MUI WO PC WORKSHOP
Maintenance Services
全球爆發勒索病毒攻擊
5月12日英國、意大利、俄羅斯等全球多個國家爆發勒索病毒攻擊,中國大批高校也出現感染情況,眾多師生的電腦文件被病毒加密,只有支付贖金才能恢復。據360安全衛士緊急公告,不法分子使用NSA泄漏的黑客武器攻擊Windows漏洞,把ONION、WNCRY等勒索病毒在校園網快速傳播感染,建議電腦用戶儘快使用360「NSA武器庫免疫工具」進行防禦。
據360安全中心分析,此次校園網勒索病毒是由NSA泄漏的「永恆之藍」黑客武器傳播的。「永恆之藍」可遠程攻擊Windows的445端口(文件共享),如果系統沒有安裝今年3月的微軟補丁,無需用戶任何操作,只要開機上網,「永恆之藍」就能在電腦里執行任意代碼,植入勒索病毒等惡意程序。
由於國內曾多次出現利用445端口傳播的蠕蟲病毒,部分運營商對個人用戶封掉了445端口。但是教育網並無此限制,存在大量暴露着445端口的機器,因此成為不法分子使用NSA黑客武器攻擊的重災區。正值高校畢業季,勒索病毒已造成一些應屆畢業生的論文被加密篡改,直接影響到畢業答辯。
目前,「永恆之藍」傳播的勒索病毒以ONION和WNCRY兩個家族為主,受害機器的磁盤文件會被篡改為相應的後綴,圖片、文檔、視頻、壓縮包等各類資料都無法正常打開,只有支付贖金才能解密恢復。這兩類勒索病毒,勒索金額分別是5個比特幣和300美元,摺合人民幣分別為5萬多元和2000多元。
360針對校園網勒索病毒事件的監測數據顯示,國內首先出現的是ONION病毒,平均每小時攻擊約200次,夜間高峰期達到每小時1000多次;WNCRY勒索病毒則是5月12日下午新出現的全球性攻擊,並在中國的校園網迅速擴散,夜間高峰期每小時攻擊約4000次。
安全專家發現,ONION勒索病毒還會與挖礦機(運算生成虛擬貨幣)、遠控木馬組團傳播,形成一個集合挖礦、遠控、勒索多種惡意行為的木馬病毒「大禮包」,專門選擇高性能服務器挖礦牟利,對普通電腦則會加密文件敲詐錢財,最大化地壓榨受害機器的經濟價值。
針對NSA黑客武器利用的Windows系統漏洞,微軟在今年3月已發佈補丁修復。此前360安全中心也已推出「NSA武器庫免疫工具」,能夠一鍵檢測修復NSA黑客武器攻擊的漏洞;對XP、2003等已經停止更新的系統,免疫工具可以關閉漏洞利用的端口,防止電腦被NSA黑客武器植入勒索病毒等惡意程序。
下載NSA武器庫免疫工具
If your computer has a strange file, the wallpaper was replaced and filled with a bunch of English characters, the original normal picture, the film and file extensions are changed to ".wncry", after the implementation of a file Also appeared Wana Decrypt0r 2.0 warning window and you want to ransom to decrypt the words, then you are in the Wana Crypt0r 2.0 extortion virus attack.
When you find that your computer appears above the situation, there are usually two solutions, one is to pay 300 dollars, more than 600 dollars equivalent bit currency, and then look forward to the bad guy will really tell you to restore the file. The second is to give up all the files, the entire format, re-irrigation computer.
The WanaCrypt0r 2.0 outbreak occurred around Taiwan on Friday night, many companies, the school's computer has been shut down, so temporarily to avoid the first wave of attacks.
So when you go to the company on Monday to work or back to school with a computer when it is very important, be sure to be careful!
Prevention method: (if not poisoned)
1. Unplug the network before starting the computer!
Because the current version of Wana Crypt0r 2.0 is through the SMB file to share the 445 port to spread, attack, if your computer can be connected with other computers in the office, each file (network side), there is a chance to be swept The
2. Also download and install the patch to fix the system vulnerability!
This vulnerability as early as March 2017 release repair file, but many people may be due to the use of piracy and not updated Windows Update, in fact, no matter what operating system, must be downloaded at any time to update the patch loopholes. As for the use of piracy would have a lot of risk, which is one of them.
As for Windows XP please do not reuse it! XP vulnerabilities are not only this, and Microsoft is no longer maintenance and many software vendors are no longer available XP support version. Windows 10, then remember to update Windows Update to the latest version of no problem.
3. Install the firewall or install the wireless AP network base station and open the firewall function
Now many IP share or wireless network base station will have built a basic firewall function, remember to connect to the wireless AP management interface, open the firewall and check whether there is any connection to the port, in general, in addition to normal Internet outside the other port default is closed, but still check it.
If necessary, you can also turn off the Windows computer SMB connection function, but because it is very common with the basic functions, it is recommended not to close, but through the repair vulnerability or firewall ... and other ways to deal with.
4. backup! Backup! Backup!
No matter what kind of virus or blackmail software, if you have a regular backup, even if the computer out of the problem of your loss should not be too big. However, it is important to note that the backup file is best placed on an external hard drive or flash drive, another storage, do not always plug the computer, and not just on the network disk or NAS, blackmail software through SMB or other means Find other disks that can be connected and encrypt all files.
Really important files are best to do two backups, separate, and remember to check the availability of backup files occasionally.
5. Use Mac or Linux and other operating systems
Not Mac or Linux system will not be attacked or will not be poisoned, but in the current state to attack Mac or Linux is relatively difficult and less efficient (due to the small number, to find the target is less likely to attack)
The So at this stage the use of Mac or Linux is relatively safe a lot of options, of course, do not install the non-official website to download, unknown Flash Player or pirated program or something, or have the opportunity to bypass the protection mechanism to the computer problems.
Windows XP Patch: http://www.catalog.update.microsoft.com/Search.aspx......
Windows 7 Patch: 32-bit
http://download.windowsupdate.com/....../windows6.1...... ,
Windows 7 Patch: 64 bit
http://download.windowsupdate.com/....../windows6.1......
Windows 8.1 Patch: 32-bit , http://download.windowsupdate.com/....../windows8.1......
Windows 8.1 Patch: 64-bit , http://download.windowsupdate.com/....../windows8.1......
Solution: (already poisoned if the words ...)
What if you have poisoned?
1. If you find the computer began to weird, the computer slows down and CPU fan full operation, hard disk crazy read and write, then please immediately pull the line, turn off the computer power. If you just started to encrypt, then also had to save the remaining files.
Turn off the power, please pull all the hard drive, with an external hard drive way to get other Mac or Linux computer to backup files have not been encrypted.
2. If you have all been encrypted, then ... pay or give up.
Related Information : Microsoft Information Security Bulletin MS17-010 - Security Update for Major Microsoft Windows SMB Servers (4013389)