The company mailbox received the following bitcoin blackmail email, which may be that the home computer was hacked. Is there any good way to deal with it?

In case of such problems, besides deleting emails, we need to be aware of network security and improve network security protection.

This series of blackmail emails actually means that the blackmailer or hacker makes the victim receive a "self-sent email" by forging the header data of the email, thus making the blackmailer believe that his mailbox has been invaded. But in fact, the user's email account and machine have not been invaded and controlled by fraudsters, so don't send money to fraudsters privately to prevent being deceived.

The contents of the email basically include the following aspects:

1, claiming to be a hacker from a "dark net" (such as waite23/kurtis09/hugibert19/murry02 and other false ids), warned the victims that their email accounts had been stolen. If you don't believe it, please check whether the recipient is from the victim himself.

This means that the victim's machine has been infected with the Trojan horse he injected and has been monitored for a long time. Users' online records and local data can be accessed at will, and it is useless for victims to modify their passwords.

3. As long as the specified amount (such as $2,000) is remitted to the specified bitcoin address within 48 hours, Trojan will be deleted and the attack will stop.

4. Some will continue to send emails to increase the amount.

Do a good job in computer security measures

Users are advised to update the security patches released by Windows in time, and do the following work in network boundary, internal network area, host assets, data backup and so on:

1, close port 445 (other related ports such as 135, 137, 139), and close unnecessary service ports on the server.

2. Strengthen the internal network area access audit of port 445 (other associated ports such as 135, 137, 139) to find unauthorized behavior or potential attacks in time.

3. Because Microsoft stopped the security update of some operating systems, it is suggested to check Window XP and Windows server 2003 hosts (update of MS 17-0 10 is no longer supported) and use an alternative operating system.

4. Do a good job in information system business and personal data backup.

CNCERT will closely monitor and pay attention to the attacks of the ransomware on domestic party and government organs, important industrial units and universities, and at the same time, work with the security industry to track possible new attack propagation means and malicious sample variants.

The above contents refer to China Economic Net-How to deal with ransomware attacks on computers? Official release of emergency response guidelines