Emergency notification on the emergence of new variants of ransomware Monitoring found that the Kill Switch of the WannaCry ransomware has changed. After analysis and research, the ransomware may have a variety of variants, and this Monday is a new round of outbreak of the virus. The majority of netizens are requested to upgrade and install patches related to the Windows operating system as soon as possible according to the original disposal measures. If the infected machine has been disconnected immediately to avoid further spread of infection. May 15, 2017 The emergency notification monitoring of the national network and information security information notification center on the emergence of new variants of the ransomware found that the switch domain name (WannaCry) of the ransomware KillSwitch had new changes. After analysis and judgment, the worm
Category: 爱上海
Shanghai issued a warning on ransomware: it has posed a serious security threat
On May 12, a ransomware (Windows) attack against the Wannacry operating system appeared on the Internet. At present, many types of users, including universities, energy and other important information systems, have been attacked, which has posed a serious security threat to China’s Internet. Screenshot of blackmail letter appearing on some virus computers Shanghai Internet information office said on the 13th that the ransomware used the disclosed Windows SMB service vulnerability (corresponding to Microsoft vulnerability announcement: MS17-010) to implement high-intensity encryption of documents and pictures in computers, and ransom the user. The municipal network information office has issued an early warning to all key information infrastructure units in the city on the afternoon of the 13th. Once the units find the infection, they should report the relevant situation in time and carry out emergency treatment. Shanghai Internet Information Office recommends that the vast number of Internet users: [1] upgrade the Windows operating system. Currently, Microsoft has released relevant patches MS17-010, which can be upgraded through Microsoft’s formal channels. [2] install and update anti-virus software in time. [3] don’t open emails from unknown sources easily. [4] close port 445 on computers and network devices in time. [5] It is necessary to effectively manage the internal network security, close unnecessary ports, upgrade in time, and strictly isolate the internal and external networks. [6] regularly back up important files on the computer on different storage media. [7] do not trust the so-called paid decryption methods and channels on the Internet, and be careful that online fraudsters use this incident to cheat. Attachment: technical protection measures I. Download and install the system vulnerability patch MS17-010 that Microsoft has released to fix the eternal blue attack. The patch URL is as follows: https://technet.microsoft.com/zh-cn/library/security/MS17-010 Patches for Windows xp and 2003: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ 2. Users who run the free anti-virus software provided by the system on Windows computers and enable Windows Updates can be protected from this virus. Windows 10 users can enable Windows Windows to install the latest Updates through [Settings]-[Updates update], and can open security center through [Settings]-[Windows Defender]. 3. Close port 445 and disable network sharing. The general method is as follows: 1. [run] enter regedit “. 2. Locate the directory **\SYSTEM\CurrentControlSet\Servi ces\NetBT\Parameters. 3. If you create a DWORD value named “SMBDeviceEnabled” and set it to 0, port 445 can be closed. 1701 on May 12, a ransomware (Windows) attack against the Wannacry operating system appeared on the Internet. At present, many types of users, including universities, energy and other important information systems, have been attacked and have been interconnected in China.