The ransomware, called WannaCry, is shown here in a security researcher's secure computer environment.
On May 13, according to media reports such as the BBC, a computer ransomware virus broke out in many countries around the world, and the victim's computer would be locked by hackers, prompting the payment of Bitcoin worth $300 (about 2,069 yuan) to unlock it. So far, 99 countries have been affected.
This ransomware virus is called WannaCry (and its variants), and it has attacked a large number of organizations around the world. In some of the hospitals under attack, surgeries have been canceled, potentially leading to the innocent deaths of patients. The attackers are said to have used some tools developed by the US National Security Agency.
Who is carrying out the attack?
Some experts say the attack should have exploited a vulnerability in Microsoft's systems. The vulnerability was actually first discovered by the NSA, who also named it EternalBlue.
Then, the related tools developed by the NSA were stolen by a hacker group called "Shadow Brokers." Hackers also tried to sell them in an online auction.
However, the hackers later decided to make the tools free, releasing encrypted passwords on April 8.
The hackers said they released the passwords as a "protest" against US President Donald Trump.
Some cybersecurity experts at the time said the malware could be real but outdated, as Microsoft released a patch for the vulnerability in March, but the problem is that many systems may not have the updated patch installed.
Microsoft said Friday that its engineers have increased detection and protection against WannaCrypt. Microsoft also said the company is helping customers.
How big is the attack?
99 countries have been attacked so far, including the UK, US, China, Russia, Spain and Italy.
Antivirus software maker Avast says the number of WannaCry ransomware cases around the world has risen to 75,000.
"The scale is huge," said Jakub Kroustek, an expert at antivirus vendor Avast.
What is ransomware?
Many researchers say the extortion cases appear to be linked, but they say it may not be an organized attack against some specific target.
Meanwhile, some bitcoin wallets linked to the ransomware are said to have started filling up with cash.
Who was attacked?
The UK's National Health Service (NHS) has come under attack and some surgeries have been cancelled. An NHS worker told the BBC that in some of these cases the patient was "almost certain to die".
There are reports that Russia has more infections than any other country.
A number of Spanish companies, including telecom giant Telefonica, power company Iberdrola and utility Gas Natural were also attacked. There were reports that workers at the companies were told to turn off their computers.
Portugal Telecom, FedEx, the government of a region in Sweden, and Russia's second-largest mobile operator, Megafon, also said they were under attack.
How does this malware work?
Some security researchers have pointed out that the infection appears to be deployed via a worm. A worm is a program that spreads itself between computers.
Unlike many other malicious programs, this program is able to move around a network by itself. Most other malicious programs rely on humans to spread, which means that someone needs to click on the attachment containing the attack code first.
Once WannaCry enters an organization's internal computer network, it finds vulnerable computers and infects them. This may explain why its impact is so dramatic - because each victim organization has a large number of machines infected.
Here's how to protect against ransomware virus attacks
Recently, there have been ransomware infections in many domestic colleges and universities. Disk files will be encrypted by viruses. The encryption uses a high-strength encryption algorithm, which is difficult to crack. Apart from paying high ransoms, the attackers often have no other way to decrypt the files. A high ransom is required to decrypt the recovered files, causing serious losses to learning materials and personal data. According to the report of the network security agency, this is a virus attack launched by criminals using the "Eternal Blue" leaked from the NSA hacker arsenal. "Eternal Blue" will scan Windows machines with open 445 file sharing ports without any user operation. As long as the Internet is turned on, criminals can implant ransomware, remote control Trojans, virtual currency mining machines and other malicious objects in computers and servers. program.
The installer hereby reminds the campus network users:
1. Install the latest security patch for the computer. Microsoft has released patch MS17-010 to fix the system vulnerability of the "Eternal Blue" attack. Please install this security patch as soon as possible.
Please download the corresponding patch for your own system: (All patches download address http://www.zhuangjiyuan.com/help/win10/18885.html)
XP 32bit:
Windows7 32-bit system security patch download:
Windows7 64-bit system security patch download :
Windows8 32-bit system security patch download:
Windows8 64-bit system security patch download:
Windows server 2012 system security patch download: Windows8.1
32 -bit system security patch download: Windows8.1
64-bit system security patch download:
Windows10 32-bit system 1607 Version delta update security patch download:
Windows10 64-bit system 1607 version delta update security patch download:
Windows10 32-bit system version 1607 version security patch download:
Windows10 64-bit system version 1607 version security patch download:
Windows10 32-bit system version 1511 version security patch download:
Windows10 64-bit system version 1511 version security patch download:
Windows10 32-bit system RTM/LTSB version security patch download Download:
Windows10 64-bit system RTM/LTSB version security patch download:
2. Close ports 445, 135, 137, 138, and 139, and close network sharing. Closing method: http://www.zhuangjiyuan.com/help/win7/18851.html
3. Strengthen network security awareness: do not click on unknown links, do not download unknown files, and do not open unknown emails.
4. As soon as possible (regularly in the future), use the installer's one-key restore tool to back up the important files in your computer to the mobile hard disk and U disk, and save the disk offline after the backup.
5. It is recommended that users who are still using Windows XP, Windows 2003 operating systems upgrade to Windows 7/windows 10, or Windows 2008/2012/2016 operating systems as soon as possible.
6. It is recommended to download the operating system, Office software, etc. from the official website of the installer, which is more secure and stable.
7. For more computer system information, go to the official website of the installer.