On April 10, China's security team, Huorong, recently issued a security alert, saying that the domestic blackmail virus epidemic is very severe, and the government, enterprises and individual users are all under attack, while system vulnerabilities are the main entry point for blackmail software attacks. This time, the blackmail virus is also coming. For people who often use computers, we must prevent the attack of this blackmail virus.
According to the monitoring and evaluation of "tinder threat information system", there are more than 10 kinds of extortion viruses (families) infecting users' computers every day, with a daily infection rate of up to 100000-150000 computers, of which more than 90% are extortion viruses transmitted through loopholes.
It can be seen from the above figure that although extortion virus has multiple transmission channels, such as system loopholes, virus mails, webpage stalls, etc., the number of extortion virus infections spread through loopholes is the largest, and the harm to institutions and individuals is the largest. The common feature of these infected users is that the computer runs naked - neither patches are installed for system vulnerabilities, nor qualified security software is installed.
In addition, a large number of domestic users use pirated systems, which leads to the untimely or difficult update of system patches, which is also an important reason for the high prevalence of virus.
Case 1: the server of a listed company in Fujian was invaded by ransom virus ransom / bunnyde, which led to the encryption of the ERP (financial system) database at the core of the enterprise. After tens of thousands of RMB ransom was paid to the virus gang, the key was obtained to recover the data. The virus is spread by means of spam and loopholes. According to the investigation, the enterprise server has neither installed patches nor any security software.
Case 2: a personal website operator's computer is infected with blackmail virus, resulting in most of the data of his website being encrypted, and he has to temporarily shut down the website. According to the investigation by the engineer of cashmere, the server system Windows Server 2008 used by the netizen has a risk vulnerability, but no SP patch and other system patches have been installed, and no security software has been installed at the same time, so it is easy for the blackmail virus to invade.
Case 3: when a college student's computer is connected to the school network, it is infected by the blackmail virus entered through the vulnerability of the host system of the campus network, and all documents including the graduation thesis are encrypted. The virus prompts that a ransom of nearly 10000 yuan needs to be paid. Sadly, after the student paid the ransom, the virus gang did not provide any means of decryption (some blackmailed virus gangs would 'trust' and provide the decryption key after getting the ransom).
Once the computer data is encrypted by blackmail virus, there is almost no way to crack it, the users either give up the data or pay a ransom to get the key to decrypt it, according to the engineers. Moreover, some virus gangs' don't trust 'and don't provide key to get ransom. There are also anti social extortion viruses like' Petya ', which only destroy and don't earn money. The ransom payment process simply doesn't work.
The security team of tinder reminds users that the prevention of extortion virus needs to be prevented in advance - patch the system and install qualified security software. At the same time, do not easily click the email attachment and website link with unknown origin.