On May 14, Wanna Cry extortion occurred the second day, just as domestic security vendors responded positively and pushed the relevant defense program. At the same time, the National Network and Information Security Information Center released a new variant warning: WannaCry 2.0 is coming Version of the difference is that this variant canceled Kill Switch, can not register a domain name to close the variants of the spread of the virus, the variants may spread faster.
In this regard, Tencent anti-virus laboratory Ma Jinsong said that although the current monitoring of the data did not fully confirm the WannaCry 2.0 extortion virus has been struck, but the possibility of a new variant is very large. Especially with the weekend after the arrival of the working day, the risk of further development of the virus spread is high. In particular, colleges and universities, enterprises, government agencies and other Internet users are still high-risk groups, need to do a comprehensive and comprehensive safety diagnosis and defense initiatives. However, due to the lack of relatively authoritative corporate network administrator defense initiatives, the vast majority of business users are still in the helpless panic.
Tencent anti-virus laboratory security team through technical research, on the evening of 14 launched for the susceptible enterprise customers launched a computer steward "administrator assistant" diagnostic tool. Enterprise network administrator as long as the download of this diagnostic tool, enter the target computer's IP or device name, you can diagnose the target computer is infected loopholes loopholes. The biggest benefit of this diagnostic tool is to provide an effective tool for network administrators to diagnose computer equipment security and defense, which can help companies fully understand the security of computer equipment, greatly enhance the efficiency of the administrator, and in the diagnosis of the guidance of the report Under the health of the equipment has not yet patched in time to patch, layout defense.
Steps for usage
After decompression, execute MS_17_010_Scan.exe on the command line and pass the target computer IP to be diagnosed.
The tool will display the test results: If there is no risk, it will show NOT Found vulnerability. If there is a risk, the Found Vessel MS17-010 and the target computer's operating system version will be displayed.
Computer poisoning after the screen out of the blackmail letter
China National Internet Emergency Center said that at present, the security industry has yet to effectively break the blackmail malicious malicious behavior, the user host once the blackmail software penetration, only by reloading the operating system to lift the blackmail, but the user important data The file can not be restored directly. Although there are manufacturers to launch the so-called file recovery tool, but the gimmick is far greater than the practical value of the computer once the move, the possibility of file recovery is almost no.
In the prevention, Tencent security joint laboratory anti-virus laboratory person in charge, Tencent computer housekeeper security technology expert Ma Jinsong pointed out,First, temporarily shut down the port.Windows users can use the firewall to filter personal computers, and temporarily turn off the 135,137,445 port 3389 remote login (if you do not want to turn off the 3389 remote login, at least close the smart card login function), and pay attention to update the security products to defend, try to reduce the computer attack risks of.
Windows users can use the firewall to filter personal computers, and temporarily shut down 135,137,445 port 3389 remote login
Second, the timely update Windows has released security patches.In March MS17-010 vulnerability has just been burst, Microsoft has for Win7, Win10 and other systems, including a security update; the incident broke out, Microsoft has quickly not yet provided official support for Windows XP and other systems released Special patch.
Third, the use of & ldquo; blackmail virus immune tool "rupian to repair.Users through other computers to download Tencent computer housekeeper "blackmail virus immune tool" and offline version (), and copy the file to a safe, non-toxic U disk; then the designated computer in the closed Wi-Fi, unplug the network cable, State boot, and as soon as possible to backup important files; and then through the U disk to use the "blackmail virus immune tool" off-line version, a key to repair loopholes; network can use the computer.
Tencent computer steward for the introduction of extortion virus "Laughter virus immunization tools & rdquo;
Fourth, the backup.Important information must be backed up, beware of loss of information.
Ma Jinsong pointed out that the major colleges and universities usually access the network is for education, research and international academic exchange service education and scientific research network, the backbone of the network for academic purposes, most of the 445 port do not do to deal with, which is leading to the college Become one of the reasons for the hardest hit.
In addition, if the user computer to open the firewall, will prevent the computer to receive 445 port data. But in China's colleges and universities, some students in order to play LAN games, and sometimes need to close the firewall, but also the incident in the Chinese universities to spread another reason.
Tencent security joint laboratory anti-virus laboratory announced the virus attack flow chart
At the same time because the Trojan encrypts using AES to encrypt the file and uses the asymmetric encryption algorithm RSA 2048 to encrypt the random key, each file uses a random key that is theoretically unbreakable. For the current online to pass the Trojan virus release the key, has been confirmed as rumors. In fact, in the public network environment, because the virus switch mechanism is set to close mode temporarily stopped the spread, but does not rule out the possibility of making new variants of the author. To remind the majority do not believe in rumors, so as to avoid more serious losses.
Finally, to remind the majority of users, be sure to strengthen the network security awareness, unfamiliar links do not click, unfamiliar files do not download, strange mail do not open!