勒索病毒橫掃全球，你需要了解什么？

自上周五以來，來勢洶洶的計算機攻擊已經席卷全球，成千上萬的計算機受到影響，政府和企業的主要業務面臨嚴重損壞。這種惡意軟件名為WannaCry。本文在此向讀者介紹一些需要了解的知識。

計算機攻擊還沒有結束嗎？

絕對沒有。上周六，大量報道指出，一位網絡安全研究人員發現了“kill switch”機制，阻止勒索病毒的繼續蔓延，但是這種說法只是部分屬實。當然，kill switch減緩了WannaCry的蔓延速度，但是它只是阻止了這種惡意軟件的部分蔓延方式。此外，卡巴斯基實驗室（Kaspersky Lab）網絡安全研究人員在數小時內確認，已檢測到勒索病毒的新版本，而kill switch機制無法阻止病毒的變種。專家預計，最快將于本周一出現新一輪的計算機感染。

何為WannaCry？

WannaCry是一種不斷變化且極為可惡的惡意勒索病毒。一旦在計算機上激活，該病毒會加密該計算機上的文件，使文件無法讀取。之后，該病毒指示計算機用戶支付比特幣贖金，從而換取文件的解密。

WannaCry的攻擊目標是誰？

一般而言，WannaCry利用Windows XP等舊版Windows操作系統中的漏洞。上周五，微軟公司（Microsoft）針對舊版操作系統發布了補丁，但是未能阻止該病毒攻擊150個國家的20萬臺計算機。受損用戶包括數十家大型機構和公司，如英國的國家衛生署（National Health Service）、中國石油天然氣集團公司（China's National Petroleum Corporation）以及雷諾公司（Renault）位于法國的工廠。

如何防御病毒攻擊?

如果您的個人或企業計算機使用舊版Windows操作系統（特別是XP、8或Server 2003），您或您的管理員應該立即安裝微軟公司新版安全更新。此外，象往常一樣，在打開已知或未知來源的電子郵件中的附件時，您應該非常謹慎。但是，據報道，無需用戶交互，WannaCry病毒便可在本地網絡中蔓延，這才是WannaCry病毒真正令人可怕之處。一些政府部門，包括印度尼西亞政府，建議中斷不受保護的計算機的互聯網連接。

如果我的計算機感染病毒，有修復辦法嗎？

簡短回答：沒有。網絡安全公司能更好地解碼受勒索病毒攻擊的文件，但是迄今尚沒有針對WannaCry的卓越解密器（清除勒索病毒的工具），但是這種情況可以隨時發生改變。此外，請勿兩次中招。黑客甚至會用WannaCrypt修復的承諾作為誘餌，從而造成計算機進一步的感染，所以用戶需要保持高度懷疑。此外，邁克菲公司（McAfee）的研究人員表示，WannaCry刪除有時被用于存儲文件的所謂的卷影備份。

即便如此，還有一個讓人厭惡的解決方案：支付贖金。WannaCry要求支付300美元比特幣，用于解鎖計算機上的文件，而歷史經驗表明，在兌現討價還價中許下的承諾方面，運行勒索病毒的黑客非?！爸档眯刨嚒?。（至于支付贖金是否道德，則是一場規模龐大和棘手的辯論。）

病毒來源于何處？

據稱，WannyCry是在美國國家安全局（U.S. National Security Agency）（非故意）協助下開發的病毒。美國國家安全局開發的漏洞利用程序永恒之藍（EternalBlue），是黑客組織影子經紀人（Shadow Brokers）四月版本的一部分，是病毒的核心所在。

黑客為何開發病毒？

為了賺錢，盡管效果似乎并沒有預想的那么棒。一方面，計算機攻擊造成的全球經濟損失輕松達到數以億計的金額；另一方面，（可公開查看的）為黑客索要贖金的比特幣地址少得可笑：截至發稿時止，索要金額剛剛超過3.4萬美元比特幣。（財富中文網）

A massive cyberattack has been spreading across the globe since Friday, hitting hundred of thousands of computers and crippling major government and corporate operations. The malware is known as WannaCry, and here's what you need to know.

Isn’t the Attack Over?

Absolutely not. There were widespread reports on Saturday that a security researcher had discovered a “kill switch” that stopped the ransomware from spreading, but that’s only partly true. The kill switch certainly slowed WannaCry down, but it only stopped some of the ways the malware could spread. And Kaspersky Lab security researchers confirmed within hours that new versions of the malware had been detected which were not stopped by the kill switch. Experts expect a new wave of infections as soon as Monday.

What Does WannaCry Do?

WannaCry is ransomware, a growing category of extremely heinous malware. Once it has activated on a machine, it encrypts the files on that machine so they are inaccessible. Then it instructs the owner to pay a ransom in Bitcoin in exchange for unlocking the files.

Who Is it Targeting?

Broadly speaking, WannaCry exploits vulnerabilities in older Windows operating systems, including Windows XP. Microsoft issued a patch for those systems on Friday, but that didn’t stop it from hitting more than 200,000 machines in 150 countries. That has included dozens of large institutions and companies, including the U.K.'s National Health Service, China’s National Petroleum Corporation, and Renault factories in France.

How Can I Protect Myself?

If any of your personal or corporate systems run an older version of Windows (XP, 8, or Server 2003 specifically), you or your admins should immediately install Microsoft’s new security update. You should also, as always, remain extremely careful about opening any email attachments, from known or strange sources. But the truly scary thing about WannaCry is that it can reportedly spread over local networks without user interaction. Some authorities—including the government of Indonesia—are suggesting disconnecting unprotected machines from the Internet.

Is There a Fix If My Computer Is Infected?

Short answer: No. Security firms are getting better at decrypting files from ransomware attacks, but there are as yet no reputable decryptors (tools for removing ransomware) for WannaCry—though that could change at any time. And don't get tricked twice. Hackers could even use the promise of a WannaCrypt fix as bait for further infections, so be extremely skeptical. Also, according to McAfee researchers, WannaCry deletes so-called ‘Volume Shadow’ backups that can sometimes be used to restore files.

That said, there is one unsavory option here: pay the ransom. WannaCry demands $300 in Bitcoin to unlock files on a machine, and hackers running ransomware have historically proven remarkably trustworthy in fulfilling their end of that bargain. (Whether paying is the ethical move is a big, thorny debate.)

Where Did It Come From?

WannaCry is believed to have been created with the (unintentional) assistance of the U.S. National Security Agency. An NSA exploit known as EternalBlue, part of an April release by a hacking group called the Shadow Brokers, is at its core.

Why Would Someone Do This?

To make money, though that doesn’t seem to be working out so well. While global financial damages from the attack could easily climb into the hundreds of millions, the (publicly viewable) Bitcoin addresses collecting ransom for the attackers are almost comically light: at this writing, they contain barely over $34,000 worth of Bitcoin.