DIRECTORATE OF INFORMATION & PUBLIC RELATIONS, Government of Mizoram, India

Tunhnaia ransomware darh chiam “Wannacry” chungchangah Mizoram Police chuan a hnuai ami ang hian hriattirna a chhuah:

Ransomware hlauhawm tak “Wannacry” an tih mai, tunlaia darh chiamin khawvel ram hrang hrang 100 chuangzet a computer system te a khawih buai mek a. Hei hian India ram a computer-te pawh a khawih buai chho mek a ni. Ransomware chu computer tibuaithei software chi khat a ni a. A thawhdan ah chuan kan computer a kan file zawng zawngte hawn theihloh in a siam danglam (encrypt) a. Kan file-te hawng thei tur chuan pawisa tam tak an phut thin a ni.

Ransomware “Wannacry” hi heng hming hrang hrangte hian koh a ni bawk – Wanna Crypt, Wana Crypt0r, WCrypt, WCRY. He ransomware hian windows operating system hmang computer-te a tibuai a. Windows OS chak loh nalai, Eternal Blue MS17-010 an tihmai hmang tangkaiin computer-ah a lo lut a. Computer a tih buaitawhte ah chuan ni thum chhungin file lak let leh theih nan a pawisa pek dan tur instruction a rawn tarlang a. Nithum chhung a pawisa pek loh chuan pawisa phutzat hi a let in a pung a. Pawisa pek a nih loh chuan computer-a file awmte paih (delete) vek ah a rawnvau khan bawk thin.

He ransomware hi e-mail attachment hmangin a darh nasa hle a. Chung bakah internet a link thenkhat ah te in phumru in, chung link emaw e-mail attachment emawte chu kan click chuan kan computer-ah kan hriat loh in alo lut thin a ni. Hei bakah hian windows SMB hmangin amah in a rawnlut ve thei bawk.

WannaCry ransomware laka inven theih dan:

Windows security patch MS17-010 hi install chuan computer a alo luttur a veng thei a. Windows automatic a update lo te tan https://technet.microsoft.com/en-us/library/security/ms17-010.aspx atang hian he security patch hi download theih in a awm a, download zawh ah install mai tur a ni.
Firewall atangin port 139, 445 leh 3389 te block tur.
Mi i hriat ngailoh hnen atanga eimail i dawn emaw, company i hriat ngailoh hnen atanga email i dawn emaw in attachment hawng suh.
SMB disable rawh. Hei hi windows features atangin a disable theih a ni.
I web browser ah pop-up block rawh. Hei hi browser setting ah set theih a ni emaw install theih a ni.
Windows security update thar ber install thin ang che.
Antivirus tha tak hmang la, update tha ang che.
I file pawimawh zualte external hard dik ah emaw, pendrive ah emaw DVD/CD ah te backup thin rawh.
File wall emaw Antivirus a\angin emaw heng a hnuai a mi te hi block rawh.

IPs

16.0.5.10:135 16.0.5.10:49 10.132.0.38:80 1.127.169.36:445 1.34.170.174:445 74.192.131.209:445 72.251.38.86:445 154.52.114.185:445 52.119.18.119:445 203.232.172.210:445 95.133.114.179:445 111.21.235.164:445 199.168.188.178:445 102.51.52.149:445 183.221.171.193:445 92.131.160.60:445 139.200.111.109:445 158.7.250.29:445 81.189.128.43:445 143.71.213.16:445 71.191.195.91:445 34.132.112.54:445 189.191.100.197:445 117.85.163.204:445 165.137.211.151:445 3.193.1.89:445 173.41.236.121:445 217.62.147.116:445 16.124.247.16:445 187.248.193.14:445 42.51.104.34:445 76.222.191.53:445 197.231.221.221:9001 128.31.0.39:9191 149.202.160.69:9001 46.101.166.19:9090 91.121.65.179:9001 2.3.69.209:9001 146.0.32.144:9001 50.7.161.218:9001 217.79.179.177:9001 213.61.66.116:9003 212.47.232.237:9001 81.30.158.223:900 1 79.172.193.32:443 38.229.72.16:443

Domains:

iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com

Rphjmrpwmfv6v2e[dot]onion

Gx7ekbenv2riucmf[dot]onion

57g7spgrzlojinas[dot]onion

xxlvbrloxvriy2c5[dot]onion

76jdd2ir2embyv47[dot]onion

cwwnhwhlz52maqm7[dot]onion

File Names:

<76>@Please_Read_Me@.txt

<78>@WanaDecryptor@.exe

<80>@WanaDecryptor@.exe.lnk