Bitcoin extortion, revealing underground rivers and lakes that you don’t know

The birth of Bitcoin gave birth to some new industries, which made some participants get huge returns. A group of people took a fancy to the untrackable characteristics of Bitcoin's bitcoin anonymity.

According to statistics, after 15 years, there have been many virus blackmail incidents in the world. The hackers have received hundreds of thousands of dollars in returns, and many have billions of dollars.

Including the US HBO, the rights of the game crew, the shipping giant Maersk, etc. have encountered similar incidents, and the country most seriously affected by all incidents is the United Kingdom, the ransom virus directly leads to the British public medical system, the computer and telephone are not normal. The use of important information such as patient medical records, surgical arrangements, prescriptions, and test results cannot be retrieved.

Just last week, a ransomware team called GandCrab announced that it has earned more than $2 billion in the past year and a half, and will now stop updating and shutting down this malicious program.

With $2 billion, such a large profit is enough for many listed companies. What's interesting is that this ransomware also has a tag, which is called the Grand Theft Auto.

The origin of "Grand Theft"


The GandCrab ransom virus was born in January 2018 and is a new type of bitcoin ransomware. In the following months, he quickly became a "new guy" in the viral world.

On October 16, 2018, a Syrian father named Jameel posted a message on Twitter. Jameel said his computer was infected with GandCrab V5.0.3 and was encrypted. He couldn't see the photos of the younger son who lost his life in the war because he couldn't afford to pay a "ransom" of up to $600.


When the GandCrab ransomware maker saw it, he immediately issued an apology stating that he had no intention of infecting Syrian users and released the decryption key of some Syrian infected people.

GandCrab also followed the V5.0.5 update and added Syria and other war-torn areas to the “white list” of infected areas. In addition, if GandCrab detects that the computer system is using a Russian language, it will stop the invasion. Security experts have speculated that the virus author is suspected of being Russian.

Subsequently, many people had a good impression on the GandCrab team and called it "Grand Theft Auto". But GandCrab's behavior can't be called "legitimate" because they don't have the kindness to others in other countries, and they also choose to regard China and South Korea as important targets .

Anti-attack ransomware

Generally speaking, for the ransomware that just came out, there will be no prevention tools on the market soon. Some viruses have not been cracked even after a few weeks. Therefore, the above viruses can only be based on prevention.

In general, the most used attack method for ransomware is to attack in the form of mail.

By sending an email to the victim, they are required to report to the police station. After the victim downloads and opens the attachment, the Grand Theft Auto will encrypt the data of the user's hard drive and let the victim access the specified URL to download the Tor browser and log in through the browser. The cryptocurrency payment window pays the ransom.

For the spread of the Grand Theft Auto virus, the DVP blockchain security team believes that it is also possible to use "web-hanging attacks." By using some less-protected websites, users who attack the website after attacking the website will be attacked.

More advanced viruses use operating system vulnerabilities to launch attacks on users . For example, in 2017, a "worm-like" ransomware called WannaCry spread around the world.

The attack form of this virus is even more terrible, and you may be able to take action without any action.

The technologist later introduced that as long as the Windows device that has the 445 file sharing port is turned on, it can be spread and replicated between computers on the same network, forming a chain-like spread and spreading, and the hacker can be in the computer and server. Implanted ransomware, remote control Trojans, virtual currency mining machines and other malicious programs.

The virus was then required to pay a bitcoin worth $300 to unlock. Although I don’t know how much the team was extorting at the time, it’s far more influential than the Grand Theft Auto virus. Therefore, its extortion money is also a high price!

to sum up

In recent years, attacks against cryptocurrencies have increased, and security incidents have occurred frequently. Although the Grand Theft Auto ransomware incident is over, the security issue is not over. I don't know how many black-skinned teams like Grand Theft Auto have come out and must prepare as early as possible, otherwise the next victim may be you.

Here are some suggestions for preventing a ransomware attack:

For enterprise users, there are two main situations: one is to encrypt the files on the enterprise server, and the security patches should be given to the server in time, while avoiding the use of weak passwords and closing unnecessary ports.

On the other hand, for files on office machines, the interception of phishing emails should be strengthened to remind employees not to open emails of unknown origin and keep the security software running.

For individual users, you need to be alert to emails of unknown origin, keep the security software running, repair computer vulnerabilities in a timely manner, and develop good online habits, and do not use tools such as plug-ins and other high-tech points.

For systemic vulnerabilities, ordinary users can't prevent them in time. Therefore, it is necessary to develop the habit of backing up important files . Use U disk, hard disk and other storage tools to back up important files, plan ahead, and prevent them from happening.

Author: Sponge

Source: Block wave