Global ransomware attacks in China's campus network is widely infected

Yesterday, ransomware attacks broke out in many countries around the world such as the United Kingdom, Italy, and Russia. A large number of universities in China were also infected. The computer files of many teachers and students were encrypted by the virus and could only be restored by paying ransom. According to an urgent announcement from 360 Security Guards, criminals used hacking weapons leaked by NSA to attack Windows vulnerabilities and quickly spread ransomware such as ONION and WNCRY on campus networks. Computer users are advised to use 360 "NSA Arsenal Immunization Tool" as soon as possible to defend.

Picture: Ransomware infection carried by NSA hacker weapons

According to analysis by the 360 Security Center, the ransomware on the campus network was spread by the "Eternal Blue" hacker weapon leaked by the NSA. "Eternal Blue" can remotely attack Windows port 445 (file sharing). If the system does not install the Microsoft patch in March this year, no user action is needed. As long as you turn on the Internet,"Eternal Blue" can execute arbitrary code on the computer., implant malicious programs such as ransomware.

Due to the emergence of worms spreading through port 445 many times in China, some operators have blocked port 445 for individual users. However, Education Network does not have this restriction. There are a large number of machines with port 445 exposed, making it the hardest hit area by criminals using NSA hacking weapons. In the graduation season of colleges and universities, the ransomware has caused some recent graduates 'papers to be encrypted and tampered with, directly affecting graduation defense.

At present, the ransomware spread by "Eternal Blue" is mainly composed of two families: ONION and WNCRY. The disk files of the victim machines will be tampered with the corresponding suffix, and various data such as pictures, documents, videos, and compressed packages cannot be opened normally. Only by paying a ransom can they be decrypted and restored. The extortion amount of these two types of ransomware is 5 bitcoins and 300 US dollars respectively, equivalent to more than 50,000 yuan and more than 2000 yuan respectively.

360 's monitoring data on campus network ransomware incidents shows that the ONION virus first appeared in China, with an average of about 200 attacks per hour, reaching more than 1000 per hour during the night peak; WNCRY ransomware was a new global attack on the afternoon of May 12 and spread rapidly on campus networks in China, with about 4000 attacks per hour during the night peak.

Security experts have found that the ONION ransomware virus will also spread in groups with mining machines (computing to generate virtual currency) and remote control Trojans, forming a Trojan virus "gift package" that integrates various malicious behaviors such as mining, remote control, and extortion. High-performance servers mine for profit, while ordinary computers encrypt files to extort money, maximizing the economic value of the victim machines.

Microsoft issued a patch in March this year to fix the Windows system vulnerability exploited by NSA hacking weapons. Previously, the 360 Security Center has also launched the "NSA Arsenal Immunization Tool", which can detect and repair vulnerabilities in NSA hacker weapon attacks with one click; for systems such as XP and 2003 that have stopped updating, the immunization tool can close the port where the vulnerability is exploited to prevent computers from being hacked into malicious programs such as ransomware.

Download the NSA Arsenal Immunization Tool: http://www.example.com