Virus overview
Recently, new-style blackmail virus " WannaRen " fast on Chinese network transmission, this computer virus with " .WannaRen " undertake adding to the file for suffixal name close, ask to pay talent of 0.05 bit money to decode a file inside 3 days inside clew window, ransom of exceed the time limit will turn over times.
Day be in harmony believes safe group to already was in undertake an analysis to virus for a short while, update EDR virus library, can blackmail virus to this effective defense.
New-style blackmail virus " WannaRen " will raid
New-style blackmail virus " WannaRen " will raid!
Should blackmail virus to download through PowerShell implement the postern module that release makes WINWORD.EXE program and Wwlib.dll file, start Wwlib.dll of WINWORD.EXE to load to implement baleful code next, will baleful code is embedded carry out to the process add close.
New-style blackmail virus " WannaRen " will raid
The file is added close hind, suffixal name instead " .WannaRen "
The file is added close hind, suffixal name instead " .WannaRen "
"WannaRen " blackmail virus to add close hind can play window clew, be had to refer this locality Key only by infection client (close key) the file with the secret to adding ability after paying ransom money undertakes decoding.
WannaRen " blackmail virus to add close hind can play a window
Precautionary measures
1, EDR of letter of installation day be in harmony undertakes virus is checked kill with defence, enterprise edition and stand-alone edition all can realize this lash-up that blackmails virus to defend.
Already installed day be in harmony to believe the client of EDR, virus library upgrades to 2020/04/08 and above version to essence of life identifies definitely and can be checked kill this to blackmail virus.Day be in harmony believes EDR
Day be in harmony believes safe daily record
Did not install day be in harmony to believe the client of EDR, but edition of try out enterprise or download stand-alone edition undertake detecting to should blackmailing virus with check kill.2, do not click the mail accessory with unidentified origin.
3, do not visit doubtful network address.
4, the important file in fixed backup computer.
5, flaw of seasonable rehabilitate system.
Day be in harmony believes EDR to get way
1, try out of edition of enterprise of EDR of letter of day be in harmony: Can believe each branch to get through day be in harmony.
(inquire network address: Be in harmony of day of proper motion Baidu believes official website)
2, edition of stand-alone of EDR of letter of day be in harmony downloads an address:
(inquire network address: Be in harmony of day of proper motion Baidu believes official website)
Day be in harmony believes official website
-------------------------------------------------------------------------------------------------------------
Pay close attention to me, attention for a short while information of Cloud cloud computation!
Cloud cloud computation tracks industry trends, offer those who have an attitude to unscramble means!
