source: Shun Net - Ji'nan times editor: 2017-05-14
author:
it is understood that the virus in Wang Meng computer is WannaCry worm. Wang Meng recalls, at about 19:00 on the 12 day, he was revising his graduation thesis, suddenly the computer appeared blue screen, then Wang Meng's computer installed a client, and popped a mixed Chinese and English red pop-up window, said important documents have been encrypted, want to restore all documents, need to pay within the time limit, 3 days do not pay atonement. Double gold, and no payment for a week will never recover. "At the beginning of the dialog, there was a row of 300 dollars worth of money to a certain account, I ordered the lower right corner 'Decrypt' key, the left timer was zero, and the price was 600 dollars." Later, he found that all the files in his computer were locked and turned into ONION files. In a post at the Shandong University's post bar "is the campus net being black?" a photo of two computers in the WannaCry worm virus was sent to some people in the reply to a few computers in the Qianfo Hill laboratory.
a late night emergency notice: Shan Da: confirm that some units infected at 23:00 on 12 days, Shandong University on campus network users issued "emergency notification on preventing ONION extortion software virus attacks", the notification, Shandong University part of the unit appeared ONION Lex software infection, disk files will be ill Poison encryption is a.Onion suffix, and the blackmail software is a kind of variant of the previously active blackmail software Wallet, which is difficult to crack with high intensity encryption algorithms. Only high ransom can be paid to decrypt recovery files and cause serious loss to learning and personal data. Other colleges and universities survived: Mountain teachers: using system non virus main attack system, Shandong Normal University related personnel, their main system is not the main system of the virus, the risk of poisoning is relatively low, the school information department has learned that the computer system has been upgraded to protect the school. Mountain teachers said they also issued an urgent notice to prevent viruses, from the technical level to guide teachers and students to prevent. For example, it is suggested that the individual upgrade the operating system, update the version, and so on, and do important files without local backup, and stop using Windows XP, Windows 2003 and other Microsoft to no longer provide a safe and updated operating system. Reporters learned from Shandong University of Finance and economics, the school has not received reports of poisoning, but also sent a reminder to the teachers and students. Reporters also contacted other major universities in Shandong Jianzhu University, Qilu and other universities. Informed sources said, education authorities and city network security departments have been involved in the investigation of infected schools.
the previous generation of the extortion virus originated from an unprecedented American attack on what is an unprecedented blackmail software? Extortion software is a malware, which is a kind of malware that enables a user to open a file through a form of encryption on a file on a computer, and then sends extortion to the user. Where does the virus come from? This software called "crying" comes from the NSA virus Arsenal. Last month, the US National Security Council suffered a leak, and a number of hacking tools developed by it were exposed on the Internet. The United States has raised huge doubts about the development of cyber attack weapons, rather than focusing on self-defence. How does your computer work? Computer users often receive a disguised e-mail, such as recruitment information, purchase list, etc. Once clicking links or opening attachments, it will infect the virus, causing computer files to be locked by hackers. When the computer is poisoned, there will be a specific blackmail request on the screen. In the 12 virus attack, some users will eventually use virtual currency bitcoin to pay ransom.
how to prevent effectively? Update the computer operating system in time, especially install security patches. For example, the virus took advantage of a vulnerability of the Microsoft "windows" operating system, which was patched by Microsoft in March 14th. Why Chinese colleges and universities are attacked? Zheng Wenbin, the 360 Chief Security Engineer of China's network security company, told reporters that after the computer was infected with this blackmail software, the files would be encrypted and locked to pay the ransom for the hackers to decrypt and recover. It is reported that the maximum amount of extortion amounted to 5 bitcoins, the current value of RMB 50 thousand yuan. China is attacked mainly by educational network users. The extortion software makes use of the vulnerability of the 445 port of the Microsoft "window" operating system. Some network operators in China have previously closed the port, but the education network is not limited. The spread of the virus is based on the two families of ONION and WINCRY. Monitoring shows the first appearance of the former in China. The latter appeared on the afternoon of 12 and spread rapidly in the campus network.