A variant of the ransomware virus! Beijing notification recommends immediate disposal

Beijing Microsoft vulnerability

changanjiezhishi· 2017-05-14 17:07:16

Tencent Francisco May 14th, Beijing municipal network information office, Beijing Municipal Public Security Bureau, the Beijing Municipal Commission by letter jointly issued "on the WannaCry for notification and disposal suggestion worm variants appeared". "Notice" pointed out, relevant department surveillance discovery, WannaCry blackmail worm appeared diversity: WannaCry 2. The difference between

and previous versions is that the variant cancels the so called Kill Switch and can't close down a domain name to close down the spread of variant ransomware. The variant may spread faster, and the variant's handling is the same as the previous version, suggesting immediate attention and disposal.

on WannaCry for worm variants appeared and disposal advice notice

the relevant units:

relevant departments to monitor the WannaCry for worms appeared variants: WannaCry 2, and the previous version is different, this variant canceled the so-called Kill Switch, not by registering a domain name to the closure of the spread of worm variants of blackmail. The variant may spread faster, and the variant's handling is the same as the previous version, suggesting immediate attention and disposal.

, please immediately organized network testing, terminal and server for all 445 open SMB service port, once found poisoning machine off the network immediately disposed of, now it seems to format the hard disk can be rid of the virus. Loopholes in the system

two, Microsoft has released a patch for MS17-010 repair of the "eternal blue" attack, please install this patch for the computer as soon as possible, at https://technet.microsoft.com/zh-cn/library/security/MS17-010; for XP, 2003 Microsoft no longer provide security updates of the machine, recommended to upgrade the operating system version, or shut down by the vulnerability of the port, to avoid being blackmail software viruses.

three, once the poisoning machine is found, break the net immediately.

four, enable and open the Windows firewall, enter advanced settings, and disable file and printer sharing rules in the inbound rule. Close UDP135, 445, 137, 138, 139 ports, and close network file sharing.

five, strictly prohibit the use of U disk, mobile hard disk and other devices can perform ferry attacks.

six, as soon as possible to back up important files and files on your computer to storage devices.

seven, update the operating system and applications to the latest version.

eight, e-mail security, and effective blocking of phishing messages can eliminate many of the risks. Nine, install the genuine operating system, Office software and so on.

Beijing municipal Party committee Network letter office

, Beijing Municipal Public Security Bureau

, Beijing City Commission by letter

2017 May 14th

The lastest articles of changanjiezhishi