What is ransomware?

Blackmail virus is malicious software that hackers hijack users' files by locking screens and encrypting files, thus extorting users' money. Hackers use system vulnerabilities or phishing methods to implant viruses into the victim's computer or server, encrypt files on the hard disk or even the whole hard disk, and then ask the victim for ransom of different amounts, and then decrypt them.

Forms of ransomware

1. Modify the computer startup password and login password to lock the computer.

Rip-off Trojan Horse: Usually disguised as plug-in software, it sneaks into the user's computer, modifies the user's login name and password, and implements lock-in extortion, but generally it does not destroy system files or user files. Anti-virus software will intercept such Trojans under normal operation, which is why many plug-ins require users to turn off or uninstall anti-virus software.

2. Pretending to be a security agency to intimidate users.

Reveton blackmailer virus: according to the user's location, it pretends to be the law enforcement agency where the user is located, claiming that the user's computer is attacked and used for illegal activities, and the user needs to pay a fine to unlock the system. A 17-year-old middle school student named Joseph Edwards committed suicide because his computer was infected with the Reveton ransomware.

3. Encrypt user files and data.

WannaCry: Use symmetric encryption algorithm and asymmetric encryption algorithm to encrypt computer documents. Once the user is recruited, the data cannot be recovered unless the hacker is paid a ransom to buy the decryption key. This time, WannaCry used the dangerous vulnerability "Eternal Blue" leaked by NSA to spread, resulting in a large area of computer users being attacked by ransomware. In addition, CryptoLocker, VirLock, Locky and other ransomware are also of this type.

4. Tamper with the disk MBR and encrypt the whole computer disk.

Petya blackmailer virus: it infects the MBR of computer system, covering the whole hard disk, causing Windows to crash and display a blue screen. When the user restarts the computer, the modified MBR will prevent Windows from loading normally, encrypt the whole disk, and then display an ASCII skeleton image, prompting to pay a certain amount of bitcoin, otherwise the access rights of files and computers will be lost.

The cause of the virus

1. Spam: Criminals send emails to targets by forging email addresses. These emails will contain attachments with viruses or add links to phishing websites in the email body.

2. Pit attack: criminals implant malicious software into websites frequently visited by enterprises or individuals, and once they visit these websites, malicious programs will use vulnerabilities to infect them. (Web page hangs a horse)

3. Bundled communication: normal software or malicious software is bundled and spread, and users activate malicious software while downloading and installing these software, resulting in virus infection. (especially game plug-ins)

4. Spread by mobile storage: spread by infecting access devices with mobile storage media such as U disk, mobile hard disk and flash memory card. (Iran's nuclear facilities are like this. )

In the final analysis, the reason of virus in most users is lack of awareness of network threat prevention, and easy to trust email information and software content. Many criminals just take advantage of users' greed for petty gain and disguise Taobao JD.COM to send discounted emails to trick users into clicking. Many of them are spread through game plug-ins. In order to satisfy my vanity, I don't know that I have been trapped by illegal hackers when I use plug-ins, which leads to extortion.