First, what is extortion virus
May 12, 2017, called "wanna cry" of more than 150 countries and regions extortion virus attacks, affecting areas including government departments, medical services, public transport, postal services, telecommunications and automotive manufacturing. Windows system which hardest hit.
And compared to the previous number of large-scale outbreak of a virus such as Panda, Shockwave (Blaster) and so different, hackers use and purpose of this virus is no longer a mere virtuoso (simply attack the computer hardware and software) but for cable fiscal. When the hacker extortion implanted virus, which computer files will be encrypted, making it impossible to open.
Hackers will ask you to provide a bitcoins (roughly 2000 yuan, and if no delivery amount will double within the specified time), will give you the unlock password. The ransom delivery is the reason Bitcoin virtual currency is because it is difficult to be tracked, and easy to hide the true identity of the hackers.
The designers deliberately virus extortion of descriptive information translated multiple language versions became 20 countries and regions, so that the virus in the world every person can understand the payment information, showing great ambition.
And if the computer is part of a virus in a high-performance server, the virus will be implanted "mining" programs on a single computer which allow this computer to become bitcoin production tools, the attacker can be described as doing their utmost, maximum the extent to extract economic value of the victim's computer.
After the computer with a virus, it will be among the hard disk file encryption algorithm AES + RSA4096 bit.
In such encryption level, all current home computer if you want to brute force may need several hundred thousand years. So once they are infected with the virus, encrypt the files on your computer, it is in any case no way to decrypt the file. If the government or important documents of public institutions is encrypted, it can only restore the backup file.
It is noteworthy that, the virus also attacks against specific groups of people, such as "accurate delivery." They are the focus of a public mailbox attack big business, restaurants, etc. official website. At first the virus disguised as a title very attractive e-mail, or disguised as PDF, DOC such common document, if there are loopholes in computer link or open these files, it is possible to hit.
If you caught in a computer local area network which, so long as a computer virus, as long as the other computer turned on the Internet, will soon be infected.
Virus like to attack through port 445 file sharing and printer sharing network vulnerability port.
The contents of references to: https://wenku.baidu.com/view/a064236f657d27284b73f242336c1eb91b373365.html?
Second, the anti-extortion Ali cloud solutions
- For server assets on the cloud, if you are concerned you can start from the first step extortion virus cloud security center. For general blackmail virus.
Cloud Security Center includes:
[] Regularly scan virus detection process and monitoring process start event detection mechanism by cloud killing malicious viruses and Trojan process.
[Support] to suspend the process of killing the virus and quarantine malicious files in the console a key.
For extortion virus: WanaCry, CryptoLocker encrypted file type and other ransomware. There are relatively good killing effect. And detecting Linux, MysqlDB extortion and other software tampering login screen, leaving the situation mailbox or Bitcoin wallet address.
- Cloud boundary protection firewall further isolated from the system.
Internet Business Protection: For example, a user in addition to HTTP financial services, there are other types of business exposure on the Internet. User needs to use intrusion detection module (IPS) for protection.
Proactive outreach protection: for example, a government industry users, in addition to attention to defense from the Internet business, and also focus on analyzing business outreach initiative to determine which hosts are already at risk status, and these anomalous behavior in real-time blocking, avoid Potential risks.
Micro isolation protection: for example, an electricity provider customers, although all HTTP traffic, and uses a Web application firewall protection, but expect to be safe isolation between different services, enhance the overall network control capabilities to avoid because of a security ECS risks resulting from the business risk of the entire cloud.
- The use of website vulnerability scanning capabilities to improve the defense in depth.
Website Vulnerability Risk Assessment
Based on the large accumulation of information and intelligence data to provide intelligent adaptive detection rules to achieve a comprehensive vulnerability risk assessment. Comprising: a front-line inspection on site; site daily security assessment; website security assessment during major events.
Hackers attack linked to horse tampering monitoring
provides home inspection services and web content testing services to help you in real time to check whether your home has been attacked, the risks linked to horse, dark chain, spam, etc., and found the first time after the notice was risk of attack you.
Ali cloud anti-extortion solutions link: https://m.aliyun.com/markets/aliyun/anticrypto
III Summary
extortion virus focuses on prevention, once caught even pay ransom nor will be able to get the password. By advance prevention can reduce the probability of the move to reduce possible losses.