The official website of Yiling District People's Government of Yichang City issued a warning report on blackmail virus, saying that since March 11th, a hacker organization outside the country has launched a blackmail virus attack on relevant government departments in China. After the operation, the user host hard disk data will be fully encrypted, and the victim user can access the website to download the Tor browser, and then log in to the attacker's digital currency payment window through the Tor browser, and request the victim user to pay the ransom.
According to the report, the subject of the ransomware email is “You must report to the police station at 3 pm on March 11!”, the sender name is “Min, GapRyong”, and the email attachment name is “03-11-19.rar” . After analysis and analysis, the ransomware version number is GANDCRABV5.2, which is the latest upgraded ransomware version in February 2019. After running, it will encrypt the hard disk data of the user host and let the victim users access the URL to download the Tor browser.
The notice reminds each unit to carry on the risk early warning in time, through installing the mainstream antivirus software, upgrading the virus storehouse and other measures, to carry on the comprehensive scanning and killing to the related system, to do a good job in the investigation and disposal, to dispose in time after the attack is found and to report.
The following is the full text of the briefing:
Early warning notice on Protection against GANDCRAB attack of racketeering virus
According to the monitoring by the National Network and Information Security Information Notification Center, an overseas hacker organization launched a racketevirus e-mail attack on the relevant government departments in China since March 11, 2019. The subject of the email is "you must report to the police station at 3: 00 p.m. on March 11!" the e-mail was named "Min,GapRyong" and the attachment was "03-11-19.rar". According to the analysis and research, the blackmail virus version number is GANDCRABV5.2, which is the latest updated version of the blackmail virus in February 2019.After running, it will completely encrypt the hard disk data of the user host and let the victim visit the URL to download the Tor browser. Then log in to the attacker's digital currency payment window through a Tor browser and ask the victim to pay a ransom.
Please carry on the risk early warning in time, do the check and disposal work well, dispose of the attack and report it in time. The specific preventive measures are as follows: first, don't open the email attachment of unknown origin; second, install the mainstream antivirus software in time, upgrade the virus database, scan and kill the related system in an all-round way; third, disable the automatic running function of U-disk in Windows; The fourth is to upgrade the security patch of the operating system in time, upgrade the Web, database and other service programs to prevent the spread of the virus using the vulnerability; fifth, to take measures to shut down the network of infected hosts or servers to prevent the spread of the virus.
Three Gorges Cloud Security Cente