CNR network Beijing News on May 16 according to the voice of China news, from 12th day of this month, a model called “want to decrypt”, ransomware, also known as “want to cry”, spread crazily around the world. After the computer is infected, the documents in the system will be locked and cannot be opened. You need to pay a high ransom to unlock infected files on your computer. At present, the impact of this virus continues, with at least 150 countries under cyber attacks. In China, in addition to some enterprises, institutions and universities, some gas stations in PetroChina are also affected. Some gas stations of PetroChina are affected On the evening of the 12th, some gas stations in PetroChina were affected by the ransomware, resulting in fuel card, bank cards and online payment functions. From the 13th, some gas stations in Tonghua city, Jilin province suddenly had network failures. Mr. Song, a citizen, said: “On the 13th day, the bank card and fuel card could not be added. When I went to refuel on the 14th, it was basically paralyzed, my car almost broke down without adding oil.” On the afternoon of the 14th, at some gas stations in Xi’an, the reporter also encountered car owners who had problems using the third-party payment platform to refuel. Feng Xian Branch, deputy director of Mingdemen gas station of PetroChina Shaanxi sales company Miaomiao, said: “The temporary failure of the system has led to the temporary failure of WeChat, Alipay and UnionPay card. But PetroChina paid fuel card and cash normally.” The reporter called PetroChina customer service: PetroChina customer service said: At 14:08 on the 13th, a notice was issued saying that the national network was faulty. At present, the technical department is taking the time to maintain. In response to the spread of the virus, China National Petroleum Corporation released a message on the 14th that PetroChina is taking measures to deal with the spread of the virus urgently. By noon on the 14th, more than 80% of the gas stations in the country had recovered their network connections, and the infected gas stations were gradually restoring various payment functions. How to prevent ransomware “? Xiao Wang, a classmate from Guangxi Normal University, opened a strange attachment on May 8. She soon found that all the documents in the computer, including the postgraduate thesis, were garbled or could not be opened at all, “Antivirus, repair the system, etc. After restarting the computer, all files are encrypted.” Experts said that this ransomware virus spread and attacked Microsoft’s “Eternal Blue” vulnerability. Once the computer is infected with the virus, it will actively and randomly attack the computer in the LAN. Almost all types of files in the infected host system, such as photos, pictures, documents, audio and video, and executable programs, are encrypted and cannot be opened. After that, the victim will be blackmailed: If you want to “unlock” encrypted files, you need to pay bitcoin worth more than $300. If the unpaid price is doubled for more than three days, if the unpaid file is permanently cleared for more than one week. Wang Wenyi, an engineer of the National Computer Virus Emergency Treatment Center, said, “his statement is that the ransom doubled three days later, and there was no chance to decrypt it a week later, which was equivalent to losing all the files.” In fact, as early as March this year, Microsoft has released a patch to repair the “Eternal Blue. Sun Xiaojun, a network security expert, said that this virus is just a habit that many users do not patch and update the system in time. “This virus exploits a vulnerability. However, many users do not have the habit of patching, resulting in many people not fixing vulnerabilities in time, and virus samples can still capture many computers through vulnerabilities.” Although partial mesh domestic operators have taken preventive measures, there are still a large number of vulnerabilities in the intranet of some industries. Wu Yunkun, president of 360 Enterprise Security Group, said: “The harm is that once infected, the entire hard disk will be encrypted. If he doesn’t agree to the blackmail request and give him the money, he will delete the whole document. It seems to be aimed at individual users, but the actual blackmail virus has caused great harm to the whole industry, the government and many industry institutions. Including banks, energy, education and other institutions, once they are recruited, their services will be stopped and even social chaos will be caused.” Guo Qiquan, chief engineer of the network security bureau of the Ministry of Public Security, introduced: “The internal network of some departments was originally logically isolated or physically isolated from the external network, but now some industries have some illegal outreach, or some people don’t pay attention to using USB flash drive, plug in the internal network and plug in the external network, so it is easy to bring the virus to the internal network.” In addition, China Securities Regulatory Commission and China Banking Regulatory Commission recently issued a document requiring local securities regulatory bureaus, banking regulatory bureaus, securities dealers, banks, funds and other institutions to do self-inspection and protection. The banking system issued the Notice on preventing “worm” ransomware virus attacks, requiring the science and technology information department to install patches released by Microsoft for all computer terminals of Windows operating systems to fix vulnerabilities. Third-party online payment institutions such as Alipay and WeChat all stated that they were “not affected by the virus”. Viruses can be detected but encrypted files cannot be decrypted and recovered. At present, the National Computer Virus Emergency treatment center has conducted research on the virus. The virus can be detected and killed, but the encrypted file cannot be decrypted and recovered for the time being. Staff reminded that although the documents will be decrypted after payment of ransom, it also increases the risk of personal information exposure, so it is not recommended to pay ransom to unlock the documents. Wang Wenyi said: “If the ransom is paid, personal information, such as accounts, may be recorded, which may become the target of the second attack after being used.” The network security bureau of the Ministry of Public Security is also coordinating various network information security enterprises in our country to prevent and kill the ransomware. Guo Qiquan said: “Now we timely monitor the spread and variation of the virus, and then we should timely monitor the discovery, timely report the early warning and timely dispose of it. In recent days, public security organs across the country have cooperated closely with other departments and experts, especially some experts from information security enterprises, to support our important industry departments as soon as possible, to quickly handle, upgrade and patch them, in addition, public security organs are still conducting investigations and investigations.” The head of the Network Security Coordination Bureau of the central network information office said: at present, the ransomware is still spreading, but the spreading speed has slowed down significantly. The large-scale spread of ransomware is rare in recent years, which has once again sounded the alarm bell to People. The rapid development of information technology such as the Internet has brought great benefits to people. At the same time, it also brings unprecedented network security challenges. Some experts said that at present, China’s network security investment is less than 1% of the overall IT investment. Compared with the average level of 10% in developed countries, there is still a big gap and room for improvement. The cybersecurity law, which will be implemented on June 1 this year, emphasizes strengthening the operational security protection of critical information infrastructure. Network experts remind that netizens must take preventive measures and update patches and operating systems in a timely manner when using computers on a daily basis. Beijing network information office and other departments issued a notice, suggesting that users install patches released by Microsoft as soon as possible; For users who are still using XP, 2003 and so on who no longer provide security update systems, we recommend that you upgrade the operating system version or close the ports affected by the vulnerability. Wu Yunkun, president of 360 Enterprise Security Group, suggested that users should cut off the network before repairing it. “The most important protection strategy recommends that you do not connect to the Internet before starting up, and cut off all wired and wireless networks, see if you are successful. Install protective tools to protect computers. After confirming that it is no longer a susceptible computer, you can surf the Internet. In addition, for institutional users, it is very important to set network protection policies to control the large-scale infection of viruses throughout the organization.” For infected users, experts recommend that you use security software to detect and kill worms and keep encrypted files before unlocking them. In normal days, patches and backups are also required. Wu Yunkun reminded all organizations and individual users that daily data should be backed up frequently and patches should be frequently used, so as to truly protect the security of network computers. 2907 CNR network Beijing May 16 news according to the voice of China “news” report, from 12th day of this month, a model called “want to decrypt”, ransomware, also known as “want to cry”, spread crazily around the world. Documents in the system after the computer is infected
Read More
