Joint notice of three departments in Beijing: WannaCry 2.0 is recommended to be disposed immediately
Joint notice of three departments in Beijing: WannaCry 2.0 is recommended to be disposed immediately

Since NSA's "Eternal Blue" vulnerability was used for blackmail these two days, everyone also paid attention to network information security. With the development of the virus, the National Network and Information Security Center has been alerted. The Cyberspace Office of the Beijing Municipal Party Committee, the Beijing Municipal Public Security Bureau and the Beijing Municipal Commission of Economy and Information Technology jointly issued the Notice on the Emergence of Variants of WannaCry Extortion Worm and Suggestions on Disposal.


The full text of the Notice is as follows:

All relevant units:

According to the monitoring of relevant departments, a variant of the WannaCry blackmail worm has appeared: WannaCry 2.0. Different from the previous version, this variant cancels the so-called Kill Switch and cannot close the spread of the variant blackmail worm by registering a domain name. This variant may spread faster, and the relevant disposal method of this variant is the same as that of the previous version. It is recommended to pay attention to and dispose of it immediately.

1、 Please immediately organize intranet detection to find all terminals and servers that open the 445 SMB service port. Once a poisoned machine is found, disconnect the network immediately. At present, it seems that hard disk formatting can remove viruses.

2、 At present, Microsoft has released patch MS17-010 to fix the system vulnerability of the "Eternal Blue" attack. Please install this patch for your computer as soon as possible at //technet.microsoft.com/zh-cn/library/security/MS17-010 For Windows XP, 2003 and other computers for which Microsoft no longer provides security updates, it is recommended to upgrade the operating system version or close the ports affected by the vulnerability to avoid being attacked by viruses such as ransomware.

3、 Once a poisoned machine is found, disconnect the network immediately.

4、 Enable and open "Windows Firewall", enter "Advanced Settings", and disable "File and Printer Sharing" related rules in inbound rules. Close UDP 135, 445, 137, 138, 139 ports, and close network file sharing.

5、 It is strictly prohibited to use USB flash drives, mobile hard disks and other devices that can perform ferry attacks.

6、 Back up important documents in your computer to the storage device as soon as possible.

7、 Update the operating system and applications to the latest version.

8、 Strengthening email security and effectively blocking phishing emails can eliminate many hidden dangers.

9、 Install genuine operating system, Office software, etc.

Beijing Municipal Party Committee Cyberspace Office

Beijing Municipal Public Security Bureau

Beijing Municipal Commission of Economy and Information Technology

May 14, 2017


However, the second point in the Notice is that Microsoft provided patches for XP, 2003 and other old systems for the incident yesterday. The oil that needs to be updated can be downloaded by yourself.

Reward
Scan WeChat and reward the author

Follow our Weibo @ Love Computer

Follow our WeChat official account: playphone

Of course, we also pay attention to our Bilibili account: love computer

Share:
Lu Jiajun
edit
Business cooperation contact WeChat: lennydonny

Scan QR code and follow the author

Share Weibo Share WeChat
Aigoji WeChat

Aigoji WeChat

WeChat

WeChat

Recommended products

Sorry, the product you are looking for is not available in the product library

on trial