Hacker Trojan history analysis

Hacker Trojan history analysis

Recently, the large-scale outbreak of the locky ransomware once again aroused the attention of hackers. National institutions, including the National Computer Virus emergency response center, have also issued reports on computer virus outbreaks.

As early as 2013, such extortion Trojans attracted the attention of the 360 security response center, and released a series of announcements, solutions, and analysis reports. The following lists the related announcements and technical analysis published in 360 on important time nodes in chronological order:

1. On June 19, 360, the security response center monitored a type of Trojan horse that blackmailed users by tampering with the Windows system logon password in China. It immediately responded to the attack and issued a notice: A Trojan is coming! 360 exclusive defense in China, reminding everyone to be vigilant against such Trojans.

2. on July 6, 360, the security response center issued a message announcing the launch of the Trojan unlocking service: "is the computer boot password tampered with by Trojans? Saving now! ", Provides free unlocking services for affected users.

3. In June 6, 2014, foreign security vendors discovered a mobile device-based lock screen extortion software, Simplocker. 360 Mobile Security Department responded to the virus immediately and gave an analysis report: the Simplocker analysis report introduces the technical principles of such viruses to Chinese users.

4. In January 20, 2015, the CTB-Locker trojan was first introduced to China in countries such as the United States and the United States, and 360 issued a notice immediately, CTB-Locker blackmailed the virus to China, and 360 detected and killed the Trojan. briefly introduces the propagation methods and harms of the Trojan.

5. On July 6, January 21, 2015, just one day later, the 360QVM team analyzed the CTB-Locker virus in detail: CTB-Locker, the first appearance of China, "Bitcoin blackmailed" virus analysis.

6. On March 6, January 23, 2015, the same type of biter Trojan VirLock as CTB-Locker was introduced to China. The 360 anti-virus department gave a description and reported that "another click on the virus VirLock is coming!".

7. In January 30, 2015, after analysis and research by the 360QVM team, we found that files infected with VirLock Trojans can be recovered through technical means, published the analysis report "360 The only file in the world that can successfully repair and restore VirLock variants", shared technical details with other security vendors at home and abroad, and promoted the repair of this trojan, minimize the loss of victims.

8. In May 19, 2015, the mobile phone lock screen ransomware derived from the Simplocker Trojan idea was intercepted by 360 mobile security departments, and an analysis report "Mobile Phone lock screen ransomware first appearance in China" was released.

9. In May 27, 2015, after five months of localization, CTB-Locker Trojans were gradually used and learned by domestic Trojans. During this period, the first large-scale outbreak and targeted variants in China emerged. In this regard, the 360 security response center made targeted defense (document protection function), and released a new analysis report "CTB-LOCKER Analysis Report", for the new Trojan epidemic made analysis description.

10. In August 12, 2015, CTB-Locker's close cousin CryptoLocker had gradually formed a Trojan horse in the hands of the Trojan horse authors in China for regular confrontation with security software. 360 re-release the virus alert "CryptoLocker blackmailed virus new variant"

11. In February 18, 2016, CryptoLocker again showed a new variant (the latest locky Trojan) from the means of transmission ). 360 the security response center released the report "alert to CryptoLocker fraudsters!", Describes the latest Trojan propagation methods and precautions.

Finally, we should remind users that, whether it is a less harmful lock screen scam or a far-reaching file encryption scam, developing a good security awareness is the best defense means:

1. Regularly back up important files. It is best to copy one copy on the U disk, local disk, and cloud disk to prevent unexpected data;

2. patch the operating system, IE, Flash, and other common software in a timely manner to prevent viruses and vulnerabilities from automatically intruding into the computer;

3. Do not easily open suspicious files and email attachments from strangers, and do not easily open websites with unreliable sources;

4. Professional security software should be installed and enabled on the computer, and security scanning should be performed on a timely basis.