What is blackmail virus
Extortion virus, is simply used by hackers to hijack user data, the huge ransom to obtain weapons. Because the loss of business caused by the user greater, extortion virus appeared to cause the majority of business users and the security vendor's attention. The virus mainly through the loopholes, mail and advertising to spread, to encrypt files, you must be possible to get the key to crack using a variety of encryption algorithms to ask for ransom in varying amounts to the victims to be decrypted before. The harsh nature of the virus, have done great harm variant type very fast, conventional anti-virus software has immunity, once the infection will give business users incalculable losses.
Virus rampant extortion case
Network security consciousness big event, I must mention in the first half of 2017 WannaCry (Eternal Blue) outbreak, only four days, authorities have released statistics show that more than 100,000 organizations and institutions nearly a hundred countries around the world compromised including 1,600 US organizations, 11,200 Russian organizations, China is more than 29,000 IP are infected, according to "the Wall Street Journal" reported that, George Ng, chief technology officer of Silicon Valley network risk modeling company Cyence said, causing the network attacks the global computer crashes direct costs totaled about $ 8 billion, which have not yet figured ransom turnover. . Including many corporate network systems in Spain, telecommunications giant Telefonica, power company Iberdrola, Gas Natural energy suppliers, including paralysis; Portugal Telecom, the US transportation giant FedEx, Sweden, a local government, Russia's second largest mobile operator MegaFon also exposed out attack. And, with the virus version of the update iteration, the specific figures far more than statistics. After that, Petra, Bad Rabbit, master, Sega2.0, arena and other extortion virus began raging.
The FBI reported that more than 4,000 every day since ransomware attacks occur, and other research institutions, said that generate 230,000 new malware samples per day. On the one hand is growing, varieties, complex, powerful blackmail virus, on the other hand it is just awakening to network security threats or business users yet awakening of consciousness almost streaking thousands of enterprise network security how to do? ? ?
Extortion Virus
A common form of extortion virus
1: file encryption extortion virus: All files are encrypted (documents, pictures, videos and even database), infected files will be deleted after being encrypted, users will usually see the text file containing payment instructions. When a user attempts to open one of the encrypted file, you may find that a problem.
2: lock screen extortion virus: modify the computer power-on password, login passwords lock the computer, and to request payment, usually will show a full-screen image and block all other windows open, affecting the normal office.
3: disguised as security agencies to intimidate users: common is disguised as law enforcement structure of the user location, claiming the user's computer or network attack conducted unauthorized access, the system is locked, need to pay a certain amount of a fine to unlock.
4: MBR extortion virus: encrypted computer disks, infected computer systems, interrupt the normal boot the computer, and then displays the contents of the ransom on the screen (usually bitcoin). This virus is different from the file type extortion virus after infection may adopt disk-level encryption technology to overwrite the disk, the data almost no possibility to restore.
Second, extortion virus attacks common for business users
1: exploits
Loopholes in the system, WEB service vulnerabilities, database vulnerabilities inevitable bugs and so on, but if not repaired in time, the attacker will have the opportunity.
2: weak password attack
Various types of account used by the database server, remote access, etc. The default password or password too simple, that the use of weak passwords, in which case, it is easy to crack the violence, to steal, encryption, tamper with or even delete important enterprise data.
3: phishing attacks
Business users will also be phishing e-mail attacks, business dealings had to open a lot of mail, once opened the attachment contains a virus, it will lead the entire enterprise network attacks.
4: the removable storage medium by propagation
By infecting U disk, mobile hard disk, a removable flash memory card that the storage medium access device by the spread of infection.
Extortion virus solution
Most traditional companies either lack of information defense system, network streaking, or talk about border security, such as firewall only buy a building made to feel indestructible protective shield wall, the lack of ability to resist emerging threats, nor set up before, during and afterwards all aspects of protection system, in the face of network security threats, often only yield, resulting in huge economic losses. But the corporate network filled with a variety of security threats, need more than a "wall", and multiple dimensions from security technology, security management and security operations such as starting, in order to enhance the capacity of enterprises against emerging threats.
According to blackmail virus common and widespread species of attack, to remind the majority of business users:
1.普及网络安全知识,养成良好的工作习惯
(1)做好全员安全教育,不要点击陌生链接、慎重打开来源不明的邮件等,避免用户危险行为造成病毒的感染和传播,。
(2)避免弱口令,建议登录口令尽量采用大小写、字母、数字、特殊符号混合的组合结构,且口令位数应足够长,并在登陆安全策略里限制登录失败次数,定期更换登录口令。
(3)多台机器、多个账号不使用相同或相似的口令。
(4)重要资料定期隔离备份。
(5)定期检测系统漏洞并修复,及时更新补丁。
2.加强企业网络安全管理,提高风险防范意识
(1)建立有效的网络安全管理机制,如:共享文件夹的访问权限设置,U盘等外设的连接管理,大文件传输管控等。
(2)安全技术与安全管理并重,重视员工网络安全风险防范意识的提高。
3.部署专业的企业安全软硬件,保障网络正常运营。
(1)部署专业、必要的安全产品,可以快速、有效地解决企业网络安全问题,降低企业运营风险,并能很好地起到风险预防的作用。
4.普及网络安全知识,养成良好的工作习惯
(1)做好全员安全教育,不要点击陌生链接、慎重打开来源不明的邮件等,避免用户危险行为造成病毒的感染和传播。
(2)避免弱口令,建议登录口令尽量采用大小写、字母、数字、特殊符号混合的组合结构,且口令位数应足够长,并在登陆安全策略里限制登录失败次数,定期更换登录口令。
(3)多台机器、多个账号不使用相同或相似的口令。
(4)重要资料定期隔离备份。
(5)定期检测系统漏洞并修复,及时更新补丁。