Beijing time on May 12, 2017 at about 20, the global outbreak of large-scale ransomware infections, has now spread to 99 countries, involving key industries of energy, electric power, transportation, medical, education and other fields, and is still in rapid spread. At present, China's oil, transportation, education, quality inspection and other key areas related to the national economy and the people's livelihood have been "caught", the impact of a wide range, resulting in extremely serious consequences, should be paid great attention to.
I. Basic Conditions
"Wannacry" is a important infection in the host data file encryption software for malicious software, the malicious blackmail uses Microsoft SMB Remote Code Execution Vulnerability MS17-010, and based on the 445 port quickly spread. The vulnerability was first proposed by the American National Security Agency (NSA) equation group has discovered and developed called "eternal blue" (EternalBlue) the exploit tool, Microsoft released in March this year, the vulnerability patch, but there are still a lot of users do not upgrade patch. Some operators in China banned 445 ports in the backbone network, but enterprises electric power, energy, transportation, education, etc. most of the industry network does not have this limitation, there are still a lot of exposure to the 445 port and loopholes repair computer, lead to blackmail software wantonly spread, the ransomware there is no effective means of malicious encryption decryption. It is reported that the ransomware has caused the oil in many parts of Beijing, Shanghai, Sichuan, Chongqing and other gas station completely off the network, if not to be prevented and controlled, will inevitably cause a great threat to the security of information industry in china.
Two 、 influence analysis
First, the existence of industrial host security threats were attacked, can have a serious impact on industrial production and people's lives. China's industrial areas (such as industrial host operation station, engineer station, historical server etc.) the widespread use of the Windows general-purpose operating system, especially a large number of applications of the default port 445 Windows 2000 and Windows XP system, is likely to be "Wannacry" intrusion by holes, and quickly spread to the industry the enterprise network or industrial control network, to be encrypted to host industrial lock normal operation, or even cause the entire industrial enterprise network paralysis, extremely serious consequences. The existing domestic gas station, vehicle attack case, caused by the gas station network payment system completely off the network, vehicle to stop providing services, a serious impact on people's normal life, should pay attention to.
Two, there are risks related to lock-in, tampering and destruction of sensitive data in industrial enterprises. Once caught, the ransomware can be dozens of types of target systems and equipment in the file encryption, involving documents, databases, video and audio, image, graphics, such as compressed packets almost all file types, may lead to industrial production and operation of sensitive data such as non normal collection and reading, caused serious economic losses to the industry production.
Three, the scope of influence is very extensive, and China's oil, transportation, education, quality inspection and other key areas related to the national economy and the people's livelihood have been affected. At present, many industries in many countries, communication, electric power, oil transportation has been seriously affected, for example, the Spanish power company Iberdrola, natural gas company Gas Natural and telecom giant Telefonica, Germany Dresden train station, Portugal Telecom, FedEx, FedEx, the Russian Ministry of internal affairs and the second major telecom operators such as Megafon suffered a ransomware attacks. In view of the rapid spread of malicious software, the impact of a wide range, I have been affected key industrial areas, if not to guard against and control, large range of strokes is only a matter of time.
Three, countermeasures and suggestions
One is around MIIT authorities as soon as possible and to do risk investigation, reporting work, ensure that the important industry information system and industrial control system is not affected by the attack, if found to have been attacked, I report to the center in a timely manner.
Two is as soon as possible to do the affected system MS17-010 vulnerability patch upgrade work, avoid malicious extortion software use.
The three is to shut down the 445 port if there is no special condition.
Four is to do the backup of key business data.