Bitcoin ransomware virus various systems Microsoft official vulnerability repair patch download address (full)

On the evening of May 12, the "Bitcoin ransomware" virus broke out around the world. The hackers locked the victim's computer files, and they could only be unlocked after paying a certain ransom to the hackers.

At present, statistics show that more than 28,000 institutions in China have been infected, mainly in intranet environments such as enterprises and universities, resulting in the locking of many laboratory data and graduation projects. At the same time, some gas stations and railway ticketing systems have also become targets of ransomware attacks.

Unfortunately, security experts say that there is currently no way to recover files after being infected except to pay a ransom. If the files are particularly important, you can try to pay the ransom to avoid them being "destroyed" after the ransom expires, but no one can guarantee that they can be recovered.

If an infected computer wants to completely eradicate the ransomware, there is no safer way except to reinstall the system, and it is necessary to install the emergency security repair patch for the Bitcoin ransomware released by Microsoft in time after reinstalling.

【Defense measures recommended】

1. Install anti-virus software and keep the security defense function turned on . For example, Kingsoft Antivirus can intercept (download address http://www.duba.net), and Microsoft's built-in Windows Defender can also be used.

Kingsoft Antivirus detects and kills WNCRY blackmailer worm virus

Kingsoft Internet Security Blackmailer Virus Defense intercepts WNCRY virus to encrypt user files

2. Turn on Windows Update automatic updates and upgrade the system in time.

In March, Microsoft released the MS17-010 upgrade patch for the vulnerabilities leaked by the NSA, including the "EternalBlue" vulnerability exploited by the blackmailer worm virus. At the same time, it also released special repair patches for Windows XP, Windows Server 2003, and Windows 8, which have stopped supporting them.

The latest version of Windows 10 1703 Creators Update no longer has this vulnerability and does not require a patch.

The official download addresses of each system patch are as follows:

【 KB4012598 】：http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

For Windows XP 32-bit/64-bit/Embedded, Windows Vista 32-bit/64-bit, Windows Server 2003 SP2 32-bit/64-bit, Windows 8 32-bit/64-bit, Windows Server 2008 32-bit/64-bit/Itanium

【 KB4012212 】：http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012212

For Windows 7 32-bit/64-bit/Embedded, Windows Server 2008 R2 32-bit/64-bit

【 KB4012213 】：http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4012213

Applicable to Windows 8.1 32-bit/64-bit, Windows Server 2012 R2 32-bit/64-bit

【 KB4012214 】：http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4012214

For Windows 8 Embedded, Windows Server 2012

【 KB4012606 】：http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012606

For Windows 10 RTM 32-bit/64-bit/LTSB

【 KB4013198 】：http://www.catalog.update.microsoft.com/Search.aspx?q=KB4013198

For Windows 10 1511 November Update 32/64 bit

【 KB4013429 】：http://www.catalog.update.microsoft.com/Search.aspx?q=KB4013429

Applicable to Windows 10 1607 Anniversary Update 32/64 bit, Windows Server 2016 32/64 bit

3. Windows XP and Windows Server 2003 system users can also close port 445 to avoid being infected by the blackmailer worm virus.

Here are the steps:

(1) Enable system firewall protection. Control Panel -> Security Center -> Windows Firewall -> Enable.

Enable system firewall protection

(2) Close the system port 445.

(a) Press the shortcut key WIN+R to start the Run window, enter cmd and execute it. Open the command line operation window and enter the command " netstat -an " to check whether port 445 is open.

(b) As shown in the figure above, if port 445 is open, enter the following commands in sequence to close it:

net stop rdr / net stop srv / net stop netbt

The effect after work is as follows:

4. Be cautious when opening websites and emails from unknown sources, and disable macros when opening Office documents. Internet Trojans and phishing emails have always been important channels for the spread of ransomware at home and abroad.

The ransomware virus is hidden in the phishing email document, inducing the user to enable the macro to run the virus

5. Develop good backup habits and use network disk or mobile hard disk to back up important personal files in time.

In this blackmail worm outbreak, many domestic universities and enterprises were attacked, and a lot of key and important information was encrypted and ransomed by the virus. We hope that users will raise their awareness of the security of backing up important files.

If you are unfortunately infected with the Bitcoin ransomware virus, it doesn’t matter. The editor has also provided you with the download of the Bitcoin ransomware virus immune detection and killing and file recovery tool (Kingsoft Antivirus) to help you solve the problem.