Tencent Security Release Report: The black chain behind the blackmail virus has taken shape

  On March 19th, Tencent Security officially released the “Review Report on the ransomware activity in 2018”. The report stated that the ransomware attack as a whole showed an upward trend throughout 2018, and several large-scale cyber attacks were triggered. From the geographical distribution of attacks, the current ransom virus is distributed throughout the country, with Guangdong, Zhejiang, Henan and other regions being the most serious. From the perspective of the industry, traditional industries, education, and the Internet are the most serious, followed by medical and government agencies. Take the medical industry as an example. Among the top three hospitals with relatively complete network security in the industry, 42% of the hospitals still have “eternal blue” loopholes on the computer side. The average number of computers in the top three hospitals per day is detected by WannaCry. Blackmail virus. At the beginning of 2018, two provincial hospitals in China suffered from ransomware attacks, which caused the hospital to be unable to receive treatment for a period of time, and even caused the system to be paralyzed for a long time. In addition, manufacturing is one of the most frequently cited targets. In 2018, TSMC and Boeing aircraft factories suffered from ransomware. After the ransomware attacks the system, the victim is typically blackmailed for digital currency or other currency. After the explosive growth of the ransomware in 2018, there is a clear trend of division of labor. For example, a complete ransomware attack process may involve five roles: ransomware authors, extortion implementers, communication channels, agents, and victims. Specifically, the virus author is mainly responsible for writing and composing, and confronting the security software; the extortion implementer gets the customized version of the source program from the virus author, obtains the exclusive virus by customizing the virus information, and divides the revenue with the virus author; Help the extortion implementer to complete the spread of the virus; as an important part, the agent falsely claims that he can decrypt the software for ransomware encryption, ask for a ransom, and earn a difference. At present, there are also “decryption companies” on the market. These “decryption companies” are actually agents of extortionists in China, using the weaknesses of domestic users to purchase digital currency, and attracting victims at relatively cheaper prices. Contact the decryption and earn the difference throughout the process. According to a transaction record published on the official website of a decryption company, a decryption company relies on a ransomware intermediary agent to earn 300W yuan a month. According to the report, for ransomware, the most important thing is to back up the data. You can use the “two two one principle”, that is, save three important documents, using at least two different storage carriers, at least one of which is stored in a different location.