On May 12, many countries around the world were attacked by large-scale cyber attacks. After the attacker’s computer was locked, he was asked to pay Bitcoin to unlock it. Several security software manufacturers said that infection cases had been observed in nearly 100 countries, including some Chinese universities and several British hospitals. It is understood that this ransomware is a hacker tool leaked from the cyber arsenal of the National Security Agency. On United States Department of Homeland Security, a statement said that it had been learned that the above ransomware affected many entities around the world. However, the statement did not explain more except to introduce the definition of ransomware, Microsoft has released patches for this vulnerability, and reminded users that patches should be installed.
Britain was first attacked by network
The spread of malware began in Britain. The service system of the British public health system’s national health system was attacked by a large-scale hacker network on the 12th, the ransomware implanted by hackers infected and encrypted files on computers of some hospitals and health departments in England and Scotland, and then asked the victims to pay for decryption. The paralysis of the hospital computer system led to the cancellation of the appointment, the disconnection of the telephone, and the inability of patients to see a doctor.
According to the British national health agency, these hospitals were obviously attacked by “ransomware”. Attackers used a malicious software to invade the hospital’s computer system and locked the computer to ask users to pay the ransom. At present, there is no evidence that the patient’s data has been leaked.
Photos posted by users on social media show that after locking the computer, the ransomware asked for bitcoin worth 300 dollars and showed “Oh, your file is encrypted!” Dialog box with words, etc.
According to British doctors, when they log on to the national health system using infected computers, they will see the hacker’s ransom collection interface. The hacker asked the victim to pay bitcoin worth 300 dollars to obtain the key to open the encrypted important files, and warned that the ransom would double if the payment was not completed within three days.
Some affected hospitals in England and Scotland were forced to cancel the normal appointment of patients and use ambulances to transfer patients to other places. The hospital appealed that people should not go to the hospital for treatment if there is no major disease. Hospitals in Wales and Northern Ireland are not affected at present.
Cyber attacks spread to the whole world.
British Prime Minister Teresa May said after learning about the incident that the attack was not specifically aimed at the British national health system, but part of a cyber attack that spread to the whole world.
Spain’s National Intelligence Center confirmed on the 12th that many Spanish companies had suffered “large-scale” cyber hacker attacks. Several computers at the headquarters of Spain Telecom, the country’s telecom giant, were paralyzed.
Public reports show that many countries such as Italy, Portugal, Russia and Ukraine have also reported infections.
According to Rich Badger, head of Splunk cyber security company, “This is one of the largest ransomware attacks in the world so far”.
According to the statistics of Avex, a Czech network security company, 99 countries and regions around the world suffered more than 75000 computer virus attacks on the 12th, and computers were locked after infection, users are also required to pay bitcoin worth $300 to $600.
Kaspersky Lab, a Russian cyber security company, released a report on the 12th that 74 countries and regions around the world had been found to have suffered this attack, and the actual scope may be wider. The agency said that among the 20 most attacked countries and regions, Russia was attacked far more than other victims, and mainland China ranked fifth. The Russian Interfax news agency quoted Irina Volcker, the spokesman of the Russian Ministry of Internal Affairs, as saying that about 1,000 computers of the Russian Ministry of Internal Affairs were infected.
Bitcoin virus was leaked due to US cyber weapons
At present, no hacker organization has claimed the attack. However, the consensus of the industry is that this large-scale cyber attack uses hacker tools developed by the US National Security Agency (NSA). Researchers from several private cyber security companies said that hackers used the NSA code called “Eternal Blue” to make the software spread itself.
Kaspersky stressed that the hacker tool “Eternal Blue” used in this cyber attack originated from the cyber arsenal of the US National Security Agency. In April this year, the hacker organization “Shadow Broker” disclosed a batch of hacker tools of the US National Security Bureau on the Internet, including this vulnerability tool.
On United States Department of Homeland Security, a statement said that it had been learned that the above ransomware affected many entities around the world. However, the statement did not explain more except to introduce the definition of ransomware, Microsoft has released patches for this vulnerability, and reminded users that patches should be installed.
On March this year, the “WikiLeaks” website disclosed a batch of hacker tools allegedly from the CIA of the United States, criticizing the CIA for losing control of its hacker arsenal, most of these tools “seem to be spreading unauthorized among hackers and contractors of the former U.S. government”, with “great risk of proliferation”. Text/Xinhua News Agency for pictures/Oriental IC
Network security experts in many domestic universities said
Computer encounters virus attack
There is no solution after being locked.
On the evening of May 12, students from domestic colleges and universities reported that computers were attacked by viruses and documents were encrypted. The computer desktop that has been attacked will be displayed. If you want to unlock it, you need to pay a certain amount of Bitcoin.
Multiple university computers were attacked by network
Xiao Bai, a student from the City College of Zhejiang University, told the reporter of Beiqing Daily yesterday that in the same dormitory building with her, many students’ computers were attacked. “Now many students dare not turn on and use computers, afraid of being hacked”.
A student from Guilin University of Technology said that at present, more than 100 computers in their school have been attacked by the ransomware “Bitcoin virus. Most of the computers attacked are users who use campus network, “Now they dare not even campus network, afraid of being attacked”. A student from Guangxi Normal University said that on the evening of 12th, when he was revising his paper, the computer suddenly got a Bitcoin virus, the computer operation was affected and the files were encrypted. The student told the reporter of Beiqing Daily that after the computer is attacked, a red and white dialog box will appear. The dialog box will tell you what happened, how to recover and how to pay.
From the evening of the 12th, Shandong University, Nanchang University, Guangxi Normal University, Northeast University of Finance and Economics, East China Jiaotong University, civil Aviation University of China and other universities have issued relevant preventive announcements on the invasion of campus network by the ransomware Bitcoin virus.
Similar viruses appeared two years ago.
The reporter of Beiqing Daily learned that the case of using viruses to invade personal computers to extort ransom from users occurred in China as early as two years ago.
Ms Shao, a doctoral student from a university in Beijing, told the reporter of Beiqing Daily that since she clicked on a small website of authenticity of jewelry, the computer desk was changed to a black picture with a large foreign language on it.
“I went back to read the text on the desktop, which roughly meant that my computer was hacked and all the files were re-encoded.” Helpless Ms Shao can only send emails to hackers according to the instructions reserved by the other party. Soon the hacker returned an English email asking Ms Shao to pay “ransom” for her computer with “bitcoin”. Only after Ms. Shao searched the internet did she know that “Bitcoin” is a kind of “virtual currency”, which is extremely expensive. She can only send emails to bargain with “hackers” in English, finally, it was handed over to the hacker’s “bitcoin” worth 1,100 yuan to obtain the decryption program and key.
Compared with Ms Shao, the computer virus sweeping the world seems to be more advanced. Zheng Wenbin, chief security engineer of network security company 360, told the reporter of Beiqing Daily that the campus network ransomware was a remote “worm virus” that criminals transformed hacker weapons “, you can remotely attack port 445 (file sharing) of Windows. Once the computer is infected with a ransomware virus, the disk files of the computer will be encrypted and locked. Pictures, documents, videos, the compressed package and other materials cannot be opened normally.
Experts say there is no solution at present once the recruitment is successful.
Zheng Wenbin said that worms spread through port 445 have appeared in China, so some operators have blocked port 445 for individual users, but because the education network does not have this restriction, therefore, this campus network became the “hardest hit” attacked by ransomware “.
Zheng Wenbin said that for computer users infected with ransomware files encrypted, if they want to get the files back, from the current point of view, they can only pay Bitcoin, there is no other better way, however, even if Bitcoin is paid according to the requirements of criminals, there is no guarantee that encrypted files can be brought back. “We are also trying to find a way, try to see if the encrypted the document decryption can be turned on, but there is no other way for the time being.”
According to Zheng Wenbin, according to their monitoring, in addition to the education network and campus network of some domestic universities, enterprises have been affected by the virus, some civil facilities, such as the computer systems of gas stations, were also attacked by viruses. Wen/Our reporter Li Tie Zhu Wang Tianqi
Intern journalist Jiao Yimeng
3530
on May 12, many countries around the world suffered large-scale cyber attacks. After the attacker’s computer was locked, he was asked to pay Bitcoin to unlock it. Several security software manufacturers said that infection cases have been observed in nearly 100 countries, including the victims