According to a report from the Tencent Yuzhi Threat Intelligence Center, the risk of infection in the enterprise terminal is still ranked first, accounting for 40%. After some terminals collapsed, the attacker implanted a remote control Trojan (14%) and used it as a springboard to deploy a vulnerability attack tool to attack other terminals on the intranet again, eventually implanting a mining Trojan or a ransomware. Mining horses have increased by nearly 5% year-on-year, almost becoming an essential component of the current popular black gang. With the continued appreciation of digital cryptocurrencies such as Bitcoin, Monroe, and Ethereum, mining has become an important channel for black goods to be realized. We expect that the proportion of mining horses will continue to rise. The ransomware virus has not changed much from the same period of last year, but in recent years, new ransomware viruses have emerged in an endless stream. Once the attack is successful, the damage is extremely harmful. Some of the victims were forced to pay “ransom” or “data recovery fees”. The blackmail virus is still the type of virus that enterprises need to guard against.