Dear campus network user,
Since March 11, 2019, an oversea hacker organization has launched a blackmail virus mail attack against relevant government departments in China. The subject of the email is '你必须在3月11日下午3点向警察局报到!', the sender name is "Min, Gap Ryong", and the email attachment is named "03-11-19.rar". The sample is as follows:
Technical analysis shows that the ransomware version number is GANDCLAB V5.2, which is the latest upgraded ransomware version in February 2019. After running, it will encrypt the hard disk data of the user host and allow the victim to access the URL "https://www .torproject.org/" downloads the Tor browser and then logs into the attacker's digital currency payment window "http://gandcrabmfe6mnef.onion/1812a265c3857fa" via the Tor browser, requesting the victim to pay the ransom. At present, some government departments in China have been attacked.
Teachers and students must be vigilant and implement the following safety precautions:
First, do not open email attachments of unknown origin;
Second, timely install mainstream anti-virus software, upgrade the virus database, and comprehensively scan and kill related systems;
Third, disable the automatic operation of the U disk in Windows;
Fourth, timely upgrade operating system security patches, upgrade Web, database and other service procedures to prevent the spread of virus exploits;
Fifth, take measures to disconnect the infected host or server to prevent the spread of the virus.
Library and Information Center
March 14, 2019
