Bitcoin blackmail
In my opinion, I don't know if it's right. We still need criticism and correction. I don't think this virus has anything to do with which way you use to access the Internet, and it also has nothing to do with which kind of computer (PC or laptop) you use. He mainly aims at some loopholes in the Current Windows operating system. We all know that when a software is downloaded, it must have the highest administrator authority to install the software on this computer. This should be a security policy of the computer operating system. However, there are loopholes in everything, and the operating system is no exception. For example, this virus outbreak, in fact, the patch was released as early as March, but many users didn't pay attention to it and didn't fix it. So, now as long as you are connected to the network, and the system vulnerability is not repaired in time, you can scan the port, use the vulnerability of a port, directly install the encryption software (virus) to your computer in the background, and encrypt your important files, so as to achieve the purpose of blackmail. So it's better not to turn off the self-renewal function of windows for convenience. At the same time, it's also recommended to turn off some ports that are not often used but are very dangerous, such as 445, 135, 137, 138 and 139—— Finally, WiFi is just a way to access the Internet. It can also spread viruses. So, quickly update and patch it .... There is also a video here. I think it's very good, but I don't know if I can watch it http://weibo.com/tv/v/?fid=1034 :
the malware will scan the TCP 445 port (server message block / SMB) on the computer, spread in a worm like way, attack the host and encrypt the files stored on the host, and then ask for ransom in the form of bitcoin. The amount of extortion ranged from $300 to $600
on May 14, 2017, a variant of wannacry blackmail virus appeared: wannacry 2.0, which cancelled the kill switch and spread faster. As of May 15, 2017, wannacry has caused cyber attacks in at least 150 countries, which has affected the financial, energy, medical and other instries, causing serious crisis management problems. Some windows operating system users in China are infected. Campus network users bear the brunt of the infection. A large number of laboratory data and graation projects are locked and encrypted.
Bitcoin blackmail refers to an email received in the mailbox. The content of the email generally includes: malicious software on the computer has captured the recipient's indecent photos through the webcam, knows the recipient's real password, etc., which makes the recipient fear and demands to pay the sealing fee in the form of "bitcoin"
if the blackmailer passes the email, he will take the next step, and he does have a lot of important information. In any case, don't transfer bitcoin to blackmailers. It's a bottomless hole. It's a good choice to keep all the evidence and report to the police. The above personal opinions are welcome to be criticized and corrected. Agree with me, please click like before you go, thank you! Like me, please pay attention to me, thank you again
in May 2017, computer network virus attacks have spread to 74 countries, including the United States, the United Kingdom, China, Russia, Spain, Italy, etc.
Call the police. If you receive a similar e-mail, you can directly pull the sender into the blacklist, and report the e-mail, so that you will not receive such e-mail. In addition, if the e-mail box can, you can set a receiving rule, set sensitive words, and then do not accept such e-mail, which can help to avoid such e-mail. Do not click any link above to avoid being stolen
if the threat of extortion is violence, the perpetrator claims that it will be carried out in the future; The threat of kidnapping violence was implemented at that time and on the spot. The perpetrator of the crime of extortion does not abct the victim to hide and control, while the crime of kidnapping should abct the victim to hide and control
extended information:
the constituent elements of the crime of extortion:
1. Subjective elements
this crime shows direct intention in subjective aspect, and must have the purpose of illegally extorting other people's property. If the actor does not have this purpose, or the purpose of obtaining property is not illegal, for example, the creditor uses threatening language to urge the debtor to speed up the repayment in order to repay the long overe debt, it does not constitute the crime of extortion
The object of this crime is a complex object, which not only infringes the ownership of public and private property, but also endangers the personal rights or other rights and interests of others. This is one of the distinctive characteristics of this crime which is different from larceny and fraud. The object of this crime is public and private property{rrrrrrr}
10
(3) in view of the current technical means, if blackmail virus can not be solved, it can only be completely formatted, Then, the system is reinstalled and the system vulnerability patch is made to prevent the secondary poisoning
2. This kind of blackmail virus mainly infects windows system. It will use encryption technology to lock files, forbid users to access, and blackmail users
3. The attacker claimed that he could only unlock the file after asking for more than $300 worth of bitcoin. In fact, even if the ransom is paid, it may not be able to unlock the file
Why are they infected
once the blackmail worm attacks a user machine that can connect to the public network, it will scan the IP of the intranet and the public network. If the scanned IP has opened port 445, it will use the "enternal blue" vulnerability to install the back door. Once the backdoor is executed, a blackmailer virus named wana crypt0r will be released to encrypt all documents and files on the user's machine for blackmail
why use bitcoin
bitcoin is a kind of point-to-point network payment system and virtual pricing tool, commonly known as digital currency. Bitcoin is popular among cyber criminals because it is decentralized, unregulated and almost untraceable< Background of transmission and infection
this round of blackmailer worm virus mainly includes two family variants onion and wncry, which first broke out in Britain, Russia and other countries, and many enterprises and medical institutions were recruited in the system, resulting in heavy losses
global monitoring of security agencies has found that as many as 74 countries have suffered this blackmailer worm attack
since May 12, the spread of infection in China has also begun to increase sharply, and the outbreak has been intensified in many universities and enterprises
wannacry blackmail virus prevention method:
1. Install the latest security patch for the computer. Microsoft has released patch ms17-010 to fix the system vulnerability of "eternal blue" attack. Please install this security patch as soon as possible; For Windows XP, 2003 and other machines that Microsoft no longer provides security updates, we can use 360 "NSA Arsenal immunity tool" to detect whether there are vulnerabilities in the system, and close the ports affected by the vulnerabilities, so as to avoid being infringed by blackmail software and other viruses
2. Close ports 445, 135, 137, 138 and 139, and close network sharing
3. Strengthen the awareness of network security: don't click the unknown link, don't download the unknown file, don't open the unknown email...
4. Back up the important files in your computer to the mobile hard disk and U disk as soon as possible (regularly in the future), and save the disk offline after the backup
5. It is recommended that users who are still using Windows XP and windows 2003 should upgrade to Windows 7 / windows 10 or windows 2008 / 2012 / 2016 as soon as possible.
In the evening of May 12, the wanna cry worm virus broke out in more than 74 countries around the world. At least 45000 machines have been infected. The network system of some colleges and universities in China has become a disaster area, and the network payment system of PetroChina gas station has also been affected
it is reported that the virus can spread rapidly in the local area network by taking advantage of the vulnerability of port 445 of windows system, but large local area networks such as schools have not done similar prevention, so it has become the target of attack
{rrrrrrr}
therefore, it is not recommended that the victim pay ransom to the hacker, because even if you pay, the hacker may not know which computer you have
it is worth mentioning that the outbreak of bitcoin blackmail virus has pushed bitcoin to the top of the wave again. "Bitcoin virus" has become a hot search keyword, and many bitcoin insiders have expressed their concerns about bitcoin's "stigmatization"“ Good tools should not be blamed because they are used by bad people. " A person in the bitcoin instry said, "bitcoin is bitcoin, virus is virus, injustice has a head, debt has owner, so it is unnecessary to have hostility to bitcoin."
now, the most important thing is that victims should install the patch released by Microsoft as soon as possible to prevent strange mail, and important files should be backed up to the cloud platform and local offline hard disk
Mikhailovich
bogachev, the author of the "bitcoin blackmailer" Trojan family, is a Russian hacker, ranking second on the list of the top ten most wanted hackers by the FBI and the leader of a cyber criminal group.