The virus-extortioner attacked computers around the world. The network appeared "the most dangerous in history" Computer virus as the new computer virus is called
Viruses, Trojans, Wormies and other malware - this literality always grabs online. We'll figure it out what a virus is how he lives and what harms our computers.
Computer viruses: what is it?
The virus is an independent program that is installed against the will of the user on its computer. The virus establishes itself into the software or in the operating system, damages software, and then continues to spread through the system. The same human biological virus is done, and causes diseases, hence the name.
The word "virus" is often used both by ordinary users and professionals as the designation of any malicious programs. However, the virus in a classical understanding is precisely the pest, breaking the PC, violating his normal work.
Computer virus can be "picked up" in different ways. For example, web pages and postal attachments can be used to directly launch the virus into the system. Often the virus is embedded in the program downloaded from the Internet, which "produces" the virus on the will after you install it.
When the virus starts, it infects a lot of files, that is, copies its malicious code in them to exist on the computer as long as possible. Threats can be accessed both by simple documents Word and scripts, program library and all other files on your computer.
What damage causes a computer virus?
Viruses can apply the most different harm. In most cases, they delete files or irreversibly damage them. If this happens to an important system file, you will not be able to run the operating system after infection. Damage to physical equipment is also possible, but it happens quite rarely. For example, among other things, the virus can accelerate the video card, causing it overheating and leading to failure.
How to recognize viruses?
A real virus written by a professional does not allow the user to find out that the computer is infected. Or a user can understand it only when it is too late.
However, there are several tips: if your computer suddenly has become noticeably slower, it may be a sign of the presence of a virus.
Find and remove the virus will help you antivirus scanner. There are many free software for scanning a computer to viruses.
Anti-virus software or anti-virus scanner at the network connection level will help you prevent the penetration of the virus on the PC. In the following material, we will tell about the best anti-virus software for the Windows operating system and what antivirus is the most productive.
You can read about mobile antivirus for Android in our review.
The virus struck the inner computer system of the Ministry of Internal Affairs of Russia, computers were defeated immediately in several regions of the country, Varlamov.ru reported several sources familiar with the situation.
A little earlier, information about a possible infection appeared, in particular, to Pikabu and the Kaspersky Forum. Some users write that, perhaps, we are talking about WCRY virus (also known as Wannacry or Wannacryptor) - it encrypts the user files, changes their extension (presumably on.wncry) and asks to buy a special decrypt for bitcoins, otherwise the files will be deleted.
"For the first time appeared in February 2017, but was updated and now looks otherwise than previous versions," writes one of the users on the Kaspersky forum.
There was a massive infection of the Cryptovirus network of the Ministry of Internal Affairs in the country. For sure there is already in Lipetsk, Penza, Kaluga regions. 300 bucks are asked on the desktop. Name of the @wanadeRiptor virus. On some computers there is a report until May 19. Who else heard is - share.Today at 22:04.
Most likely, there is no speech on a targeted attack. The virus works only on Windows - it uses vulnerability in the operating system and applies to blindly: that is, does not choose the victims, but infects those who are not protected. Microsoft closed this vulnerability in March: the company has released an update that is automatically installed on computers of ordinary users. Everyone who has updated the system, the virus does not threaten. In some updates, updates are not automatically installed, but from the approval of people responsible for safety. Apparently, those departments and companies in which the update was not installed were faced with problems.
Today at 22:04.
An hour ago, if you believe the experts, the attack looked like this.
Today at 22:02.
Hackers organized cyberataks around the world took advantage of spyware, which allegedly applied the US National Security Agency (ANB). This was reported to the American newspaper Politico.
According to her, intruders who requiring redemption for the restoration of computer networks, used spyware, which previously distributed a group of hackers, protruding under the pseudonym of Shadow Brokers. They argued that they had access to supposedly developed by the NSB programs. According to Shadow Brokers, it is aimed at breaking computers running the Microsoft Windows operating system (OS) of Windows. With the help of them, any user who has sufficient technical knowledge can cause damage to millions of users of this OS, hackers claim. Programs also allow you to crack the firewall and kidnap the electronic data.
Today at 22:01
The electronic system of the Regional Court of the Brazilian state of São Paulo was disabled as a result of kiberataki. This was announced on Friday on its website Folha di Sao Paolo.
According to the publication, the court employees received a recommendation from specialists to turn their computers immediately. At 14:45 local time (20:45 Moscow time) website of the institution did not function.
Today at 21:53.
The MegaFon operator had to turn off part of the computer network due to the fact that computers of employees of the company were undergoing a hacker attack. As Tass said the director of MegaFon on public relations Peter Lidov, the operator has already restored the work of the call center, and in the next few hours it is planning to completely eliminate the problems that have arisen because of the cyberatics.
"The scale is quite large, touched most of the regions of our country. But we cope, now, together with the "Kaspersky Lab" (the decisions of which "MegaFon" uses to protect), solve this issue, "said Lidov.
According to Lidov, computers of employees began to reboot suddenly, and after the reboot, a window appeared demanding to pay $ 300, which did not allow to continue working. All computers MegaFon, who were attacked hackers, operate on the Windows operating system and are combined into the network, the operator's representative said.
To prevent the spread of the virus, "I had to turn off part of the internal networks," the leads noted. "Now we have fully restored the work of the call center. It is important that on the quality of communication it (Kiberatka) did not affect anywhere, "he said. The specific number of computers that were disabled, he did not specify.
Today at 21:48.
Currently, the Kaspersky Lab experts analyze the malware samples to establish data decryption, the company's representative said.
He explained that the attack took place through the well-known network vulnerability of Microsoft Security Bulletin MS17-010, after which a set of scripts was installed on an infected system, using which attackers launched the encryption program.
"All solutions" Kaspersky Lab "detect this rootkit as mem: trojan.win64.equationdrug.gen. Kaspersky Lab decisions also detect encryption program holders that were used in this attack by the following verdicts: Trojan-Ransom.win32.scatter.uf; Trojan-ransom.win32.fury.fr; PDM: Trojan.win32.Genic (To detect this malware, the "Monitoring system" component must be included), "he said.
According to him, to reduce the risks of infection, companies are encouraged to establish a special patch from Microsoft, make sure that protective solutions are included on all nodes of the network, as well as run the scan of critical areas in a protective decision.
"After the MEM detection: Trojan.win64.equationDrug.gen, it is necessary to restart the system; In the future, to prevent such incidents, use threat information services in order to obtain data on the most dangerous target attacks and possible infesses, "the representative of Kaspersky Lab stressed.
(Interfax)
Today at 21:44.
United Kingdom Prime Minister Teresa May: "We are aware that many organizations of the National Health System (NHS) reported that they were injured from the attack of the extortioner virus. But her goal was not NHS, this is an international attack that many countries and organizations suffered. "
Today at 21:43.
Former employee of the National Security Agency (ANB) of the United States Edward Snowden, hiding from the US authorities, noted At twitter, the patients clinics have now suffer because of the developed HCB tools. (and they suffer now, as we know, not only they)
Today at 21:27
Hackers attacked on Friday Medical institutions of Great Britain, as well as the Spanish telecommunications company Telefónica, used a modified malware of the National Security Agency (ANB) of the United States, writes the FINANCIAL TIMES edition with reference to analysts in the field of cybersecurity.
According to experts, a tool of American intelligence service, known as Eternal Blue ("Insecure Blue") was combined with the "Wannacry" program.
The program developed by the NAM allows the virus to spread through the file sharing protocols that are installed on computers of many organizations.
With this assessment, several officials agree on the security bodies of Western countries, the newspaper notes.
(RIA News")
Today at 21:20
According to an influential group of experts on cybersecurity MalwareHunteTeam, the most of all the servers in Russia and Taiwan were injured as a result of the attack of the virus.
A strong blow was also computer systems of Great Britain, Spain, Italy, Germany, Portugal, Turkey, Ukraine, Kazakhstan, Indonesia, Vietnam, Japan and the Philippines.
"The new virus applies to hellish speed," the MalwareHunteTeam researchers report.
Today at 21:19.
The Kaspersky Lab specialists have established that Wannacry's actively spreading virus uses the well-known network vulnerability of Windows, closed Microsoft specialists in March. This is stated in a statement entered by the "MediaZones".
"As the analysis showed, the attack took place through the well-known Network Vulnerability of Microsoft Security Bulletin MS17-010. Then a rootkit was installed on the infected system, using which attackers launched the encryption program, "the document says.
"At the moment, the Kaspersky Lab recorded about 45,000 attempts of attacks in 74 countries around the world. The greatest number of attempts to infections is observed in Russia, "noted in the company.
Today at 21:17.
In Kaspersky Lab, more than 45 thousand attacks recorded, almost all of them to Russia.
Today at 21:15.
Tip from "Varlamov.ru":
As you know, there is now a mass attack on computers around the world. If you work on Windows - you are in a potential risk group. But do not panic and do not try to restart the computer! It is better to save important data on an external disk or cloud while everything works. And go to rest. If it turns out that your computer is still infected, you simply reinstall the system and restore data from the backup.
Today at 21:13.
Svetlana Petrenko, Representative of the Investigative Committee: "There were no hacker attacks on the resources of the investigative committee. Everything works in normal mode. "
TASS with reference to the source in the police reports that in the Ministry of Internal Affairs, no hacker attacks were also recorded.
A source: "As of 20:00 MSK, a unified system of information and analytical support of the agency was not hazardous."
According to a number of users, we are talking about WCRY virus (also known as Wannacry or Wannacryptor) - it encrypts the user files, changes their expansion and requires you to buy a special decipher for bitcoins.
Avast employee (antivirus developer) Yakub Crawsec in his Twitter reported that at least 36 thousand computers around the world is already infected. Most of them are located in Russia, in Ukraine and in Taiwan.
Earlier it was reported that the virus extortionist in hospitals throughout the UK. The network has already appeared a map of virus spreading world.
Because of the hacker attack, the Russian operator MegaFon had to disable part of the computer network. As the director of the Operator on Public Relations of Peter Lidov said, computers of employees began to reboot suddenly, and after the reboot, a window appeared demanding to pay $ 300, which did not allow to continue working.
Peter Lidov: "The scale is quite large, touched most of the regions of our country. But we cope, now together with the "Lab Kaspersky" (the decision of which "MegaFon" uses to protect) decide this issue. "
Spanish media report that the local telecommunications company Telefonica is also attacked by a virus-extortionist. Hackers demanded to pay until May 15, an amount equivalent to 509,487 euros. If this does not happen, the attackers threatened to remove all archives to which access.
Financial Times, with reference to analysts in the field of cybersecurity, it writes that during attacks in the UK and Spain, a modified malware program of the National Security Agency (ANB) was used. According to experts, the American intelligence tool, known as Eternal Blue ("inexhaustible blue"), was combined with the Wannacry extortion program.
The British Prime Minister Teresa May commented on the world cyberspace. According to her, attacks on hospitals of the country are part of a global hacker attack.
Teresa May.: "We know that a number of medical institutions reported a hacker attack. This attack was not directed to NHS (National Health System - Ed.). This is part of the international hacker attack, affected by the institution in different countries ... We do not have the information that information about patients fell into foreign hands. "
The Internet expert Grigory Bakunov on the Echo Moskvy radio station told that the virus threatens only computers based on the Windows operating system. Most of the owners of smartphones do not fear.
Grigory Bakunov: "This malware is trying to work with state and large structures, but the usual people suffer. This hole in Windows has everyone, to exploit it is easy. And if the computer did not receive the last update from Windows, it is vulnerable. This does not concern mobile systems, such as Android and iOS. "
Failures in the work of the traffic police units are eliminated. This was stated in the press service of the Ministry of Internal Affairs. Previously, it became known that in a number of Russian regions, there was, in particular, the problem with issuing driver's licenses. Computers of ministry employees were infected with a virus, which rapidly spread throughout the world.
In Russia, in addition to the Ministry of Internal Affairs, the malicious program has penetrated the Ministry of Emergency Situations, Russian Railways, Sberbank, MegaFon. In general, by this minute, companies and departments report localization or elimination of the problem. And Microsoft has taken extraordinary measures: released an emergency update that eliminates vulnerabilities not only for the latest operating systems, but also for obsolete Windows XP. It has not been officially supported official from 2014, although it is still very popular.
British doctors in the last day are refund to the paper century. Planned medical procedures are delayed for several days if possible, assistance is provided primarily to emergency patients. So far, it was not possible to fully restore the operation of computers in which the patient records, analyzing results and much more. The cause was the WCRY virus - a reduction from the English Wanna Cry (in translation means "I want to cry").
Soon it turned out that such emotions are tested far from only in Britain. Before, there were reports that the virus struck computers of the Spanish telecommunications giant Telefonica, then shifted to France, Germany, Italy, Romania. The malicious program on the planet spread with the speed of a forest fire.
"We are actually watching today as the script of the kibebrospocalypsis unfolds. Anxiety events relate to the entire industry. Only over the past 24 hours 45 thousand systems in 74 countries were infected, "said Varun Badhwar, expert on computer security.
Each system is sometimes not even hundreds, but thousands of computers. On the screens of each of them, users saw a message translated on tens of languages. It says that all information on the computer is encrypted, and for decoding and the ability to continue work must be paid. Depending on the country - 300 or 600 dollars.
Similar viruses extortioners have been known for many years, however, if the usual users were often faced with this, now the main blow has come primarily to organizations that have, without exaggeration, strategic importance for each country.
"It is clear that they hit the critical one. And it is clear that the criminals will always look for the most vulnerable points, that is, which will really pay. And this is simply talking about cynicism, "said the adviser to the President of Russia on the development of the Internet Hermann Klimenko.
Among the affected and Russia. Even on the eve, the first data appeared that the malicious program has penetrated into computers of the Ministry of the Interior. Messages about the consequences of failures came from different regions. Thus, in the Moscow region Zhukovsky, according to testimonies, computers did not work on the eve of the visitors. Immediately in several cities had to temporarily suspend the issuance and replacement of driver's licenses, car numbers.
"At the moment, the virus is localized. Technical work is carried out on its destruction. The leakage of official information from the information resources of the Ministry of the Interior is completely excluded, "the official representative of the Ministry of Internal Affairs of Russia Irina Wolf.
Avral at the programmers and in the Information Center "Russian Railways". The virus is penetrated there. The scale of the problem is not reported, but it is known that some passengers faced inconvenience when placing tickets via the Internet.
"Currently the virus is localized. There were no technological failures inside the network. Accordingly, this viral attack did not affect the transportation of goods and passengers. There is no threat to safety, "Russian Railways press secretary reported Ekaterina Gerasimov.
Such large Russian companies as MegaFon and Yota are faced with problems. Obviously, the victims are much more, but most prefer not to spread about it. Most companies restores systems from the so-called backup copies of databases that are periodically saved on special servers.
Meanwhile, law enforcement agencies in different countries are trying to go to the trail of hackers who organized an attack worldwide. Although it is extremely difficult to do it. After all, it is still not clear whether the virus has been launched from the territory of which country. The British newspaper The Telegraph, however, had already hurried to accuse in the happening of the notorious "Russian hackers."
However, even Western experts were skeptical to such a pursuit of sensation. After all, the strongest strike of the virus just fell on Russia. According to independent antivirus companies, the largest number of infected computers in our country.
It is also known that in fact hackers did not come up with anything new. They only used the program that the United States National Security Agency was stolen. This was reported by a former employee of this American intelligence agency Edward Snowden.
From Twitter E. Snowden: "CSO, the decision of the NSB to create attack tools for American software now puts at risk of hospitals' patients."
According to Snowden, hackers just modified the program that the US National Security Agency used to spy for users around the world.
The special services used a vulnerability in the Windows operating system for many years. And only recently in Microsoft spun.
"Free Microsoft Anti-Virus and the updated version of Windows are protected. Back in March, we added security update, which provides additional protection against a potential attack, "said Microsoft spokesman in Russia Christina Davydov.
Who is now using the secret developments of American special services - unknown. And even if you pay criminals, the financial trail will not lead anywhere. After all, payment for the resuscitation of the computer is taken exclusively in Bitcoins. This is one of the most popular so-called cryptocurrency today. Not money, and digital code, track which is simply impossible.
"Why is hackers always ask in Bitcoins? How to remember from films about pirates, they loved gold most. Why? Because he is transmitted from hand to hand. You can not trace how this process passes. The same happens with modern pirates, hackers. They always want to get bitcoins, because it is an uncontrolled way of sharing values, "says Migori Bakunov Internet technologies specialist.
In any case, specialists in digital technologies still advise extorters not to pay. First, no guarantee, which is not deceived, and then, if you pay once, then in the future, most likely you will have to pay further.
Antivirus companies promise to release protection before the new work week. The message about the first success in has already come from the same Britain. One of the programmers completely accidentally managed to stop the spread of the virus.
Vilnius, May 13 - Sputnik, George Voronov. The virus-extortion has infected computers around the world.
It all started with Spain, but the noise rose after kiberatak to British medical institutions, because it was possible to break the computers of hospitals and clinics, and there was a danger to people's lives.
This virus, from the so-called crypto viruses or encrypters, and makes any files encrypted, and the inverse decryption is possible for a fee. We are talking about WCRY Virus-Virus, also known as Wannacry (Wanna Decryptor) or WannacryPT0R 2.0. It encrypts information on a computer and requires a purchase of ransom in the amount of from 300 to 600 dollars bitcoins for decoding.
According to an influential group of experts on cybersecurity MalwareHunteTeam, the most of all the servers in Russia and Taiwan were injured as a result of the attack of the virus. A strong blow was also computer systems of Great Britain, Spain, Italy, Germany, Portugal, Turkey, Ukraine, Kazakhstan, Indonesia, Vietnam, Japan and the Philippines.
History of capture
"The new virus applies to hellish speed," the MalwareHunteTeam researchers report.
Antivirus Avast recorded on Friday 57 thousand hacker attacks with Wannacry virus, reported on the company's blog. This virus was noticed by the company's experts back in February, but on Friday there was a mass distribution of the new version of the hacker program.
In turn, the Kaspersky Lab on Friday recorded 45 thousand hacker attacks in 74 countries around the world using the Wannacry virus, and the greatest number of infections attempts occurred in Russia. Computers of the largest companies and federal ministries were attacked, including Sberbank, MegaFon, MIA and MOE.
Who is guilty?
The United States offered international assistance in the fight against viral attacks. The US Department of Internal Security (IMB) announced its willingness to provide technical support and assistance in the fight against the "Wannacry" program. The statement notes that in March, a patch was released, designed to eliminate vulnerability before the virus. Installation Patch helps protect the operating system from this threat, reported in the ministry.
"We are actively exchanged information related to this event, and are ready to provide technical support and assistance in case of the need for our partners both in the United States and at the international level," the report says.
Meanwhile, the former employee of the American special services Edward Snowden wrote in his Twitter, that during the global hacker attack on Friday a computer virus was used, originally developed by the US National Security Agency (ANB).
"The AB decision to create tools for the attack of American software is now threatening the lives of patients in hospitals," Snowden noted. "Despite the warnings, the NSA has developed such tools. Today we see what it costs."
Confine yourself
Experts note that those computers are vulnerable to "UPDATE". In fact, if you are steadily updating your Windows, there will be no problems. In cases of infection, a very large percentage is a human factor.
Such crypto viruses are mainly distributed in the form of electronic messages. They can be obtained from acquaintances whose computers hacked, or from strangers. The letters contain an application.
There are two ways to infection. In one case, this file in the "Exel" format, mostly "Zip", people open an attachment in e-mail and immediately starts the process that encrypts files. The second option is macros. The program "Microsoft Office" has so-called macros that work in the same "Word" or "Exel". This, so to speak, additional programs. Now, if you run the "Word" file, you are asked: there are macros in the file, activate? You click "OK" and macros begin to download viruses. "
If you do not open the attachments received from unfamiliar people, as well as unusual files received from acquaintances, the infection of the crypto virus is unlikely to occur.