未登录,请登录后再发表信息
最新评论 (0)
播放视频

WannaCry病毒背后的故事

Why Was the WannaCry Attack Such a Big Deal?

5月12日 星期五 它占据了各大新闻媒体头条
It was all over the news on Friday, May 12th:
英国医院因进不去电脑系统而不得不拒收病人
Hospitals in the UK couldn’t get access to their systems and were turning patients away.
法国汽车工厂也被迫停工
Car factories in France had to shut down.
一家西班牙通讯公司要求其员工关闭电脑
A Spanish telecommunications company told their employees to shut down their computers.
WannaCry蠕虫的攻击范围广及全球 造成了大规模的计算机病毒感染
Computers all over the world were being infected by WannaCry,
世界互联网社会一度陷入混乱
a massive hacking attack that caused worldwide computer chaos.
截止到5月14日 不少于150个国家的超过20万台电脑遭到攻击
By May 14th, more than 200,000 computers in more than 150 countries had been affected.
不过 此次攻击似乎并没有造成长期性损失
And yet, the attack didn’t seem to cause much long-term damage
黑客们总共只赚了约10万美元
and the hackers only made about $100,000 in total.
我们刚刚目睹了迄今规模最大最奇特的电脑袭击之一
We just witnessed one of the largest and strangest computer attacks ever.
音乐
[music]
WannCry是一种勒索病毒
WannaCry is an example of a type of attack called ransomware
受感染电脑的数据会被加密
where the data on an infected computer is encrypted or scrambled.
如果想取回自己电脑里的文件 黑客们会要求你支付赎金
In return for restoring access to your files, the hackers demand a ransom payment —
此次事件中 赎金为价值300到600美元不等的比特币
in this case, either $300- or $600-worth of the digital currency bitcoin.
勒索软件有许多种 但WannaCry传播速度非常快
There are lots of kinds of ransomware out there, but WannaCry spread very quickly
安全专家认为 这是因为它使用了NSA创造的工具
using a tool that security experts believe was created by the NSA.
需要澄清的是 NSA对窥探和勒索不感兴趣
To be clear, the NSA wasn’t interested in ransom, just in snooping,
但他们发明的一种工具 能有效利用微软软件的安全漏洞
but they created a tool that took advantage of a security weakness in Microsoft software.
该工具称为永恒之蓝 它可以利用服务器信息块
This tool, dubbed EternalBlue, exploits a vulnerability in something called
即SMB协议中的漏洞
the Server Message Block, or SMB protocol.
SMB协议是一个网络文件共享系统
The SMB protocol is basically a system for sharing file access across a network.
人们无时无刻不在使用该系统 你也许从未听说过它
It’s used by lots of people all the time, and the reason why you might never have heard
因为它通常是绝对安全的
of it is that normally, it’s totally safe.
NSA人员发现 在Windows的某些版本中
Well, the NSA discovered that in some versions of Windows,
入侵者可以远程利用SMB协议传送大量资料
the SMB protocol can be tricked into accepting packets of data from remote attackers.
永恒之蓝就是利用这一弱点植入病毒的
EternalBlue was designed to use that flaw as a way in.
想想都觉得别扭 但如果不是今年早些时候机密泄露
That’s pretty freaky to think about, but no one outside of the NSA would have known
NSA以外的人根本不会知道这一漏洞 WannaCry这一病毒
about it — and WannaCry might never have happened —
也许不会得以传播
if it weren’t for a leak earlier this year.
四月 一个据传隶属于俄罗斯 名为暗影破坏者的黑客组织
In April, the Shadow Brokers, a group of hackers that’s thought to be tied to Russia,
从NSA盗取了永恒之蓝程序并将其发布在了网上
stole EternalBlue from the NSA and published the exploit online.
之后 微软公司很快就为目前仍正式支持的系统
Microsoft quickly released a patch for the issue for the operating systems
例如Win7 win10 发布了补丁
they still officially support, like Windows 7 and Windows 10.
理论上讲 这足以抵挡任何潜在的危险
In theory, that should have headed off any potential problems.
有了补丁 永恒之蓝就毫无用处
With the patch, EternalBlue would be useless.
然而 并非所有人都定期下载安装补丁 升级电脑系统
But, not everyone actually installs patches and updates their systems regularly.
我是说 某些时候我们都点击了“明天提醒我”
I mean, at some point we’ve all clicked the button saying “tomorrow!
这一按钮
Remind me tomorrow!”.
实在令人烦恼
It’s annoying.
还有超过5%的Windows电脑仍在使用XP系统
And more than 5% of Windows computers are still running XP,
尽管微软三年前就已经停止对XP进行安全升级
even though Microsoft stopped releasing security updates for it three years ago.
因此 全世界人们的网络安全留下了一个漏洞
So, people and organizations worldwide were left with a gaping hole in their cybersecurity,
而WannaCry也正是利用了这一点
which WannaCry took advantage of.
英国的国民医疗保障系统格外容易遭到袭击
The UK’s National Health Service hospital system was especially vulnerable because as
因为直到去年 该系统中90%的医院电脑仍是XP系统
recently as last year, computers in 90% of NHS hospitals were still running XP.
许多人会责怪医院16年不更新操作系统
It’s easy to blame the hospitals for using a 16-year-old operating system.
毕竟 升级个系统并不是那么麻烦
Like, it doesn’t seem that hard to upgrade.
但事实并非那么简单
But it’s not that simple.
从核磁共振到显微镜成像 医院里几乎所有仪器都会用到电脑
From MRIs to microscopes, practically everything in hospitals uses computer programs,
让它们与新一代操作系统兼容是个难题
and it’s often hard to get them to work properly with newer operating systems.
因此全方位升级换代需要大量资金
So upgrading everything would have been a major IT investment.
不过医院的所有数据都有备份 因此 在受到攻击不到一天的时间里
The hospitals’ data was all backed up, though, so within a day of the attack,
几乎所有的数据都已得到恢复 医院工作回归正轨 没有支付任何赎金
pretty much everything was up and running again, no ransom payments needed.
但就像并不是每个人都及时下载安装烦人的升级软件
But just like not everyone downloads and installs those annoying software updates promptly,
也并非每个人都会留心备份数据
not everyone is as vigilant about backing up as they should be.
所以 许多大型公司机构的电脑数据得以保存
So even though most big organizations were fine,
但许多个人数据信息都已丢失
lots of individual people were losing access to their data.
直到有人发现该病毒有一个巨大的漏洞
That is, until someone discovered that WannaCry had a major flaw:
一位匿名的英国网络安全专家无意间发现 该病毒有一个自毁装置
a kill switch that an anonymous cyber security expert in England discovered almost by accident.
发现该病毒弱点的勇士自称为MalwareTech
The hero, who goes by the name MalwareTech,
他在周五病毒蔓延时浏览WannaCry代码
was looking through the WannaCry code as it spread on Friday
发现它可以用来检验特定的一串无序URL是否能链接到一个特定网站
and found that it was built to check whether or not a specific gibberish URL led to a live website.
于是他注册了域名 想知道会发生什么
So he registered the domain name to see what would happen.
原来那是病毒制造者设定的一个自毁开关
And it turned out to be a kill switch built in by the ransomware’s creators.
注册URL是使病毒停止传播的信号
Registering the URL was a signal that stopped the malware from spreading.
这一病毒的新变种已经出现并继续传播
New variants of the malware have popped up and continued to spread,
但它们大多数都带有作为自毁开关的域名
but they’ve mostly included their own kill switch domain names,
使保卫网络安全变得像玩打地鼠游戏
leading to a game of cyber security whack-a-mole.
我们不清楚 袭击背后的黑客为什么要将自毁开关写在代码里
It’s not clear why the hackers behind the attack included this in the code,
但幸好他们这么做了
but we’re lucky they did.
这就是关键 基于永恒之蓝的那部分病毒代码
And that’s the thing: the part of the ransomware’s code that’s based on EternalBlue
极其复杂
is really sophisticated.
但据网络安全专家所说 病毒中包含自毁开关 是新手才会犯的错误
But according to security experts, having a kill switch was an amateur mistake.
病毒的赎金支付系统也不够严密
So was the way the hackers set up their ransom payment system.
幕后黑手们无法通过支付系统记录已交付赎金的名单
They didn’t code it in a way that let them keep track of who actually paid the ransom,
且只能人工解码每个受害者的文件
and it’s set up so they would have to decrypt each victim’s files manually.
这就可以解释 为什么几乎没有受害者的文件被解码
Which might explain why almost no one seems to have gotten their files decrypted.
一次更周密的袭击会造成重大得多的损失
So a more sophisticated attack could have done a lot more damage.
由此说来 WannaCry和它的拙劣模仿者本不该有如此影响
At this point, there’s no reason anyone else should be affected by WannaCry or its copycats:
因为 针对Windows XP等易受感染的旧操作系统
Microsoft released special one-time patches for old operating systems
微软公司发布了特殊的补丁 无论使用哪种操作系统 包括XP
that are vulnerable, including Windows XP, so no matter what you’re running,
只要你已经升级 你都是安全的
you should be safe if you update.
对于已被感染的电脑 网络安全专家们已经发布工具
And if you were infected by WannaCry, security researchers have released tools
能够解码文件 只要你没有重启你的电脑
that can decrypt your files as long as you haven’t rebooted your computer.
我们至今仍不知道背后的始作俑者是谁 甚至可能永远不会知道
We still don’t know for certain who was behind this, and we may never find out.
尽管 这不会是最后一次世界级计算机病毒攻击
This won’t be the last time a malware attack sweeps the planet, though.
黑客们总是能找到新的漏洞
Hackers are always finding new vulnerabilities,
也总有一些人不及时升级系统
and there will always be people who don’t update right away.
因此 WannaCry给我们上了浅显生动的一课 升级系统 定期备份
So, WannaCry’s lesson is clear: install those updates, and back up your stuff.
感谢观看本集科学新闻
Thanks for watching this episode of SciShow News.
衷心希望不远的将来 我们不用再制作另一期关于大规模网络袭击的节目
Hopefully we don’t have to make another news episode about a massive computer attack any time soon,
但如果你想进一步了解这类重大事件
but if you want to learn more about some really bad ones,
可以观看我们关于史上破坏力最强计算机病毒的节目
check out our video about the worst computer viruses of all time.

发表评论

译制信息
视频概述

WannaCry病毒一度席卷全球,造成巨大的轰动。为何它的传播速度如此迅速?最终是如何被破解的?其中又有哪些令人困惑不解的谜团?

听录译者

收集自网络

翻译译者

青岩暑茶

审核员

与光同尘

视频来源

https://www.youtube.com/watch?v=etPizFNPupk

相关推荐