May 16, CCFYOCSEF set up a special seminar, the theme is "blackmail virus: why can kidnap our system?", In the agenda, NSFOCUS, Qihoo 360, three days to do special report The
10 o'clock or so, Lei Feng net to get the news of the forum, at 1:30 pm, that is, the forum held the first half hour, Lei Feng net rushed to the scene and found that even some manufacturers are temporary public information at noon, the forum Of the banners in the first ten minutes before the start, but the scene is almost full of 60 seats full, guests will be 5 minutes before the rush, the organizers had to temporarily add some chairs.
As a result of the past few days the news of flying, the parties responded very timely. The release of information on the manufacturers of Lei Feng network, is not fresh. However, today the wind has clearly changed, some media began to publish "reversal of information", questioned this vigorous network security event is actually overdue.
Lei Feng network in the meeting gap "caught" Green League vice president Li Chen and security research director Zuo Lei (one of today's three special speakers), throwing some of today's hot "question."
The following is an interview Record:
1, Lei Feng net: Recently, some people say "want to cry" extortion virus is a speculation, in fact, infection is not so serious, I would like to know here to monitor the specific data.
Green League Technology: According to the British MalwareTech agency released data, in the event, the world's about 160,000 hosts infected by worms, the whole event is still very serious. NSFOCUS major services to large organizations, due to confidentiality, the specific user data is not convenient to provide, but it is certain that the Green League users generally affected little.
After the first switch domain name was registered, the situation of the incident has been curbed, even if there is a virus variant switch is deleted, because the event was taken seriously, the infection situation also slowed down.
One thing to note is that because of the "virus blackmail" event itself is very strong, may cause a lot of "layman" for all kinds of channels to disseminate all kinds of information there are errors.
2, Lei Feng net: how to evaluate the level of the blackmailer worms? Some people say that he is a Korean hacker, because some of the code and suspected North Korean hacker organization similar to the code, how do you see?
Green League Technology: the author level in general, the use of public loopholes and has been captured blackmail software, there is no commendable place. With regard to the identity of the author, there is no conclusive evidence to support him as a Korean hacker.
3, Lei Feng network: how to evaluate the May 12 since the response of various manufacturers?
NSFOCUS: Most of the security companies in the industry are very rigorous and responsible, in fact, for each security incident, security vendors have such a process: early warning notice - early warning recommendations - product upgrades - to provide customers with the appropriate service support, this Sub-event response We also take the normal workflow.
On the evening of May 12, the NSF threatened intelligence center monitored suspicious attacks;
May 13 morning, one after another received from the service engineers around the notification, followed by intercepted malicious samples;
May 13 at 10 am, after combing verification, early warning notice sent to the major customers;
At 10:00 am on May 13, the Green League Unknown Threat Analysis System TAC achieved WannaCry extortion virus detection, and then gave the test report;
At 9:00 am on 13 May, the NIPS / NIDS / NF / RSAS product protection capability has been confirmed;
May 13 at 1 pm, the security service team after careful verification, release a key to strengthen the script, the day continued to update the three versions;
May 13 at 1 pm, around the service team began to implement repair and reinforcement action to help users upgrade products, install patches;
At 5:00 pm on May 13, the NTI Threat Intelligence Center released the Wanna Cry Serbian Virus Monitoring and Analysis Report;
May 14, according to the threat information center NTI and feedback from customers around the information, NSFOCUS Emergency Command Center decided to urgently deploy 500 intrusion prevention NIPS and vulnerability assessment RSAS equipment rush to customers for the line does not have the ability to guard the network of customers Provide free equipment to help customers complete the emergency response.
May 16, according to the sample in-depth study and analysis, and issued WannaCry extortion software traceability analysis report;
4, Lei Feng network: Some people say that nothing is to pull the network cable, patch, off the port and the like, the industry was a variety of programs frequently, reduced to the public relations war, how do you see?
Green League Technology: all security companies are out of the program, are written emergency tools is a good thing. Under normal circumstances, security vendors will be the first time to release tools for faster service customers, emergency response, but this emergency development tools, it may not be perfect, for example, can not adapt to all systems, follow-up will be updated and improved, Out of some other versions. So every security company may come out several versions, it is chaotic, but for specific customers, especially those who have fixed security vendors services, it will not have a bad impact, do not rule out the individual manufacturers over-publicity.
In fact, for the average user, the cable network, patch, close the 445 port is basically enough, of course, some areas have their particularity, some systems are older, the patch is not on, to make another set.
5, Lei Feng network: There are also disk repair file repair ideas, but there has been no data can explain the effect, how do you see?
Green League technology: the events of the blackmail software used to delete the file, rather than overwrite the way, the normal data recovery tool, should be able to play a certain effect.
6, some people think that simply did not extort how much money, but helped the rise of China's security stock market, this argument will make the security industry is very embarrassing?
Green League Technology: really did not be extorted how much money, now also equivalent to more than 40 million yuan. However, obviously in March Microsoft released the patch, many security companies have pushed a serious loophole announcement, but there are so many people in the world move, that we do not attach importance to basic security services. Therefore, business users should pay attention to network security, good infrastructure construction, and have the basic operational capacity, individual users to make a good patch.