Computer virus around the world. The most dangerous and famous computer viruses. How to avoid infection

Yesterday, an epidemic of a new computer encryption virus began. It mainly affected the work of Russian and Ukrainian organizations, but also affected companies from other countries of the world. The virus warns users that all their files are encrypted, and attempts to recover them on their own are useless. The ransomware virus requires the transfer of $300 in Bitcoin cryptocurrency in exchange for unlocking access.

According to information from the Group-IB company (fighting cybercrime), during the day more than 100 companies in the CIS were affected, and by the evening Kaspersky Lab announced that the number of victims worldwide was in the thousands. The virus spreads on Windows systems, but the exact mechanism of its operation is not yet known, a Doctor Web representative said. Microsoft is aware of the situation and is conducting an investigation, a company spokesman said.

Attack on oil

In the afternoon, the largest Russian oil company, Rosneft, reported on its Twitter account about a powerful hacker attack on the company’s servers, without providing details. One of the employees of Bashneft (controlled by Rosneft), on condition of anonymity, told Vedomosti about the attack: “The virus initially disabled access to the portal, to the internal messenger Skype for business, to MS Exchange - they did not attach any significance, they thought it was just a network failure , then the computer rebooted with an error. The hard drive died, the next reboot already showed a red screen.” According to him, employees were ordered to turn off their computers. The information that the virus affected Bashneft was confirmed by two sources close to the company. A hacker attack could lead to serious consequences, however, due to the fact that the company switched to a backup system for managing production processes, neither oil production nor oil preparation was stopped, a Rosneft representative said.

How to avoid infection

To avoid infecting your computer with a virus, a Doctor Web representative advises not to open suspicious emails, create backup copies of important data, install security updates for software and use an antivirus. A Kaspersky Lab representative also reminds its users to check if their antivirus is enabled. Also, using the AppLocker program, you need to block a file called perfc.dat, advises Kaspersky Lab. To stop the spread of the virus, companies need to close TCP ports (data distribution protocol over the network) 1024-1035, 135 and 445, Group-IB reported.

New victims

Late in the evening, the Bank of Russia reported that several Russian banks had been infected. The disruption due to a cyber attack was confirmed by the Russian Home Credit Bank (HKF-Bank). The bank emphasized that it had noticed signs of instability and decided to conduct a review of all security systems. HCF Bank branches were open, but operated in advisory mode; ATMs and call centers continued to operate. The HCF Bank website was unavailable. A Vedomosti correspondent paid twice for the services of one of the mobile operators via the Internet using an HCF Bank card.

The payments went through, the 3-D Secure protocol did not work - the bank client did not receive an SMS with a transaction confirmation code. At the Russian office of Royal Canin (a division of Mars), difficulties arose with IT systems, a company representative said. Evraz was also subject to a hacker attack, but its main production facilities continued to operate and there was no threat to employees or businesses, a company representative said. The virus attack affected offices in Europe (including Russia and Ukraine), a representative of the confectionery manufacturer Mondelez confirmed.

World Tour

Although Russia and Ukraine have recorded the most incidents, the virus is also active in other countries, said Vyacheslav Zakorzhevsky, head of the anti-virus research department at Kaspersky Lab. It is unlikely that a self-propagating virus can be configured so that it affects only certain countries, the representative of Doctor Web agrees.

The virus wishes to remain anonymous

This is the second case of a global ransomware attack in the last two months. In mid-May, a wave of infections with the WannaCry ransomware occurred around the world. The virus infected computers that had not installed the Windows operating system update. During the hacker attack, WannaCry infected up to 300,000 computers in more than 70 countries and encrypted the information on them, making it unusable. In Russia, in particular, Megafon and the Ministry of Internal Affairs were attacked.

VILNIUS, May 13 - Sputnik, Georgy Voronov. A ransomware virus has infected computers around the world.

It all started in Spain, but the uproar arose after a cyber attack on British medical institutions, because the computers of hospitals and clinics were hacked there, and there was a danger to people's lives.

This virus, one of the so-called crypto-viruses or encryptors, encrypts any files, and reverse decryption is possible for a fee. We are talking about the WCry ransomware virus, also known as WannaCry (Wanna Decryptor) or WannaCrypt0r 2.0. He encrypts the information on the computer and demands a ransom of $300 to $600 in Bitcoin for decryption.

According to the influential group of cybersecurity experts MalwareHunterTeam, servers in Russia and Taiwan suffered the most as a result of the virus attack. Computer systems in the UK, Spain, Italy, Germany, Portugal, Turkey, Ukraine, Kazakhstan, Indonesia, Vietnam, Japan and the Philippines were also hit hard.

Capture history

“The new virus is spreading at a hellish rate,” MalwareHunterTeam researchers report.

Avast antivirus recorded 57 thousand hacker attacks using the WannaCry virus on Friday, the company’s blog reports. This virus was noticed by company specialists back in February, but on Friday the mass distribution of a new version of the hacker program began.

In turn, Kaspersky Lab on Friday recorded 45 thousand hacker attacks in 74 countries around the world using the WannaCry virus, with the largest number of infection attempts occurring in Russia. The computers of the largest companies and federal ministries, including Sberbank, Megafon, the Ministry of Internal Affairs and the Ministry of Emergency Situations, were attacked.

Who is guilty?

The US has offered international assistance to combat virus attacks. The US Department of Homeland Security (DHS) has announced its readiness to provide technical support and assistance in the fight against the WannaCry ransomware. The statement notes that a patch was released in March to address the vulnerability to the virus. Installing the patch helps protect the operating system from this threat, the ministry said.

“We are actively sharing information related to this event and stand ready to provide technical support and assistance as needed to our partners both in the United States and internationally,” the statement said.

Meanwhile, former US intelligence officer Edward Snowden wrote on Twitter that a computer virus originally developed by the US National Security Agency (NSA) could have been used in the global hacker attack on Friday.

"The NSA's decision to create tools to attack American software now threatens the lives of patients in hospitals," Snowden said. "Despite warnings, the NSA developed such tools. Today we see the cost."

Protect yourself

Experts note that those computers that are not updated are vulnerable. In fact, if you keep your Windows up to date, there won't be any problems. In cases of infection, a very large percentage is the human factor.

Such crypto-viruses are mainly distributed in the form of electronic messages. They can be received from acquaintances whose computers have been hacked, or from strangers. The letters contain an attachment.

There are two ways of infection. In one case, it's an Excel file, basically a zip file, people open the email attachment and a process immediately starts that encrypts the files. The second option is macros. The Microsoft Office program has so-called macros that work in Word or Excel. These are, so to speak, additional programs. Now, if you launch a "Word" file, you are asked: does the file contain macros, should I activate it? You click "Ok" and the macros start loading viruses."

If you do not open attachments received from strangers, as well as unusual files received from friends, then infection with a crypto virus is unlikely to occur.

Attack on oil

New victims

The cyberattacks were carried out simultaneously in different European countries, and as the working day began, several messages were received in the United States from there as well, The Wall Street Journal wrote at about 6 p.m. Moscow time. Danish shipping company A.P. Moller-Maersk, owner of the world's largest sea container carrier Maersk Line, said computer systems in many of its divisions and regions stopped working. The IT systems of several companies belonging to the British advertising conglomerate WPP Group were subjected to a cyber attack. The attack was also reported by major law firm DLA Piper and French construction company Saint Gobain, whose spokesman told the Financial Times it had "isolated its computer systems to protect data."

The virus wishes to remain anonymous

One of the reasons for the “popularity” of ransomware is the simplicity of the business model, explained Alexander Gostev, chief antivirus expert at Kaspersky Lab. According to him, if a virus manages to penetrate the system, then there is practically no chance of getting rid of it without losing personal data. Bitcoin ransom also plays into the hands of scammers: payment is anonymous and almost impossible to track, he explains. Moreover, unlocking the computer after paying the ransom is not at all guaranteed, notes Sergei Nikitin, deputy head of the Group-IB computer forensics laboratory.

Initially, the virus was identified as the already known Petya ransomware, but experts soon disagreed on the diagnosis. Kaspersky Lab isolated it as a separate strain; a Doctor Web representative last night considered it either a modification of Petya or something else. Nikitin thinks that we are talking about a modification of Petya, which is distributed in the mailing list and to activate it, just open the attachment in the letter received by mail. As soon as one person clicks on the link, the infection spreads throughout the enterprise’s internal network, explains the author of the Cybersecurity telegram channel, Alexander Litreev. But the method of spreading the new threat differs from the standard scheme used by Petya, a Doctor Web representative notes. The new virus has nothing to do with the sensational WannaCry virus; Nikitin and Zakorzhevsky agree. However, it is impossible to decrypt the files that the ransomware likes on your own.

How to avoid infection

Pavel KANTYSHEV, Vitaly PETLEVOY, Elizaveta SERGINA, Mikhail OVERCHENKO

The disruptions in the work of the traffic police departments have been eliminated. This was stated by the press service of the Ministry of Internal Affairs. Earlier it became known that in a number of Russian regions, in particular, a problem arose with the issuance of driver’s licenses. The computers of ministry employees were infected with a virus that quickly spread throughout the world.

In Russia, in addition to the Ministry of Internal Affairs, the malicious program penetrated the networks of the Ministry of Emergency Situations, Russian Railways, Sberbank, and Megafon. In general, by this minute, companies and departments report that the problem has been localized or resolved. And Microsoft took extraordinary measures: it released an emergency update that eliminates vulnerabilities not only for the latest operating systems, but also for outdated Windows XP. It has not been officially supported since 2014, although it is still very popular.

British doctors have called their work in the last 24 hours a return to the paper age. If possible, planned medical procedures are postponed for several days, and care is given first to emergency patients. Until now, it has not been possible to completely restore the operation of the computers that kept patient records, test results, and much more. The cause was the WCry virus - an abbreviation for the English Wanna Cry (translated as “I want to cry”).

It soon became clear that such emotions were not only experienced in Britain. Then there were reports that the virus had infected the computers of the Spanish telecommunications giant Telefonica, then spread to France, Germany, Italy, and Romania. A malicious program spread across the planet like wildfire.

“We are actually watching a cyber apocalypse scenario unfold today. Alarming developments affect the entire industry. In the last 24 hours alone, 45,000 systems in 74 countries have been infected,” said computer security expert Varun Badhwar.

Each system is sometimes not even hundreds, but thousands of computers. On the screens of each of them, users saw a message translated into dozens of languages. It says that all information on the computer is encrypted, and you must pay for decryption and the ability to continue working. Depending on the country - 300 or 600 dollars.

Similar ransomware viruses have been known for many years, however, if previously ordinary users encountered this more often, now the main blow has fallen primarily on organizations that, without exaggeration, are of strategic importance for each country.

“It’s clear that they hit the most critical ones. And it is clear that criminals will always look for the most vulnerable points, that is, those who will really pay. And this simply speaks of cynicism,” said Adviser to the Russian President on Internet Development German Klimenko.

Russia is also among the victims. Just the day before, the first data appeared that a malicious program had penetrated the computers of the Ministry of Internal Affairs. Reports of the consequences of failures came from different regions. Thus, in Zhukovsky near Moscow, according to the testimonies of visitors, the computers in the passport office did not work the day before. Several cities at once had to temporarily suspend the issuance and replacement of driver's licenses and car license plates.

“At the moment the virus has been localized. Technical work is being carried out to destroy it. Leakage of official information from the information resources of the Ministry of Internal Affairs is completely excluded,” said official representative of the Russian Ministry of Internal Affairs Irina Volk.

The programmers and the information center of Russian Railways are in a rush. The virus has penetrated there too. The extent of the problem is not known, but it is known that some passengers encountered inconvenience when issuing tickets online.

“The virus is currently contained. There were no technological failures within the network. Accordingly, this virus attack did not affect the transportation of goods and passengers. There is no security threat,” said Russian Railways spokeswoman Ekaterina Gerasimova.

Large Russian companies such as Megafon and Yota also encountered problems. Obviously, there are many more victims, but most prefer not to talk about it. Most companies restore systems from so-called database backups, which are periodically stored on special servers.

Meanwhile, law enforcement agencies in different countries are trying to get on the trail of the hackers who organized the attack around the world. Although this is extremely difficult to do. After all, it is still not clear from which country the virus was launched. The British newspaper The Telegraph, however, has already rushed to blame the notorious “Russian hackers” for the incident.

However, even Western experts were skeptical about such a pursuit of sensation. After all, the strongest blow of the virus fell precisely on Russia. According to independent antivirus companies, the largest number of infected computers is in our country.

It is also already known that in fact hackers did not come up with anything new. They just used a program that was stolen from the United States National Security Agency. This was reported by former employee of this American intelligence agency Edward Snowden.

From E. Snowden's Twitter: "Wow, the NSA's decision to create tools to attack American software is now putting the lives of hospital patients at risk."

According to Snowden, the hackers merely modified a program that the US National Security Agency used to spy on users around the world.

Intelligence agencies have been exploiting a vulnerability in the Windows operating system for many years. And only recently did Microsoft come to their senses.

“Users of free Microsoft antivirus and an updated version of Windows are protected. Back in March, we added a security update that provides additional protection against a potential attack,” said Microsoft Russia spokeswoman Kristina Davydova.

It is unknown who is now using the secret developments of the American intelligence services. And even if you pay the criminals, the financial trail will lead nowhere. After all, payment for computer resuscitation is accepted exclusively in bitcoins. This is one of the most popular so-called cryptocurrencies today. Not money, but a digital code that is simply impossible to track.

“Why do hackers always ask for bitcoins? As you remember from movies about pirates, they loved gold most of all. Why? Because it is passed from hand to hand. It is impossible to trace how this process takes place. The same thing happens with modern pirates and hackers. They always want to get bitcoins because it is an uncontrolled way of exchanging value,” says Internet technology specialist Grigory Bakunov.

In any case, digital technology experts still advise not to pay extortionists. Firstly, there is no guarantee that they will not be deceived, and then, if you pay once, then in the future, most likely, you will have to pay more.

Antivirus companies promise to release protection before the start of the new work week. The message about the first success has already come from the same Britain. One of the programmers completely accidentally managed to stop the spread of the virus.