勒索病毒(比特币病毒)的防范措施和方法



勒索病毒俗称比特币病毒,利用微软的Windows操作系统中的微软MS17-010漏洞等进行广泛

传播,网上流传是黑客利用了美国国家安全局NSA的“武器”并和一个制造蠕虫病毒的组织给全球许多国家

的电脑用户造成了极大的破坏,就好像有人偷了一枚美国的“战斧”导弹一样危险。言归真传,下面说一下方法:

应用对策(未中毒):
*****************************************************************************
1、打补丁(见附录)

2、TCP /IP 高级NETBIOS Disable  135 445 Disable

3、share /d:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\parameters
AutoShareWks REG_DWORD 0

4、Close SMB服务:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\parameters
SMB1  REG_DWORD 0

5、启用蠕虫快速免疫工具:

  免疫工具的下载地址:http://dl.b.360.cn/tools/OnionWormImmune.exe

  请双击运行 OnionWormImmune.exe 工具,并检查任务管理器中的状态,适合XP、WIN7等系统。



******************************************************************************


附录:各版本系统补丁包下载
离线升级包:
Windows 7 x64
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x64_2decefaa02e2058dcd965702509a992d8c4e92b3.msu
Windows 7 x86
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x86_6bb04d3971bb58ae4bac44219e7169812914df3f.msu
Windows 10 x64
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows10.0-kb4012606-x64_e805b81ee08c3bb0a8ab2c5ce6be5b35127f8773.msu
Windows 10 x86
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows10.0-kb4012606-x86_8c19e23de2ff92919d3fac069619e4a8e8d3492e.msu
Windows 8
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/windows8-rt-kb4012598-x86_a0f1c953a24dd042acc540c59b339f55fb18f594.msu
Windows 8 x64
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/windows8-rt-kb4012598-x64_f05841d2e94197c2dca4457f1b895e8f632b7f8e.msu
Windows Server 2008
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.0-kb4012598-ia64_83a6f5a70588b27623b11c42f1c8124a25d489de.msu
Windows Server 2008 x64
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.0-kb4012598-x64_6a186ba2b2b98b2144b50f88baf33a5fa53b5d76.msu
Windows Server2003
http://download.windowsupdate.com/c/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x86-custom-chs_b45d2d8c83583053d37b20edf5f041ecede54b80.exe
Windows Server 2003 x64
http://download.windowsupdate.com/c/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-chs_68a2895db36e911af59c2ee133baee8de11316b9.exe
Windows Vista
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.0-kb4012598-x86_13e9b3d77ba5599764c296075a796c16a85c745c.msu
Windows Vista x64
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.0-kb4012598-x64_6a186ba2b2b98b2144b50f88baf33a5fa53b5d76.msu
XP SP3
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-chs_dca9b5adddad778cfd4b7349ff54b51677f36775.exe
XP SP2 x64
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_f24d8723f246145524b9030e4752c96430981211.exe
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-jpn_9d5318625b20faa41042f0046745dff8415ab22a.exe
XP Embedded
http://download.windowsupdate.com/c/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-embedded-custom-chs_41935edbcd6fa88a69718bc85ab5fd336445e7f9.exe

更多补丁请访问微软官方获取:http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

https://technet.microsoft.com/zh-cn/library/security/MS17-010



Wannacry蠕虫勒索软件的防范措施到此,至于恢复被感染的电脑文件本人还没有好的方法,期待中......
--------------------------------------------------------------------------------


素材来自网络


[本日志由 admin 于 2017-05-18 08:16 PM 编辑]
文章来自: 本站原创
引用通告: 查看所有引用 | 我要引用此文章
Tags:
相关日志:
评论: 1 | 引用: 0 | 查看次数: 2809
admin
回复回复admin[2017-10-01 09:17 AM | | | del | 取消审核]
发现用360的wncry恢复工具可以恢复被病毒加密的文件,但不保证100%恢复所有文件。
发表评论
昵 称:
密 码: 游客发言不需要密码.
邮 箱: 支持Gravatar头像.
网 址: 输入网址便于回访.
内 容:
验证码:
选 项:
虽然发表评论不用注册,但是为了保护您的发言权,建议您注册帐号.
字数限制 1000 字 | UBB代码 开启 | [img]标签 关闭