On Friday, 12 May,2017, a large cyber-attack infecting more than 230,000 computers in 150 countries, demanding ransom payments in the crypto currency bitcoin in 28 languages. This cyber-attack using a Network virus named WannaCry, WannaCry is a ransom ware program targeting Microsoft Windows.
WannaCry spread through the worm program affecting computers worldwide, The initialin fection might have been either through a vulnerability in the network defenses or a very well-crafted spear phishing attack. When executed, themal ware first checks the "kill switch" domain name. If it is not found, then the ransom ware encrypts the computer's data, then attempts to exploit the SMB vulnerability to spread out to random computers on the Internet, and "laterally" to computers on the same local area network(LAN). As with other modern ransom ware, the payload displays a message informing the user that files have been encrypted, and demands a payment of around $300 in bitcoin within three days or $600 within seven days.
The virus makes Monday (May 15) business will face significant risks! There is also a variant of WannaCry 2.0, seemingly spread faster, there may be more variants behind! If your computer becomes the following figure, prove that your computer is under attacking.
Do not worry! Now teach you recipe control:
If your computer is under attacking do not be afraid, immediately organize the network detection, to find whether there are open 445 SMB service port, such as the immediate disconnection processing,the current format hard disk can be clear, You can install anti-off protection tools, document guards, try to restore the encrypted file.
The following recipe take precautions to prevent WannaCry from being infected:
1. Download Microsoft has released the MS17-010 patch to fix the "Eternal Blue" attack system vulnerabilities, with particular attention to the URL, do not enter the fishing URL.
2. Windows 2003 and XP users do not have the official patch, available the following methods:
Open and enable Windows Firewall, go to"Advanced Settings", disable the "File and Printer Sharing"setting; or enable personal firewall closures 445 and 135,137,138,139 and other high-risk ports. Has been infected with the virus machine immediately off the net, to avoid further spread of infection.
3. Download Now NSA Immune Tool Patch Reinforcement System and Download Documentation Guardian Backup Documentation Download NSA Immune Tool
4. Do not visit suspicious sites,do not open suspicious mail and files, important information to backup to the storage device!
Shenzhen Kuncan Electronics Co.,Ltd remind : The WannaCry is not terrible, the fear is that we lose confidence! Hurry to do the above precautions!