Eternal Blue means that on the evening of April 14, 2065438, the hacker group Shadow Brokers released a large number of network attack tools, including the Eternal Blue tool, which can take advantage of the SMB vulnerability of Windows system to obtain the highest authority of the system. 12 in may, criminals made wannacry ransomware by transforming "eternal blue", which was recruited by many universities, large enterprises and government agencies in Britain, Russia, Europe and China, and was blackmailed to pay a high ransom to decrypt the recovered files.

Malicious code will scan the Windows machine that opens the port of 445 file * * * * without any operation by the user. As long as the computer is turned on and connected to the Internet, criminals can implant malicious programs such as ransomware, remote control of Trojan horses and virtual currency mining machines into computers and servers. Hackers use Petwarp, a variant of Petya ransomware. When attacking, they still take advantage of the Eternal Blue blackmail virus vulnerability, get the system user name and password for intranet transmission, and use the known OFFICE vulnerability, Eternal Blue SMB vulnerability, LAN infection and other network self-replication technologies to make the virus break out in a short time. At the same time, this virus is different from ordinary ransomware. It does not encrypt every file in the computer, but makes the master boot record (MBR) unable to run by encrypting the master file table (MFT) of the hard disk, and restricts the access to the complete system by occupying the file name, size and location information on the physical disk, thus making the computer unable to start, which is more destructive to the system than ordinary ransomware.

Generally speaking, locking your data, blackmailing you and fixing the loopholes in time can effectively curb it.