The plan says: "WannaRen " blackmail virus to atttack source exposure 360 safe cerebra uncover secret behind the curtain solely " conceal shadow " interview an object to offer a plan
New civilian evening paper dispatch (reporter Jin Zhigang) recently, a kind the name is " WannaRen " new-style bit money blackmails virus large-scale transmission, in of all kinds stick, the move in community report seeks help the number rises more quickly. Affect " WannaRen " the user that blackmails virus, important file can be added close be asked for by the hacker 0.05BTC ransom.
Detecting unusual for a short while, 360 safe cerebra discover first times " WannaRen " blackmail virus origin and correlation arrives gang of hacker of behind the curtain, and first cent separate out blackmails attack code truly. Original, "WannaRen " the author that blackmails virus borrows before this just about " lasting blue " of flaw disaster random network " conceal shadow " organization.
From 360 safety cerebrum tracks data to look, "Conceal shadow " familial adding early previous conviction of respect of close money detinue. Be in early in atttacking an activity before, "Conceal shadow " familial and main pass " lasting blue " flaw, punching bag computer, and amid is embedded the trojan that dig mine, borrow " fryer " (by illegal control computer) dig take PASC money, door collect money to wait add secret number money, seek profit with this get rich. This " conceal shadow " the organization changes the way that borrows the trojan that dig mine to seek profit, commutation train of thought passes entire network deliver " WannaRen " blackmail virus, ask for ransom to gain profit.
On attack feature, "Conceal shadow " hacker gang basically uses BT to download implement, the transmission such as activation tool, ever also had appeared to borrow " lasting blue " flaw is transverse in the local area network the circumstance that shift diffuses. "Conceal shadow " hacker gang inbreaks in the success after target computer, can carry out a PowerShell to download normally implement, use this to load implement the postern module of below download one phase and the trojan that dig mine.
And this new-style bit money blackmails virus " WannaRen " diffuse in the activity, look from the surface with this before " WannaCry " virus is similar, it is virus inbreaks after computer, play piece blackmail a dialog box, inform already added secret file and ask for bit money to the user. But from actual charge the process looks, "WannaRen " blackmail virus to be passed just about " conceal shadow " commonly used PowerShell downloads hacker gang implement, the postern module that release carries out virus.
Once enterprise user is enrolled in misfortune, "WannaRen " blackmail virus likely inside the net diffuses. Broad nevertheless user need not worry overly, 360 safe bodyguard but this blackmails effective intercept virus.
