Xinhua News Agency reporter Huang Yi “Heroes Save the World”? In the recent two days of global ransomware network attacks, the news came that a British network engineer stopped the disaster by registering a domain name. However, network security experts pointed out that the current situation is only slightly eased due to various reasons, and many network users, especially Chinese users, still face risks. The level of network attacks is unprecedented” On the 12th, networks in many countries around the world were attacked by ransomware called “want to cry”. According to statistics, it involved nearly 100 countries and regions such as China, Britain, Spain and Russia. After the computer is infected by ransomware, the file will be encrypted and locked. Only after the hacker pays the ransom can the file be decrypted and recovered. The attacked objects even include hospitals, universities and other public welfare institutions. Europol said the cyber attack “reached an unprecedented level”. This ransomware exploits a vulnerability in Microsoft’s Windows operating system. Although Microsoft has released security patches before, many computers that have not been updated are still infected. In view of the serious situation, Microsoft soon announced that it would take unusual security measures to provide patches for some old “windows” platforms that it no longer supports. Many network security vendors have also urgently launched security tools to deal with ransomware. On the 13th, the media reported that a British guy “saved the world”, saying that he had curbed the cyber attack by registering a domain name. The reporter’s investigation found that the British network engineer who has not disclosed information such as name so far runs a website that analyzes malware. He said on the website that by analyzing the “want to cry” software, it found that if it accesses a domain name, it will delete itself, and the domain name has not been registered, by registering this domain name and performing related operations, he successfully prevented the spread of “want to cry” software. “This statement is not all right. The role of domain names is actually limited,” Li pine and cypress, director of the security research and emergency response center of Antian company, told Xinhua News Agency, “some infected computers, it is true that you can access this domain name and stop the ransomware from being damaged. However, the biggest problem is that a large number of internal network nodes have been infected, while some nodes cannot access this domain name, and ransomware can easily modify new variants without this feature. Therefore, we cannot expect to save the world by this domain name.” “The number of attacks and infections we have detected has not dropped significantly, but only a slow flat and decline,” Zheng Wenbin, chief security engineer of 360 company, also told Xinhua News Agency, “As the media promotes and users realize the problem, the computers of the public and institutions are gradually patched, which is the main reason why the situation is slightly relieved at present.” Users still face risks “This relaxation is largely due to the weekend, and the 15th will be an important test pass,” Zheng Wenbin stressed. Due to the time zone relationship, China will be the country facing this risk earlier. Li pine and cypress also judged: “The network attack of ransomware broke out on a large scale at around 8 pm Beijing time on the 12th. At that time, a large number of network nodes of institutions and enterprises in China had been shut down, therefore, starting the machine on the 15th will face a safety test.” He also said that many important computer systems are in the internal network environment, unable to access the aforementioned domain names, and may not be able to update security patches in time, so they may still face greater risks. Network security experts suggest that users should disconnect the network and start it, that is, first unplug the network cable and then start it, which can basically avoid being infected by ransomware. After starting up, you should find a way to patch the security patch as soon as possible or install the defense tools launched by various network security companies for this matter before you can connect to the Internet. “Users must defend against ransomware threats in advance,” Li pine and cypress stressed. “because this ransomware uses encryption algorithms such as RSA and AES, it cannot be decrypted without a key.” In other words, for computers that have been infected and attacked, locked files cannot be opened temporarily. He said that there were rumors on the Internet that the author of ransomware had disclosed the key, but it had been confirmed that it was fake news. Li pine and cypress pointed out that it is not recommended that victims whose documents have been locked pay ransom according to Hacker demands, “compromise is the indulgence of crime, and it is impossible to determine the true intention of settler at present, if the ransom is paid, the key required for unlocking will not be received. We do not recommend that the victim pay the ransom.” Zheng Wenbin said that users whose files are locked can try to use some recovery tools. According to the nature of the locked files, there is a certain probability that data can be recovered. “Blackmail” may continue in the future Network security experts are waiting for the 15th pass. So, if you pass this pass, what will happen in the future? Zheng Wenbin said: “The attack of ransomware should continue for some time in the future.” “Some illegal hackers may also be inspired by this ransomware attack and combine more technical means with ransomware,” Li pine and cypress said, “Ransomware is inevitable to drive the resurgence of worms. Hackers may use botnets to distribute viruses, and may also create and spread virus software for vulnerabilities in IoT devices. These problems will occur.” The rise of Bitcoin has also helped ransomware. Bitcoin is a kind of virtual currency, which is difficult to track online transactions and has become a popular transaction medium for many hackers. In this incident, a user was extorted five bitcoins due to the infection of a computer, which is about 50000 yuan at present. The ransomware threatened not only individual users, but also many institutions and enterprises. Experts therefore remind that all network users should strengthen their security awareness in the future, pay attention to updating security patches and using various anti-virus tools. 2211 Xinhua News Agency, Beijing, May 14th News analysis: the threat of ransomware is far from disappearing. Xinhua News Agency reporter Huang Yi “heroes save the world”? In the recent two days of global ransomware network attacks, a British network project was reported.