Related Notice
[High-risk Event Alert] Warning of Preventing WanaCrypt0r 2.0 and ONION Extortion Software Virus
Publish Date 05/13/2017
Recent WanaCrypt0r 2.0, onion and wallet suffixes extortion of encryption incidents are usually related to Windows operating system ports, loopholes and patches update not timely. Extortion software is a kind of Trojan (onion is a variant of the wallet blackmail virus). Currently it is unable to decrypt data for such situation.
Regarding data recovery:
This type of event cannot be decrypted with the tool, and you can restore using snapshots or offsite backup data.
Regarding protective measures:
We would strongly suggest that you:
1. Please check the account and password of your servers. If the password is simple, please change it immediately to a strong password and update the password periodically.
2. Do not open high-risk service ports to the internet, such as: 3389, 445 and 139 ports. Only open necessary business service ports, you can shield high-risk ports by configuring the security group policy.
3. If you buy a new ECS again, it is strongly recommended that you take a snapshot and install antivirus software, such as Kaspersky Enterprise Edition or Norton, etc.
4. As a result of the recent NSA incident, the attackers could exploit windows high-risk vulnerabilities. Please make sure to install the latest Windows patches (for example: MS17-010 patch).
5. Please refer to the reference program (Chinese version: https://help.aliyun.com/knowledge_detail/48701.html) for complete server-related security protection recommendations.
We would also remind you to have a good security protection of your office terminals and personal computers, to avoid losses. We will continue to focus on the encryption of extortion. If there is any decryption tool launched, we will keep you updated. Thank you for your support and understanding.
Regarding data recovery:
This type of event cannot be decrypted with the tool, and you can restore using snapshots or offsite backup data.
Regarding protective measures:
We would strongly suggest that you:
1. Please check the account and password of your servers. If the password is simple, please change it immediately to a strong password and update the password periodically.
2. Do not open high-risk service ports to the internet, such as: 3389, 445 and 139 ports. Only open necessary business service ports, you can shield high-risk ports by configuring the security group policy.
3. If you buy a new ECS again, it is strongly recommended that you take a snapshot and install antivirus software, such as Kaspersky Enterprise Edition or Norton, etc.
4. As a result of the recent NSA incident, the attackers could exploit windows high-risk vulnerabilities. Please make sure to install the latest Windows patches (for example: MS17-010 patch).
5. Please refer to the reference program (Chinese version: https://help.aliyun.com/knowledge_detail/48701.html) for complete server-related security protection recommendations.
We would also remind you to have a good security protection of your office terminals and personal computers, to avoid losses. We will continue to focus on the encryption of extortion. If there is any decryption tool launched, we will keep you updated. Thank you for your support and understanding.