How to prevent blackmail virus? Look at Ali cloud’s double fist attack without leaving hidden dangers

Time:2020-9-26

Introduction:Alibaba cloud and its partner CommVault jointly released the blackmail virus prevention and control solution, providing perfect solutions from the public cloud, hybrid cloud and other scenarios

In recent years, the field of data blackmail has attracted much attention. Since the birth of the Internet, blackmail virus has been accompanied. Now the prevention and control of extortion virus has become a comprehensive and multi-threaded integrated work, including network security, data backup, personnel awareness promotion and other factors.

Recently, Alibaba cloud and its partner CommVault jointly released a blackmail virus prevention and control solution. Starting from the public cloud, hybrid cloud and other scenarios, Alibaba cloud provides perfect solutions:
1. Public cloud solution

How to prevent blackmail virus? Look at Ali cloud's double fist attack without leaving hidden dangers

Based on the real-time interception capability of mainstream blackmail, mining, DDoS Trojan horse and other viruses provided by Alibaba cloud security center, one click defense against known extortion viruses can be realized. Combined with the ability of bait directory, unknown extortion viruses can be detected and killed. In addition, with the help of worm (write once read many) function of object storage OSS, the data can not be deleted and tampered with, and the version control function can also be enabled to effectively prevent the data stored on OSS from being deleted or covered by mistake. At the same time, the cross regional replication capability or HBr backup capability is combined to realize remote disaster recovery of data.

2. Hybrid cloud solution

How to prevent blackmail virus? Look at Ali cloud's double fist attack without leaving hidden dangers

Based on Alibaba cloud hybrid cloud disaster recovery storage products, it provides perfect virus alarm, data backup and other services, and can establish an isolated data environment outside the production environment to ensure data security. At the same time, the Alibaba cloud security center can install on the hybrid cloud server to support one click defense of blackmail virus on the hybrid cloud server. Combined with the ability of bait directory, it can realize the protection against unknown Detection and killing ability of blackmail virus.

On May 12, 2017, wannacry, a global blackmail virus, broke out worldwide with the help of the high-risk vulnerability “eternal blue”. It was this time that the blackmail virus began to become known. Just as viruses will exist for a long time in the real world, blackmail viruses will also exist for a long time in the network world. In order to better prevent these viruses, we need to understand some corresponding principles:

First, constantly reinforce the security of the system. It is necessary to ensure that all software on the server has been updated and installed with the latest patch, and there is no risk of weak password. Valuable data should be regularly backed up, the latest vulnerability alert should be paid attention to, and its system should be scanned immediately to find known CVEs that may be exploited. Services such as PowerShell and SMB should be disabled without affecting the business.

Secondly, strengthen safety awareness. Good security habits and best practices need to be developed, which are essential for network and data security. Common safe operation specifications include:
Don’t open any attachments except those with known and trusted sources;
· do not run software downloaded from the Internet unless the source of the downloaded software is trusted or malware scanning has been completed;
· be careful when clicking links in email or social media programs, even from trusted sources and friends;
Safe use of social media. The hot topic is the hardest hit area of fraud, some links will lead to false login pages;
Encourage employees to report when suspicious situations are found;
· if Windows users see an “infected” warning after clicking on a URL or using a search engine (this may be a false anti-virus alarm), they should use alt-f4, Ctrl + W or task manager to close the browser, and then notify the relevant personnel.

Third, don’t respond. Relevant experts and practical cases have told us that after the system is infected with blackmail virus, do not pay ransom. First of all, because ransom is mostly paid in the form of bitcoin, the characteristics of bitcoin itself lead to hackers not knowing who is the payer of the ransom they receive, so they can’t make corresponding decryption behavior; secondly, paying ransom will only make cyber criminals confirm that blackmail is effective and further intensify their efforts.

After mastering the above principles, we also need to start from the actual situation of the industry and establish perfect solutions. Taking the medical industry as an example, in recent years, the number of extortion software attacks against medical institutions has been increasing. Besides the business characteristics of the medical industry, the lack of investment in information technology also provides opportunities for hackers. In view of the current situation of information security in the medical industry, some experts summarized it as follows: for example, children hold the red gold line in the downtown.

First of all, some medical units often ignore the construction of network and data security. According to relevant reports, at present, there are still a certain proportion of medical institutions that do not update the operating system in time, which brings great security risks to data and business security. Secondly, the data of the medical industry is the privacy data of patients, which will cause great loss once lost or leaked. Finally, at this stage, the whole IT environment is an extremely complex environment, and different system hosts need to Different protection schemes lead to heavy workload of management and maintenance, and risks are everywhere.

With the popularity of mobile medical, AI medical imaging, electronic medical records and other digital programs, the security and business continuity of medical data are becoming more and more important. In order to avoid the loss of important data and then affect the medical work, we need to pay a certain amount of investment in network and data security protection and employee education. To this end, Alibaba cloud is working with partners to continuously launch perfect network and data security solutions to help multiple industries, including medical care, better prevent viruses and resist network attacks, and build a set of security protection system integrating risk monitoring, analysis and disaster recovery.

Link to original text
This article is the original content of Alibaba cloud and can not be reproduced without permission.