Home > News content

Extortion virus source exposure, found the US National Security Agency

via:博客园     time:2017/5/13 19:30:22     readed:1206

According to foreign media reports, has been in the world dozens of countries outbreak of the computer blackmail virus was finally found, it is based on the US National Security Agency (NSA) collection of software vulnerabilities developed. This once again raised controversy over the risks associated with the collection and use of software vulnerabilities by NSA and other intelligence agencies.

In the past, these intelligence agencies found that after the loopholes are not the first to inform the company to help them repair loopholes, but to use them for espionage.

This kind of malware has caused thousands of computers in the world to be infected, and Europe, Latin America and parts of Asia are the most important. The attack is "blackmail" the latest outbreak of the virus, in this attack mode, the hacker can send infected files to the computer, prompting the computer to automatically encrypt their data, people can not access, until the ransom.

British Prime Minister Theresa May (Theresa May) said: "The attack is not only for the medical industry, but international attacks, many countries and institutions of the computer are infected." & Rdquo;

According to a former US official who declined to be disclosed, the blackmail virus could have been exploited based on NSA's vulnerability in Microsoft software. After the August 2016 cyber attack, NSA informed Microsoft of the vulnerability. In March, Microsoft has released patches to fix this vulnerability. In April, the self-proclaimed "Shadow Brokers" organized the vulnerability on the Web.

But many system administrators do not seem to install this patch, causing many computers to leave security vulnerabilities. On computers that do not update patches or are still using outdated operating systems, hackers can encrypt data through malware, which can not be accessed. It is not clear who in the end who launched the global attack, and now only know "Shadow Brokers" first exposed the NSA tool, there may be hackers use such a tool launched a large-scale attacks.

"The attacks underscore the fact that software vulnerabilities are not only being exploited by our security agencies, but also by hackers and criminals around the world," he said in a statement that the NSA's US Civil Liberties Union said. "NSA has not yet responded to this, but some experts sympathize with the agency, because it has warned Microsoft. But some people say: "In this case, condemning NSA some unfair, they may have taken the best defensive measures. & Rdquo;

But the speed and size of this malware spread surprised many experts. Chris Camacho, chief strategy officer for Flashpoint, a network intelligence firm, said: "This is the first time we have seen such a massive global attack, quite shocking. This morning, people woke up to think that the virus broke out only in Europe. Nowadays, it has spread to the whole world and has become a global virus attack. & Rdquo;

Network experts say that malware attacks by "dragging" to lure e-mail recipients to click on false links. When a computer is infected, its other computers in the network are infected. In some cases, the malware is also sent in junk e-mail. The spread of this kind of malware is so fast, because it is through the NSA development of special digital code spread, can never spread the computer quickly spread to other computers.

Security experts warn that the malware is now spreading from large networks to individual users. Camacho said: "This may be the first case of using & lsquo; random worm & rsquo; attack. & Rdquo;

The culprit in the global computer virus outbreak is Wanna Decrypt0r 2.0, which seems to support 28 languages, which highlights the global ambitions of its creators.

Microsoft has issued a statement in the United States local time 12, announced that it will take further measures to protect the system to prevent malicious attacks. The statement said: "We have released security patches in March to provide additional protection to prevent this potential attack. Those devices that run our free antivirus software or Windows Update are protected and we are working hard to provide additional help to users. & Rdquo;

Network security company Kaspersky Lab claims that its security software has found that Wanna Decrypt0r 2.0 in 74 countries around the world broke out, launched a total of more than 45,000 attacks, most of which broke out in Russia. And the actual number of attacks may be much higher than this.

Czech security software company Avast researchers said that this malware can lock the computer, and then send text messages through the blackmail information, wrote: "You need to pay the service fee to decrypt!" This fee is $ 300 worth of virtual currency bitmaps, and they are sent to accounts that are difficult to track. It is not clear who will receive the ransom.

Compared with many previous attacks, the $ 300 ransom's asking price is very low. For example, in June 2016 occurred in the University of Calgary blackmail attack, the school was forced to pay anonymous hackers worth nearly 16,000 US dollars of the bit currency.

Wanna Decrypt0r 2.0 text information also said: "do not have to worry about decryption! We will certainly decrypt your files, after all, if we cheat the user, no one will trust us! & Rdquo;

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments