Men's computer file is a virus "kidnapped": declassified three coins-computer viruses, bitcoin-IT information
Chengdu recently encountered a strange thing to Mr LEE, their computer as if controlled by hackers in General, all the files are not open, also appear on the computer screen a mystery like dialogue in English. It turned out that Mr LI's computer was a bitcoin virus kidnapped, "the kidnappers" indicated that with 3 coins as "ransom" purchase of decryption software. Anti-virus experts warn this Ransomware virus caused irreversible damage, and necessary precautions.
? All of the files have been encrypted, unbreakable
After a period of English reading computer files are a key
"The afternoon of October 4, my children use a computer to do my English homework and done the computer did not turn off, after about an hour, the computer made a sound, is in English, like reading. "Lee recalled," because the child is doing my English homework, didn't think too much, see computer desktop has been modified after results. ”
Time is 6 days later, Mr LEE's computer desktop remains the afternoon appearance, desktop background will be white, with a few lines of green in the middle of the screen in English. On the desktop including Word documents, JPG pictures and videos, each file format was changed. "These files are not open, click Open there will be no hint of corresponding software. ”
Lee realized that computer virus in may, he quickly tried to translate the English on the desktop. "English effect that file and data has been encrypted, security is the only way to decrypt the file for 3 coins, buy a decrypted file. If you are using third-party software to decrypt a file, it will suffer irreparable damage. "Mr LEE said.
Behind text, also comes with several Web site, just click on these Web sites, you can purchase decryption software English said. "I didn't order these links, worry will have more trouble later. "Mr Lee told reporters that the first encountered this strange thing, I can't figure out what the hell is wrong.
A bitcoin 4100 crack could not pay and distressed
Question, Mr LI to ask the University experts. Experts concluded that after watching Lee's computer, Lee implanted computer, most likely the currency virus. "This virus is also called bitcoin Trojan, encrypts the 114-formatted files in infected computers, so that it cannot be opened normally, and pop ' blackmail ' owner. ”
It is understood that bitcoin virus appeared overseas as early as 2014, 2015 beginning at home. Is called a bitcoin virus because the virus would require the victim to pay 3 coins as ransom for the purchase of decryption software. Bitcoin this virtual currency can only be used in the digital world, it makes transactions difficult to track.
Not only that, but the virus's, encryption is quite complicated, "brute force takes hundreds of thousands of years, supercomputer to crack also takes more than 10 years, or even decades". "I also consulted several IT experts, they say the virus is difficult to decrypt, advised me to negotiate with hackers, with an appropriate price for decryption software. "Lee said with some frustration.
Reporters found that each currency prices are now at about 4100, in other words, Mr Li spent 12,000 yuan to buy decrypting software is required. "My files stored in a computer for more than 10 years, as well as photos of life in recent years, all were destroyed by illegal. "Mr Li thought here, feel distressed.
At present, Mr LI has made a report to the local police station, and wait for the police investigation.
Ransomware virus good camouflage the damage caused by the irreversible
Experts say extortion, such as bitcoin Trojan viruses more common these days. "This virus using encryption within the system, and is an irreversible encryption, you must get the decrypted secret key can be cracked. In other words, in addition to the developer of the virus, others it is impossible to decrypt. ”
According to reports, the blackmailing virus is usually spread through e-mail, disguised as internal working documents of the computer system, inducing a computer user opens the document. "If the user does not pay attention to security warnings, virus programs may run. "Li tiejun said,
"Earlier versions of blackmailing virus, decrypts the secret key may exist in the system registry, but now popular versions of the virus, our analysis was unable to unlock. "Experts say is more serious, bitcoin viral principle and method are already publicly available on the Internet," many hackers to transform and develop more variants ".
As Mr LEE has said pay for decryption software, experts say, developers of viruses is not credible. "Irreversible encryption encryption is a virus, causing damage is irreversible. "Li tiejun said," and do not know who each other are, even paid a ransom, also may not be able to lift. ”
Therefore, important files should be backed up in a timely manner, in addition, require special care when dealing with e-mail, "for suspicious programs, do not open on your computer. "" There is security software is installed on the local computer, some security software may block the emergence of new Ransomware virus, even though no virus found, but in encrypting files, the virus, you can intercept the encrypted. ”
男子电脑文件被
病毒“绑架”:解密需三个比特币 - 电脑
病毒,比特币 - IT资讯
成都市的李先生最近遇到一件奇怪的事,自家的电脑仿佛被黑客控制了一般,所有文件都打不开,电脑屏幕上还出现一段像对话一样的神秘英文。原来,李先生的电脑被一种比特币病毒绑架了,“绑匪”提出,用3个比特币作为“赎金”购买解密软件。反病毒专家提醒,这种勒索病毒造成的损害不可逆,需小心防范。
▲所有的文件都被加密,无法破解
一段英文朗诵后电脑文件全都被加了密
“10月4日下午,我家孩子用电脑做英语作业,做完后电脑没关,过了差不多一个小时,电脑突然发出一段声音,是英文的,就像朗诵一样。”李先生回忆说,“因为孩子做的是英语作业,当时自己也没想太多,结果之后就看到电脑桌面被修改了。”
时间已经过去了6天,李先生的电脑桌面仍然保持当天下午的样子,桌面背景变成了白色,屏幕中间有几行绿色英文。而桌面上包括Word文档、JPG图片和视频在内的每个文件,都被更改了格式。“这些文件都打不开了,点击打开后就会出现没有相应软件的提示。”
李先生这才意识到,电脑可能中病毒了,他赶紧试着翻译了桌面上的英文。“英文大意是,文件和数据已经被加密了,安全解密文件的唯一方式就是支付3个比特币,购买一种解密文件。如果用第三方软件解密文件,那样将遭受不可挽回的损失。”李先生说。
文字后面,还附带了几个网址,只要点击这些网址,就可以购买英文所说的解密软件。“我没有点这些链接,担心点了过后会有更大的麻烦。”李先生告诉记者,第一次遇到这种奇怪的事,自己也想不出到底是怎么回事。
一个比特币4100元破解不可能支付又心疼
带着疑问,李先生向电子科技大学相关专家进行请教。专家看了李先生的电脑后断定,植入李先生电脑的,极有可能是比特币病毒。“这种病毒也叫比特币木马,会加密受感染电脑中114种格式的文件,使其无法正常打开,还会弹窗‘敲诈’机主。”
据了解,比特币病毒早在2014年就在国外出现,2015年初开始在国内出现。而之所以被称作比特币病毒,是因为该病毒会要求受害者支付3比特币作为赎金,用于购买解密软件。而比特币这种虚拟货币只能在数字世界使用,因此使得交易难以追踪。
不仅如此,这种病毒的加密方式相当复杂,“暴力破解需要数十万年,超级计算机破解也需要十几年甚至几十年”。“我也咨询过几个IT高手,他们都说这种病毒很难解密,还建议我跟黑客谈判,用合适的价钱买解密软件。”李先生有些无奈地说。
记者查询发现,目前每个比特币价格在4100元左右,也就是说,李先生需要花1.2万元才能购买解密软件。“我存放在电脑里10多年的文件,以及近几年的生活工作照片,全部都被非法破坏了。”李先生想到这里,就觉得心疼。
目前,李先生已经向所在地的派出所报案,并等待警方的侦查处理。
勒索病毒善伪装造成的破坏不可逆
专家表示,诸如比特币木马等勒索类病毒近来比较常见。“这种病毒利用系统内部的加密处理,而且是一种不可逆的加密,必须拿到解密的秘钥才有可能破解。也就是说,除了病毒开发者本人,其他人是不可能解密的。”
据介绍,勒索类病毒通常通过电子邮件传播,伪装成电脑系统内部的工作文档,诱导电脑用户打开文档。“如果用户没有注意到安全警告的话,病毒程序就可能运行。”李铁军说,
“早期的勒索病毒版本,解密秘钥可能存在于系统的注册表中,但现在流行的病毒版本,我们分析过,是无法解除的。”专家表示,更为严重的是,比特币病毒的原理和方法早已经公开在互联网上,“很多黑客进行改造,开发出更多病毒变种”。
至于李先生所说的花钱购买解密软件,专家表示,病毒开发者的说法不可信。“病毒加密是一种不可逆的加密,造成的损害也是不可逆的。”李铁军说,“而且根本不知道对方是什么人,即使交了赎金,也未必能解除。”
因此,重要文件应及时备份,另外,处理电子邮件时需要特别小心,“对于可疑的程序,不要在自己的电脑上打开。”“还有就是在本地电脑上安装安全软件,现在一些安全软件可以拦截新出现的勒索病毒,即便没有查到病毒特征,但病毒在加密文件过程中,可以对加密的动作进行拦截。”