The age of extortion and viruses

This article starts from the daily newspaper, reprint please indicate the source
Cosine, the hacker is only a symbol

Yesterday's wannacry extortion worm swept the globe, even as we walked around the border with a fright.

Countless not dozen MS-17010 patch Win computer or server recruit, especially many schools, related units have a variety of large network, this wave may directly cause these institutions work paralysis ...

The whole world is flooded with the following blackmail virus interface:

Don't go through the process, say some of the views of this year, some of the big ideas have been raised at the beginning of the year, excerpts from the following: A lot of hacker attacks are going on in the field of hacker skills. In addition to the massive net attack, you are almost not worth the black The essence of security is trust, "tight internal poly-loose coupling" is a great thought hacker attack in the presence of God's perspective, defense is the same as any hacker attack will not let the Internet destroy hackers can only be an identity, in addition, hackers and normal people no difference cost is anyone need to consider the important factors, including hackers ...

This is the history of the wannacry extortion of worms, should be more able to arouse public safety awareness. Although I believe, will soon forget. In any case, the following points or suggestions come from the security personnel who have long been on the border, hoping to touch you.

1. The evil of anonymity

Anonymous currencies such as Bitcoin, almost all of the blackmail virus, only receive Bitcoin, for the simple reason that Bitcoin can be anonymous, which is the best shield for these criminals.

Although this does not negate the value of the anonymous currency, but this cruel "bad" fact, you and I see. Do not say the anonymous currency, as long as it is anonymous, there will always be an angle to reveal the ugliness of human nature incisively and vividly.

I used to joke that Bitcoin was so ferocious that I should be thankful for the blackmail virus.

2. Extortion followed by large loopholes

In general, after a big loophole, because of the anonymity of the evil and huge industrial interests, followed by the extortion of the virus. At the moment, the time of week to one months is likely, and it should be getting faster.

From last year's entry into our vision of the Redis, MongoDB, elasticsearch blackmail virus, then as long as a big loophole (such as Struts2 last month, s2-045 loophole) have to blackmail, the formula is leaked eternalblue loophole, In less than one months was followed by a shocking global wannacry ...

This phenomenon should give us a very thorough lesson, once a loophole erupts, in order not to be black, our emergency gold cycle needs to be within 24 hours, even shorter. Whether business or business is small, should continuously optimize their own emergency gold cycle and emergency strategy. If, for a variety of reasons, the contingency is delayed for a week, it will have to face at least the risk of being infected with a worm that could be blackmailed.

For those of us who do security defense at party A, this is really internal and internal. Invasions is either likely to be hacked to steal data or be blackmailed; Nei, each family has the difficulty of the family, sometimes emergency speed is an organized campaign, there is no smooth internal communication environment, difficult.

3. Worm propagation can break the "myth" of Isolation

At the moment, there are countless units in the country, isolated from the internal network to fight against attackers, this way has proved very fragile. Just like this extortion worm spread, how to enter the inner network. Can be like this: 1 infected with a boundary of the Win server, the server can be through the intranet, so the intranet suffer;
2 in a certain scene under the infection of a person's Win computer, this person ran to other internal network to the Internet, so the intranet suffer;

Worms, is so unbridled spread, if you have to infect the way the U disk, then spread the way to another one. When I was in college, in the school network management team, and rely on writing a variety of virus specifically killed into this line, and later I wrote a number of various types of "benign" worms, the worm is really a special feeling. Now look back, after all these years, the fragility of the university network has improved too slowly.

4. Cost Considerations

In fact, this wannacry blackmail worms, as I issued, only received less than 17 Bitcoin, almost 170,000 yuan. These 170,000, for this "shocked the world" look, is indeed too little, but because of this, causing the extortion team had to give priority to "escape" problem, the matter is big, absolutely the first to be targeted, 170,000 enough to run the road.

For us, I offer one of the most pertinent advice: whether a computer mobile server or any other machine is recruited, try not to pay any ransom costs. Let an industry quiet the best way to make it lose money.

5. Some good habits

In addition to the "Emergency golden Cycle" mentioned above, there is a good habit to develop for this incident, that is, to back up the service. Individuals should develop different periodic backup habits for different files of an important degree, such as a day and a week of backup strategies.

Then, the vigilance heart must have. There is an interesting phenomenon, the previous year on the IPhone XcodeGhost event, many users shouted "Fortunately I do not use the IPhone", now this wannacry event, and many users shouted "Fortunately I do not Win." Don't be lucky, no matter what you use, black and not black is not entirely up to your consciousness, for the vast majority of people, in fact, it is not a personal consciousness to decide whether to be black.

If it's really dark, where can you hide? :)

For Win users who have not been hacked and not patched, please refer to Microsoft's official solution:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

The solution, Microsoft's unprecedented support for antique XP, can imagine the impact of this worm event how much.

If the 445 port for you do not have special significance, the proposed shutdown, Win on the firewall can be set up on their own to find out how to do it, no longer repeat.

In the age of extortion, we are either a security person capable of confrontation or a good habit as described above.