Three departments in Beijing issued a notice: New variants of ransomware appear and it is recommended to deal with them immediately

As the ransomware continues to spread, three departments in Beijing jointly issued a notice stating that relevant departments have monitored and found that the virus has mutated into a variant that may spread even faster, and they recommend immediate attention and disposal.

According to Qianlong.com, on May 14, the Beijing Municipal Cyberspace Administration, Beijing Municipal Public Security Bureau, and Beijing Municipal Commission of Economy and Information Technology jointly issued a "Notice on the Emergence of Variants of the WannaCry Ransomware Worm and Suggestions on Disposal". The "Notice" pointed out that relevant departments have discovered that a variant of the WannaCry ransomware worm has appeared: WannaCry 2.0.

The notice stated that unlike previous versions, this variant has cancelled the so-called Kill Switch, and the spread of the variant ransomware worm cannot be stopped by registering a domain name. The spread of this variant may be faster, and the relevant disposal methods for this variant are the same as previous versions. It is recommended to pay attention to and dispose of it immediately.

Since the evening of May 12, the WannaCry ransomware worm has spread rapidly around the world, and has now caused more than 75,000 computers in 99 countries and regions to be attacked by the virus. Hackers locked the data files in the computers and demanded a payment of $300 in Bitcoin to unlock the files.

The following is the full text of the notice:

Notice on the emergence of variants of the WannaCry ransomware worm and suggestions for handling it

All relevant units:

Relevant departments have discovered that a variant of the WannaCry ransomware worm has emerged: WannaCry 2.0. Unlike previous versions, this variant has cancelled the so-called Kill Switch, and the spread of the variant ransomware worm cannot be stopped by registering a domain name. The spread of this variant may be faster. The relevant disposal methods for this variant are the same as previous versions. It is recommended to pay attention to and dispose of it immediately.

1. Please immediately organize an intranet detection to find all terminals and servers with open 445 SMB service port. Once a infected machine is found, disconnect it from the network immediately. At present, it seems that formatting the hard disk can remove the virus.

2. Microsoft has released patch MS17-010 to fix the system vulnerability of "Eternal Blue" attack. Please install this patch for your computer as soon as possible. The website address is https://technet.microsoft.com/zh-cn/library/security/MS17-010. For machines such as XP and 2003 that Microsoft no longer provides security updates, it is recommended to upgrade the operating system version or close the ports affected by the vulnerability to avoid being attacked by viruses such as ransomware.

3. Once a infected machine is found, disconnect from the Internet immediately.

4. Enable and open "Windows Firewall", enter "Advanced Settings", and disable the "File and Printer Sharing" related rules in the inbound rules. Close UDP ports 135, 445, 137, 138, and 139, and turn off network file sharing.

5. It is strictly prohibited to use USB flash drives, mobile hard disks and other devices that can perform ferry attacks.

6. Back up important files and data in your computer to a storage device as soon as possible.

7. Update the operating system and applications to the latest version in a timely manner.

8. Strengthen email security and effectively block phishing emails to eliminate many hidden dangers. 9. Install genuine operating systems, Office software, etc.

Beijing Municipal Cyberspace Administration

Beijing Municipal Public Security Bureau

Beijing Municipal Commission of Economy and Information Technology

May 14, 2017