The entire network has been the Windows Bitcoin ransomware worm screen, the virus named Wannacry (and variant), attacks on many countries around the world organizations, institutions, many universities in China have also fallen. At least 75,000 computers were infected, according to Avast, the virus software maker. The ransomware, which is "WANACRYPT0R 2.0", has been found in 99 countries, and basically only countries with large-scale Internet-based infrastructure have survived. According to the virus provided by foreign users in real-time distribution map, Asia, China, South Korea and other countries are covered by the virus.
Emergency notice on emergency treatment of ransomware virus outbreak on the night of May 12, the virus, which was launched against the Windows operating system, was spread over the internet, and the virus computer/server files were encrypted and the screen for ransom was displayed. For all Windows servers (including intranet, extranet), the following work should be done to prevent viral infections: 1. Enable or disable Windows features in Windows System, Control Panel, and uncheck SMB 1.0/cifs File sharing support and restart the system; 2. Turn on the system firewall, use the firewall advanced settings, turn off 445 ports, and set the method to refer to the third part of the following article. http://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&mid=2650170534&idx=1&sn= dedc3ff25c3594b49bc4e6c53c9fd123&chksm= beb9c79489ce4e8253e77bf176fd1e88bfbdbe6f3b24d84acdbe391da073a87a0cf313c26fb7&mpshare=1&scene=1& Srcid=0513o1ff8qafnpyjefkplqpv#rd
3. Update system 3.14 Microsoft patch, Address https://technet.microsoft.com/zh-cn/library/security/ms17-010.aspx?from=groupmessage& Isappinstalled=0 4. Do not click on the link information in the unknown email 5. Once the virus infects the local network and prevents further spread, please act as soon as possible to avoid being hacked by the virus. For this outbreak of large-scale ransomware worm, it is recommended that you check the public security network, Internet computers, download and install Microsoft has released the relevant patch ms17-010 to repair the "Eternal Blue" attack system vulnerabilities, please install this security patch as soon as possible, the URL is https:// technet.microsoft.com/zh-cn/library/security/ms17-010; However, for older systems such as Windows XP, Windows 2003, Microsoft no longer provides security patches. However, if you have a user who uses the old system and can try to use the "NSA Arsenal immune tool" to detect the vulnerability of the system and close the ports affected by the vulnerability, you can avoid viruses such as ransomware.
Users who run the system's free antivirus software on Windows computers and enable Windows Updates can be protected against this virus. Users of Windows 10 can enable Windows updates to install the latest updates by setting up the-windows update, and you can open Security Center by setting up-windows Defender.
In addition, turn off the 445, 135, 137, 138, 139 ports, and turn off network sharing to avoid the strokes. Here's how:
1. Run input "DCOMCNFG"
2. To the right of the computer option, right-click My Computer and select Properties.
3. In the "Default Properties" tab of the "My Computer Properties" dialog box that appears, remove the tick before enable distributed COM on this computer.
4. Select the "Default Protocol" tab, select "Connection-oriented TCP/IP", click the "Delete" button
Turn off 135, 137, 138 ports
On the Network Neighborhood, right-click Properties, right-click Properties on the new connection, select the Network tab, remove the Microsoft Network file and printer sharing, and check box for the Microsoft Network client. This closes the shared side 135 and 137 and the 138 ports.
Turn off Port 139
The 139 port is a NetBIOS Session port that is used for file and print sharing. The way to turn off 139 is to select the Internet Protocol (TCP/IP) attribute in local Area Connection in Network and Dial-up connections, and go to Advanced TCP/IP settings WINS settings with a "Disable TCP/IP NETBIOS" and tick to turn off port 139.
Turn off port 445
Start-run input regedit. When you are sure, navigate to Hkey_local_machine\system\currentcontrolset\servi ces\netbt\parameters and create a new DWORD value named "Smbdeviceenabled". and set it to 0, you can turn off 445 ports.
Windows ransomware virus sweeps the world: full range of patch downloads and workarounds
