Foreword: With the popularity of the Internet in recent years, network security has not received too much attention. At present, the Internet is full of various ransomware viruses, and the number of victims is increasing sharply every year. The mallo ransomware virus is one of the more active One type, after successfully invading the user's computer, it can encrypt all the files and data, so that the user cannot open and use them, and then change the file name to the suffix MALLOX, and leave a blackmail message on the desktop, and must pay a certain amount of bitcoin for payment , to obtain the private key to open.
One: How to prevent it.
In addition to some common sense precautions, you should also do the following:
1. Account password management, strictly implement account password security management, focus on troubleshooting weak password problems, long-term password non-renewal problems, account password sharing problems, built-in and default account problems.
2. Patch and vulnerability scanning, understand the status of enterprise digital assets, take patch management as a daily security maintenance project, pay attention to the release of patches, and update system, application system, and hardware product security patches in a timely manner. Regularly perform vulnerability scans to discover security issues in devices.
3. Authority control, regularly check account status, especially new accounts. Check account permissions, disable unnecessary permissions in a timely manner, be vigilant enough for new accounts, and do a good job in registration management.
4. Intranet strengthening, reinforcement of intranet hosts, regular checks for incorrect security settings, incorrect installation of security software devices, shutdown of non-essential services in devices, and improvement of intranet device security.
5. Raise the awareness of network security. Unfamiliar software, unfamiliar email links, unfamiliar websites, etc. are not easy to enter and download.
Two: emergency treatment.
Disposal plan for the first time after discovery of intrusion,
1. Cut off the network and isolate it separately to avoid infecting more systems.
2. Immediately use powerful anti-virus software for anti-virus, which may not be successful, unless the virus has been successfully released and cracked, and the anti-virus software has recorded success.
3. Use the backup software on the computer outside the isolation to restore the encrypted data. ,
4. Contact a professional data recovery company and ask them to propose a recovery plan after providing virus samples for testing.
Three: How to restore data.
1. Check if the backup data is infected, if not, just use the backup to restore it.
2. Contact the hacker to pay the ransom, which is not recommended, because it is very likely that you will be asked to increase the price again or just stop wasting time communicating.
3. Contact domestic professional data recovery companies and ask for their help. They can find the loopholes of the virus and restore the files.