Which users are easy to be infected, and why are government agencies and universities in the disaster area?
This virus spreads through the shared port. In addition to attacking the intranet IP, it will also attack on the public network. However, only computers that are directly exposed to the public network and have not installed the corresponding operating system patches will be affected, so those personal users who dial through the route will not be directly attacked through the public network. If the enterprise network also accesses the public network through the total route exit, then the computers in the enterprise network will not be directly attacked from the public network, but it does not exclude that the future version of the virus will have more transmission channels.
Many campus networks or other networks have some computers directly connected to the public network, and the internal network is similar to a large LAN, so once the computers exposed to the public network are broken, the whole LAN will be infected.
According to the "tinder Threat Intelligence System", not many Internet users are infected.
The infected user, can you recover the encrypted locked file?
Compared with the previous extortion virus, the wannacry virus has a fatal flaw -- the virus author cannot clearly identify which victims have paid the ransom, so don't pay the ransom easily. Even if the ransom is paid, the virus author can't distinguish who pays the ransom and gives the corresponding key.
There are some "decryption methods" circulating on the Internet, and even some people say that the conscience of the virus author has found that the decryption key has been published, which are rumors. This blackmail virus, like most other blackmail viruses in the past, can't be decrypted. Please don't believe any lies that can be decrypted to prevent being cheated.
What systems will this blackmail virus attack?
The impact of this virus outbreak is very large, which is rare in recent years. The virus spreads through the NSA's "eternal blue" vulnerability, and almost all Windows systems will be attacked if they are not patched.
Microsoft released ms17-010 security update in March this year. The following systems can resist this virus if they enable automatic update or install corresponding update patches -- Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, windows 8.1, Windows Server 2012, windows 10, Windows Server 2012 R2, Windows Server 2016.
The most secure user is windows 10. This system is enabled by default and cannot be shut down, so it will not be affected by this virus.
In addition, because of the huge impact of this event, Microsoft has provided an emergency security patch update for Windows XP, Windows 8 and Windows Server 2003 which are no longer in maintenance period for the first time.
In addition to windows computers, will mobile phones, pads, Macs and other terminals be attacked?
No, the virus only attacks computers of windows system, mobile phones and other terminals will not be attacked, including UNIX, Linux, Android and other systems will not be affected.
What are the symptoms of being infected by this blackmail virus?
The most obvious symptom after poisoning is that the background of the computer desktop has been modified, many files have been encrypted and locked, and virus pop-up prompts.
The files locked by virus encryption include many suffixes, almost all the file names covered by windows.
What is the relationship between "eternal blue" and "blackmail virus"?
'eternal blue' refers to the dangerous vulnerability 'eternal blue' leaked by NSA. This blackmail virus wannacry uses this vulnerability to spread. Of course, other viruses may also spread through the vulnerability of 'eternal blue', so it is necessary to patch the system.
It's said that an unexpected move by a British security researcher has prevented the bitcoin blackmail virus attack which has swept the global network from spreading and saved the world. Is it true?
The virus body of wannacry, a blackmail virus, contains a piece of code. The content is that the virus will automatically check whether a piece of code URL can be accessed online. If it can, it will not continue to spread. This is the virus's' magic switch '.
Foreign security researchers immediately registered the website after finding the code, which effectively prevented the spread of the virus in a wider range. However, this only prevents the spread of the virus, the infected computer is still attacked, and the file will be encrypted and locked.
In addition, this code in the virus body has not been encrypted. Any new virus maker can modify and delete this code, so there may be a new variety of virus whose 'magic switch' has been deleted in the future.
If you use the genuine operating system and turn on automatic update, do you need to use the online immune tools?
If the system above Vista has automatic update enabled, there is no need to use any immune tools, let alone manually close the relevant ports. If WinXP, Win2003 and win8 systems are patched with the patch provided by Microsoft in an emergency, there is no need to use the immune tool and close the port manually.