The disruptions in the work of the traffic police departments have been eliminated. This was stated by the press service of the Ministry of Internal Affairs. Earlier it became known that in a number of Russian regions, in particular, a problem arose with the issuance of driver’s licenses. The computers of ministry employees were infected with a virus that quickly spread throughout the world.
In Russia, in addition to the Ministry of Internal Affairs, the malicious program penetrated the networks of the Ministry of Emergency Situations, Russian Railways, Sberbank, and Megafon. In general, by this minute, companies and departments report that the problem has been localized or resolved. And Microsoft took extraordinary measures: it released an emergency update that eliminates vulnerabilities not only for the latest operating systems, but also for outdated Windows XP. It has not been officially supported since 2014, although it is still very popular.
British doctors have called their work in the last 24 hours a return to the paper age. If possible, planned medical procedures are postponed for several days, and care is given first to emergency patients. Until now, it has not been possible to completely restore the operation of the computers that kept patient records, test results, and much more. The cause was the WCry virus - an abbreviation for the English Wanna Cry (translated as “I want to cry”).
It soon became clear that such emotions were not only experienced in Britain. Then there were reports that the virus had infected the computers of the Spanish telecommunications giant Telefonica, then spread to France, Germany, Italy, and Romania. A malicious program spread across the planet like wildfire.
“We are actually watching a cyber apocalypse scenario unfold today. Alarming developments affect the entire industry. In the last 24 hours alone, 45,000 systems in 74 countries have been infected,” said computer security expert Varun Badhwar.
Each system is sometimes not even hundreds, but thousands of computers. On the screens of each of them, users saw a message translated into dozens of languages. It says that all information on the computer is encrypted, and you must pay for decryption and the ability to continue working. Depending on the country - 300 or 600 dollars.
Similar ransomware viruses have been known for many years, however, if we have encountered this more often before regular users, then now the main blow fell primarily on organizations that, without exaggeration, are of strategic importance for each country.
“It’s clear that they hit the most critical ones. And it is clear that criminals will always look for the most vulnerable points, that is, those who will really pay. And this simply speaks of cynicism,” said Adviser to the Russian President on Internet Development German Klimenko.
Russia is also among the victims. Just the day before, the first data appeared that a malicious program had penetrated the computers of the Ministry of Internal Affairs. Reports of the consequences of failures came from different regions. Thus, in Zhukovsky near Moscow, according to the testimonies of visitors, the computers in the passport office did not work the day before. Several cities at once had to temporarily suspend the issuance and replacement of driver's licenses and car license plates.
“At the moment the virus has been localized. Technical work is being carried out to destroy it. Leakage of proprietary information from information resources The Ministry of Internal Affairs is completely excluded,” said the official representative of the Russian Ministry of Internal Affairs, Irina Volk.
The programmers and the information center of Russian Railways are in a rush. The virus has penetrated there too. The extent of the problem is not known, but it is known that some passengers encountered inconvenience when issuing tickets online.
“The virus is currently contained. There were no technological failures within the network. Accordingly, this virus attack did not affect the transportation of goods and passengers. There is no security threat,” said Russian Railways spokeswoman Ekaterina Gerasimova.
Such large ones also faced problems Russian companies, like Megafon and Yota. Obviously, there are many more victims, but most prefer not to talk about it. Most companies restore systems from so-called database backups, which are periodically stored on special servers.
Meanwhile, law enforcement agencies different countries trying to get on the trail of the hackers who organized the attack around the world. Although this is extremely difficult to do. After all, it is still not clear from which country the virus was launched. The British newspaper The Telegraph, however, has already rushed to blame the notorious “Russian hackers” for the incident.
However, even Western experts were skeptical about such a pursuit of sensation. After all, the strongest blow of the virus fell precisely on Russia. According to independent antivirus companies, the most a large number of infected computers in our country.
It is also already known that in fact hackers did not come up with anything new. They just used a program that was stolen from the United States National Security Agency. This was reported by former employee of this American intelligence agency Edward Snowden.
From E. Snowden's Twitter: "Wow, the NSA's decision to create tools to attack American software is now putting the lives of hospital patients at risk."
According to Snowden, the hackers merely modified a program that the US National Security Agency used to spy on users around the world.
Intelligence agencies have been exploiting a vulnerability in the Windows operating system for many years. And only recently in Microsoft caught on.
"Users free antivirus Microsoft and updated version Windows are protected. Back in March, we added a security update that provides additional protection against a potential attack,” said Microsoft Russia spokeswoman Kristina Davydova.
It is unknown who is now using the secret developments of the American intelligence services. And even if you pay the criminals, the financial trail will lead nowhere. After all, payment for computer resuscitation is accepted exclusively in bitcoins. This is one of the most popular so-called cryptocurrencies today. Not money, but a digital code that is simply impossible to track.
“Why do hackers always ask for bitcoins? As you remember from movies about pirates, they loved gold most of all. Why? Because it is passed from hand to hand. It is impossible to trace how this process takes place. The same thing happens with modern pirates and hackers. They always want to get bitcoins because it is an uncontrolled way of exchanging value,” says Internet technology specialist Grigory Bakunov.
In any case, digital technology experts still advise not to pay extortionists. Firstly, there is no guarantee that they will not be deceived, and then, if you pay once, then in the future, most likely, you will have to pay more.
Antivirus companies promise to release protection before the start of the new work week. The message about the first success has already come from the same Britain. One of the programmers completely accidentally managed to stop the spread of the virus.
Yesterday, an epidemic of a new computer encryption virus began. It mainly affected the work of Russian and Ukrainian organizations, but also affected companies from other countries of the world. The virus warns users that all their files are encrypted, and attempts to recover them on their own are useless. The ransomware virus demands the transfer of $300 in Bitcoin cryptocurrency in exchange for unlocking access.
According to information from the Group-IB company (fighting cybercrime), during the day more than 100 companies in the CIS were affected, and by the evening Kaspersky Lab announced that the number of victims worldwide was in the thousands. The virus spreads on Windows systems, but the exact mechanism of its operation is not yet known, a Doctor Web representative said. Microsoft is aware of the situation and is conducting an investigation, a company spokesman said.
Attack on oil
In the afternoon, the largest Russian oil company, Rosneft, reported on its Twitter account about a powerful hacker attack on the company’s servers, without providing details. One of the employees of Bashneft (controlled by Rosneft), on condition of anonymity, told Vedomosti about the attack: “The virus initially disabled access to the portal, to the internal messenger Skype for business, to MS Exchange - they did not attach any significance, they thought it was just a network failure , then the computer rebooted with an error. Died HDD, the next reboot already showed a red screen." According to him, employees were ordered to turn off their computers. The information that the virus affected Bashneft was confirmed by two sources close to the company. A hacker attack could lead to serious consequences, however, due to the fact that the company switched to a backup system for managing production processes, neither oil production nor oil preparation was stopped, a Rosneft representative said.
How to avoid infection
To avoid infecting your computer with a virus, a Doctor Web representative advises not to open suspicious emails, create backups important data, install security updates for software and use an antivirus. A Kaspersky Lab representative also reminds its users to check if their antivirus is enabled. Also, using the AppLocker program, you need to block a file called perfc.dat, advises Kaspersky Lab. To stop the spread of the virus, companies need to close TCP ports (data distribution protocol over the network) 1024-1035, 135 and 445, Group-IB reported.
New victims
Late in the evening, the Bank of Russia reported that several Russian banks had been infected. The disruption due to a cyber attack was confirmed by the Russian Home Credit Bank (HKF-Bank). The bank stressed that it had noticed signs of instability and decided to conduct a review of all security systems. HCF Bank branches were open, but operated in advisory mode; ATMs and call centers continued to operate. The HCF Bank website was unavailable. A Vedomosti correspondent paid twice for the services of one of mobile operators via the Internet from a HCF Bank card.
The payments went through, the 3-D Secure protocol did not work - the bank client did not receive an SMS with a transaction confirmation code. At the Russian office of Royal Canin (a division of Mars), difficulties arose with IT systems, a company representative said. Evraz was also subject to a hacker attack, but its main production facilities continued to operate and there was no threat to employees or businesses, a company representative said. Virus attack affected offices in Europe (including Russia and Ukraine), a representative of the confectionery manufacturer Mondelez confirmed.
World Tour
Although Russia and Ukraine have recorded the most incidents, the virus is also active in other countries, said Vyacheslav Zakorzhevsky, head of the anti-virus research department at Kaspersky Lab. It is unlikely that a self-propagating virus can be configured so that it affects only certain countries, the representative of Doctor Web agrees.
The virus wishes to remain anonymous
This is the second case of a global ransomware attack in the last two months. In mid-May, a wave of infections occurred around the world. WannaCry ransomware. The virus infected computers that did not install the update operating system Windows. During the hacker WannaCry attacks hit up to 300,000 computers in more than 70 countries and encrypted the information on them, making it unusable. In Russia, in particular, Megafon and the Ministry of Internal Affairs were attacked.
Hey! Your computer is infected with a virus,
made by the Palestine Liberation Organization!
Due to the low level of development
programming in Palestine copy
virus on other computers and erase everything
files from this!
The last few days the “hot” topic is a terrible virus that encrypts the data on your computer and, if you don’t pay $300 to the ransomware, then erases everything. Advice from reputable computer gurus:
- Don’t forget to update your system and antivirus software,
- Don't forget to keep copies of important files,
- Don't forget to have paper copies.
Meanwhile, the disease is spreading, growing, tens of thousands of computers are affected in the world, on TV in the main zombie program “Burden” the presenter is broadcasting in all seriousness that horror, horror, horror, and in general there is no way without computers, now everything, even nuclear power plants, is controlled by them, and everything there is only through the computer, there’s not even a switch to turn it off, but the virus will creep in, dammit...
I look at all this bacchanalia and quietly go nuts.
Tens, if not hundreds of thousands of computers around the world are infected with a virus - how many are there in total?
Computers that control nuclear power plants, railway junctions, bridges, etc., into which a terrible computer virus gets in via the Internet... In fact, according to all the rules, computers that control critical equipment cannot be connected to the Internet. Of course, a significant part of them are connected, and system administrators and trusted employees close to them work time cut into tanks, but for this you have to unscrew the primary genitals. About the lack of switches and emergency shutdown buttons - this is completely nonsense.
Screams about terrible computer attacks are constantly inflated, firstly, by journalists who feed on inflated sensations and, secondly, by numerous computer security specialists.
Remember, for example, “The Year 2000 Problem”? When, due to the transition to the new millennium, everything computer systems, unable to process new format data should have died. I remember that I also received a paper from the rector’s office demanding that I prepare and be vigilant. And I read it, went crazy and filed a report that:
A) At that time we did not have working real-time systems at all
B) To check how computers will react to this terrible problem, at the end of the working day it is enough to set the time forward a year, work for half an hour, and then, having calmed down, return everything back
C) You can do it easier - rewind time a year ago and live in peace for a year.
In response, I received a two-point explanation:
1. I don't understand anything about the terrible Y2K problem,
2. There is an order from the Ministry of Health.
After which, in pursuance of the order of the Ministry of Health, some strange office, hired for a lot of money, went around my entire medical university, checking for vulnerabilities. They issued the following recommendation for the computers in my computer classes: the BIOS is outdated and needs to be changed to a new one.
If we look at the real damage from viruses, then over 30 years of use personal computers they are spreading more and more widely, the means of spreading viruses has become many times more numerous, their use in critical important technologies also increased, but the actual damage from viruses became much less.
In the early 90s, viruses seriously spoiled the blood. About once a week I had to deal with them, and once every few months I had to declare an emergency with cleaning and reinstalling the entire system and all programs.
In addition to the decrease in the prevalence of viruses, their “pathogenicity” has also decreased. In those years, there were often viruses that killed the hard drive or, in extreme cases, erased and spoiled everything, so that reinstallation was as hemorrhoidal as possible. Nowadays, viruses usually either engage in extortion or try to steal passwords.
The question of reducing the prevalence and “viciousness” of viruses is closely related to another - who actually writes them? In the old days, the main official supplier of viruses was considered to be programming students, but the main unofficial supplier was considered to be antivirus software firms. Perhaps the reduction in damage from viruses is due to the fact that antivirus software has de facto become a mandatory part of every computer software - why bother further? On the contrary, the spread of viruses will undermine faith in the benefit of antivirus programs, since they really do not protect.
There are actually many, many computers in the world infected with viruses, but viruses try not to advertise themselves. They do not erase or encrypt data, do not burn out the hard drive, and do not even charge money from a credit card, accompanying this obscenity with mocking messages. They just use your computers to send spam, DDOS attacks, etc. And they also snitch on the owner.
It's clear that everything large firms software development, including operating systems, antivirus programs etc., actively work with the special services - otherwise they would simply not be allowed to work. So the American intelligence services do not need to send viruses that introduce the ability to knock and remote control the operation of your computer - the necessary modules have already been there for a long time.
However, as you know, almost all “computer hardware” is produced in China. And introducing “bookmarks” into it is not such a difficult matter, especially since in reality it is impossible to check everything. A modern processor, for example, has circuitry with over a billion transistors - who knows how it REALLY works?
So, in case of misunderstandings in the interactions between China and the United States, in fact, almost all computer technology, including smartphones, can one day give you a long life. So don’t throw away paper books - they can not only be read, they can also be drowned..
Yesterday, an epidemic of a new computer encryption virus began. It mainly affected the work of Russian and Ukrainian organizations, but also affected companies from other countries of the world. The virus warns users that all their files are encrypted, and attempts to recover them on their own are useless. The ransomware virus demands the transfer of $300 in Bitcoin cryptocurrency in exchange for unlocking access.
According to information from the Group-IB company (fighting cybercrime), during the day more than 100 companies in the CIS were affected, and by the evening Kaspersky Lab announced that the number of victims worldwide was in the thousands. The virus spreads on Windows systems, but the exact mechanism of its operation is not yet known, a Doctor Web representative said. Microsoft is aware of the situation and is conducting an investigation, a company spokesman said.
Attack on oil
In the afternoon, the largest Russian oil company, Rosneft, reported on its Twitter account about a powerful hacker attack on the company’s servers, without providing details. One of the employees of Bashneft (controlled by Rosneft), on condition of anonymity, told Vedomosti about the attack: “The virus initially disabled access to the portal, to the internal messenger Skype for business, to MS Exchange - they did not attach any significance, they thought it was just a network failure , then the computer rebooted with an error. The hard drive died, the next reboot showed a red screen.” According to him, employees were ordered to turn off their computers. The information that the virus affected Bashneft was confirmed by two sources close to the company. A hacker attack could lead to serious consequences, however, due to the fact that the company switched to a backup system for managing production processes, neither oil production nor oil preparation was stopped, a Rosneft representative said.
New victims
Late in the evening, the Bank of Russia reported that several Russian banks had been infected. The disruption due to a cyber attack was confirmed by the Russian Home Credit Bank (HKF-Bank). The bank stressed that it had noticed signs of instability and decided to conduct a review of all security systems. HCF Bank branches were open, but operated in advisory mode; ATMs and call centers continued to operate. The HCF Bank website was unavailable. A Vedomosti correspondent paid twice for the services of one of the mobile operators via the Internet using a HCF Bank card. The Russian Home Credit Bank confirmed the disruption due to a cyber attack. The Home Credit Bank admitted that it does not carry out operations due to cyber attacks, it does not work. his website and 3D secure
The payments went through, the 3-D Secure protocol did not work - the bank client did not receive an SMS with a transaction confirmation code. At the Russian office of Royal Canin (a division of Mars), difficulties arose with IT systems, a company representative said. Evraz was also subject to a hacker attack, but its main production facilities continued to operate and there was no threat to employees or businesses, a company representative said. The virus attack affected offices in Europe (including Russia and Ukraine), a representative of the confectionery manufacturer Mondelez confirmed. World Tour
Although Russia and Ukraine have recorded the most incidents, the virus is also active in other countries, said Vyacheslav Zakorzhevsky, head of the anti-virus research department at Kaspersky Lab. It is unlikely that a self-propagating virus can be configured so that it affects only certain countries, the representative of Doctor Web agrees.
The cyberattacks were carried out simultaneously in different European countries, and with the start of the working day, several messages were received in the United States from there, The Wall Street Journal wrote at about 18.00 Moscow time. Danish shipping company A.P. Moller-Maersk, owner of the world's largest sea container carrier Maersk Line, said computer systems in many of its divisions and regions stopped working. The IT systems of several companies belonging to the British advertising conglomerate WPP Group were subjected to a cyber attack. The attack was also reported by major law firm DLA Piper and French construction company Saint Gobain, whose spokesman told the Financial Times it had "isolated its computer systems to protect data."
The virus wishes to remain anonymous
This is the second case of a global ransomware attack in the last two months. In mid-May, a wave of infections with the WannaCry ransomware occurred around the world. The virus infected computers that had not installed the operating system update Windows systems. During the hacker attack, WannaCry infected up to 300,000 computers in more than 70 countries and encrypted the information on them, making it unusable. In Russia, in particular, Megafon and the Ministry of Internal Affairs were attacked.
One of the reasons for the “popularity” of ransomware is the simplicity of the business model, explained Alexander Gostev, chief antivirus expert at Kaspersky Lab. According to him, if a virus manages to penetrate the system, then there is practically no chance of getting rid of it without losing personal data. Bitcoin ransom also plays into the hands of scammers: payment is anonymous and almost impossible to track, he explains. Moreover, unlocking the computer after paying the ransom is not at all guaranteed, notes Sergei Nikitin, deputy head of the Group-IB computer forensics laboratory.
Initially, the virus was identified as the already known Petya ransomware, but experts soon disagreed on the diagnosis. Kaspersky Lab isolated it as a separate strain; a Doctor Web representative last night considered it either a modification of Petya or something else. Nikitin thinks that we are talking about a modification of Petya, which is distributed in the mailing list and to activate it, just open the attachment in the letter received by mail. As soon as one person clicks on the link, the infection spreads throughout the enterprise’s internal network, explains the author of the Cybersecurity telegram channel, Alexander Litreev. But the method of spreading the new threat differs from the standard scheme used by Petya, a Doctor Web representative notes. The new virus has nothing to do with the sensational WannaCry virus; Nikitin and Zakorzhevsky agree. However, it is impossible to decrypt the files that the ransomware likes on your own.
How to avoid infection
To avoid infecting your computer with a virus, a Doctor Web representative advises not to open suspicious emails, create backup copies of important data, install security updates for software and use an antivirus. A Kaspersky Lab representative also reminds its users to check if their antivirus is enabled. Also, using the AppLocker program, you need to block a file called perfc.dat, advises Kaspersky Lab. To stop the spread of the virus, companies need to close TCP ports (data distribution protocol over the network) 1024-1035, 135 and 445, Group-IB reported.
Pavel KANTYSHEV, Vitaly PETLEVOY, Elizaveta SERGINA, Mikhail OVERCHENKO