possible to repair the "eternal blue" vulnerability;
3. Download "firefly security software" and keep the default automatic upgrade and defense settings to intercept the virus.
(attachment 1, Petya will modify the MBR boot sector and take over the computer when rebooting, disguised as a disk checking process for system volume problems.)
(attachment 2: when encryption is completed, the blackmail interface will be displayed, requiring the victim to pay $300 worth of bitcoin. If the victim does not pay the ransom, he will not be able to enter the system.)
Firevelvet is good to kill soft at present. Bloggers feel that