Dear campus network users,
Recently, there are several ransomware and mining Trojan virus incidents happened in main campus, which caused the academic encrypted and and seriously affected the research works. Here are some relevant informations.
1. Information about recent virus outbreaks
1) Information of ransomware
The ransomware is mainly spread in the forms of emails, program Trojans, malicious code on web pages, and brute force cracking. It uses various encryption algorithms to encrypt files. At present, most ransomware viruses cannot be cracked. Once infected, a similar prompt will appear on the user's computer or server:
After retrieving the files, you will find that the files are encrypted with an abnormal suffix, similar to the following figure:
2) Information of mining Trojan virus
The spreading method of the mining Trojan is like the ransomware virus. It implanted into the user's computer or server through various channels, and the computing power of these computers or servers is used to mine. In addition, devices that have been hit by mining Trojan viruses are likely to be implanted with ransomware. The mining Trojan screenshot shows as follows:
2. Methods to prevent viruses
All units are requested to immediately carry out security self-examination of the information equipment assets under their name, including teachers and students’ personal computers, laboratory team servers, desktop computers, etc., focusing on measures such as virus killing, patch repairing vulnerabilities, closing sensitive ports, and modifying weak passwords.
The current main measures to prevent ransomware are:
1. Do not use the same account and password for a series machines;
2. The login password should be complicated enough and update in time;
3. Regular backup of important data
4. Regularly detect security holes in computers and servers and apply patches in time;
5. Regularly check the server for abnormalities. The scope of viewing includes but is not limited to:
a) Check if there are new accounts and unknown processes;
b) Check for any abnormality in the system log;
c) Check for abnormal interception of anti-virus software;
6. Download and install software from regular channels, do not install unknown third-party software, and do not click unknown links.
If you find that the computer or server has been alraey infected by ransomware or mining Trojan virus, or there are other abnormal behaviors, please immediately disconnect the network to prevent the spread and take corresponding measures according to the actual situation.
ITS Contact:
Service Hotline: 0573-87572668
Service Mail: itservices@intl.zju.edu.cn
Library &Information Center
July 3, 2020
