Ransomware swept the world for the past ten days: Didn't it cure the "drug"?

(Original title: Ransomware swept the world for the past ten days: "The medicine" that has cured it has yet to come out.)

TechWeb May 21 Report Wen Meng / Wang Meng

"Want to cry" is still spreading, and its "medicine" is still being researched and developed, but users of WindowsXP can feel at ease. Three computer experts from France recently issued detoxification software, one of whom developed a software for detoxification software. This "antidote" temporarily only works on computers that use the Windows XP operating system. There is no effective way to cure it absolutely. It sounds like a bit of desperation. In the past 10 days, what have both the virus and anti-virus teams done?

The virus came

One of the most relaxing days of the week is the Friday afternoon. The virus came when the network security guards in this institution were at their best.

At 3 pm on May 12th, WannaCry (also known as the "want to cry" virus) ransom virus appeared in parts of China. At this time, no attention has been paid to it. On Friday night, ransomware broke out in nearly 100 countries and territories around the world, according to the analysis report on the WannaCry ransomware virus attack incident released by China National Information Security Vulnerability Database (CNNVD) on May 14th (hereinafter referred to as the CNNVD report). More than 75,000 cases have been recruited.

The campus system first recruited students waiting for the graduation reply to cry. Because the computer was infected with the virus, the papers on the computer could not be opened.

Next, part of CNPC’s gas stations were disconnected and the online payment function was affected. On May 14th, Wuxi Municipal People’s Government’s press office’s official microblog “Wuxi released” said that many police stations such as immigration and police stations were also suspected. Have encountered a virus attack.

The area of ​​"poisoning" is very rare. The CNNVD report stated that this cyber attack involved more than a hundred countries and regions in the government, power, telecommunications, medical institutions and other important information systems and personal computers, the most serious areas concentrated in the United States, Europe, Australia and so on.

meet on Monday

In the two days of the weekend, the circle of friends and major social platforms were concerned about the dangers caused by the “blackmail virus”. However, how to effectively prevent it seems to be stretched. The virus is considered difficult to crack, and without returning ransom, it is necessary to reinstall the "poisoned" computer to reinstall the system.

Because the two days of the weekend, many computers are off, do not rule out Monday (May 15) this virus will erupt again.

Office workers are repeatedly reminded: Monday to work on the first network cable and then open the computer. However, information from netizens from Weibo revealed that the number of computers recruited in hospitals, banks, schools, libraries, etc. was still increasing on Monday.

The same picture appears on all recruited people’s computers, requiring people infected with the virus to pay $300 worth of bitcoins (a kind of virtual currency that can be purchased for real or virtual items, as well as currency for most countries). Unlock data, as well as a countdown clock.

As the working day comes, the public relations staff of the cyber security company also go to work. As a result, companies such as Tencent Security, Qihoo 360, and Fire Safety began to issue a series of preventive and remedial measures.

Although there are many preventive measures, ransomware is also escalating.

According to foreign media reports, the new Zhongzhao Computer that appeared on Monday showed a variant of the ransomware virus: WannaCry?.0. A domain name to stop the spread of variant ransomware may spread faster. When WannaCry ransoms a virus, it will make a request to a domain name. If the domain name exists, it will exit. If the domain name does not exist, then it will continue to attack. This domain name is its Kill. Now that this switch is gone, it means that the virus will continue to attack.

White hat hackers appear

In the crisis, white hat hackers appeared. A 22-year-old man, Marcus 燞utchins, slowed the spread of the virus.

Hutchins, a British cybersecurity researcher, found a WannaCry ransomware virus in a small bedroom on the North Devon Coast, trying to enter a very special, non-existent web site. He successfully registered the garbled domain name. Inadvertently stopped the spread of the virus. Unfortunately, the ransomware continues to spread further in the future.

In recognition of Hutchins’s efforts, HackerOne, an American vulnerability-monitoring platform, publicly offered him a reward of 10,000 U.S. dollars (about 7,700 pounds) on the grounds that he was thankful for his active research on this malicious software and made the Internet more secure.

Hutchins’s unintentional move has prevented the global terminal from falling into a bigger crisis, but measures to effectively prevent the outbreak of the virus have not yet emerged.

Temporary "Antidote"

On May 21, it was reported from foreign media that ransomware virus "WannaCry" swept the world a few days ago. During this cyber crisis, more than 150 countries and regions were affected. Three French computer experts have recently issued detoxification software that allows victims to unlock files, but only for computers that were not restarted after the accident.

It is reported that the operating principle is to find out the RSA encryption algorithm source code used by "WannaCry" to obtain the decryption key. However, this "antidote" is only useful for Windows XP operating system users. In other words, other versions of Windows users' computers are still at risk.

Not only has there been no critical progress in the development of the “antidote”, where the ransom virus that has ravaged the world has not been accurately described. At present, the ransomware virus named "WannaCry" is still spreading, but the speed has slowed down significantly. There is still no conclusion as to who should be responsible for this.

However, Microsoft Corp. accused the NSA of playing a role in the creation of a blackmail virus. Some U.S. experts and the media also believe that the U.S. National Security Bureau has only unintentionally worked hard. But Tom Bost, the homeland security adviser to President Trump of the United States, denies this claim. "This tool for extortion using data is not developed by the NSA."

According to statistics, China currently has about 30,000 IP-infected ransomware viruses. According to a report by the Wall Street Journal, a new computer virus called Adylkuzz appeared after the WannaCry virus last week and is rapidly spreading around the world. At the same time, a hacker group threatened to release the second batch of stolen cyber weapons. A new round of global Sexual technology attacks seem to be stormy.

燑br>