Day 12 may hackers launched virus which in different parts of the world began to incapacitate computers and demand a ransom to return them to normal operation. Initially became aware of the fact that the virus had infected computers in hospitals in the UK. He then began to spread to other countries. In Russia suffered at least the company “MegaFon” and the network of the Ministry of interior.
The virus has already penetrated the computers of Britain, Belgium, Germany, France, Portugal, Spain, China, USA, Russia, Brazil, Ukraine, Italy, India, Taiwan, Czech Republic, Kuwait, Turkey, Canada, South Africa, Sri Lanka, Kazakhstan, Thailand and other countries. Experts believe that the list may indicate up to 75 States.
Antivirus Avast registered 57 thousand infections around the world. Anti-virus company “Kaspersky Lab” recorded around 45 thousand attempts to infect cryptography program in 74 countries around the world. Professionals reportedthat the greatest number of attempts of infiltrations is observed in Russia.
– “Kaspersky lab” revealed the highest degree of infection world virus WCry in Russia
– The interior Ministry confirmed the infection of the computers of the office with a virus-extortioner
– Microsoft has built into Windows for additional protection from the virus-the extortioner WCry
We are talking about the virus WCry, also known as WannaCry and WannaCryptor. Its meaning lies in the theft of the archives, it encrypts files on the computer and requires the victim ransom in bitcoins for the ability to recover data. In some cases, required to transfer an amount equal to $ 300, others $ 600. Close to midnight Moscow time, the publication of “Medusa” reported that the fraudsters managed to earn their victims a minimum of 3.5 bitcoin, at the rate of 22 hours is slightly more than six thousand dollars.
An early version of the virus that only worked on Windows, it became known in February 2017. According to Motherboard, the vulnerability on computers that uses a virus similar to one which was used by the national security Agency USA for information about users. For the last time, the hackers posted several ready-made tools of the NSA to use such vulnerabilities. It is expected that other hackers used them to create virus-extortionist.
On approval of “Medusa”, the question of targeted hacking attack is not. “The virus only works on Windows – it uses a vulnerability in the operating system and apply it blindly: that is, do not choose the victims, and infects those who are not protected”, – the newspaper writes.
Microsoft closed the vulnerability used by the virus in March 2017. On the manufacturer’s website Windows published a report calling updated. All who were infected, apparently not followed the advice.
Marco Aguilar (@Avas_Marco) 12 may 2017
First, the virus began to spread in Britain
It all started with attacks on hospitals in the UK. It was reported that in several regions of the country went down the phones and computers. In connection with the technical problems of the medical institution was forced to limit acceptance of patients who did not require urgent assistance.
Technical failure was recorded on the computers not only in London but also in other cities of the Kingdom, reports the BBC. Officials of the National health system (NHS) almost immediately acknowledged the failure of the technology in hospitals.
According to The Guardian, on your devices started to receive texts from ransom to resume. Similar failure was reported by at least 16 institutions located in London, Nottingham, Cumbria, Hertfordshire and other cities.
Initially it was assumed that the hackers operate by hand and can steal patient data. However, in the NHS stated that information on the health status of patients was not kidnapped.
Thus then there were fears that a cyber attack could affect the operation of x-ray machines, the results of tests to identify pathologies, as well as system administration of patients, but formally, these assumptions are not confirmed.
Among the medical centers to devices which have penetrated the virus, two of the largest hospitals in London – the Royal London Hospital and St Bartholomew’s, said the BBC Russian service.
The virus then spread to other countries, including Russia. The first of the outages reported by the company “MegaFon”. Its employees anonymously told “the Medusa”, it was “same attack” and UK hospitals. Infected computers were blocked, they were messages demanding ransom.
“We have computers infected with a virus. Quite a lot of them. The number is difficult to estimate, we have a huge company. We disconnected the network, it should not spread. Can’t say exactly when the attack started on us. Around the second half of the day. Hard to say in which regions”, – told the “Medusa” Director of public relations Peter Lidov.
In addition, the attack targeted the computers of the Ministry of interior. According to Varlamov.ruwe are talking about infected internal computer systems of the Department. The source of”media zones” reported that “we are talking about offices in several regions”.
In particular, infection by computer virus ransomware in General Directorate of Ministry of internal Affairs of the Kaluga region reported the website “NG-Region”.
On the website of GU MVD in Moscow there is a warning to users, where offered to “apologize for any inconvenience while working with the website, technical work is underway”.
Later it became known that the virus has spread to computers of the internal network of the Investigative Committee. This was reported by “Newspaper.Ru”, but the Department is not confirmed. “Any hacker attacks on the resources of the Investigative Committee was not. Everything works in a regular mode”, – told TASS representative of the Investigative Committee, Svetlana Petrenko.
The home Ministry also initially denied the defeat of the computers, but then confirmed. “Any hacker attacks is not fixed. As of 20:00 Moscow time, a unified system of information-analytical maintenance of activity of the Agency has not been compromised,” – said the police. After the official representative of Department Irina the Wolf still confirmed information about the infection.
At the same time began to receive messages about the attack on telecommunications giant in Spain Telefonica
According to preliminary information, the handwriting of the attackers in the attack on the Spanish telecommunications company Telefonica is similar to crashing in the UK. In Spain on devices that were disabled also reported ransom to resume.
As noted by Reuters, Spain’s attack has not affected the operation of services and operators. The Telefonica representative said that the virus has infected several computers that were connected to the internal network. Subscribers Telefonica did not notice the effects of an attack, the company said.
In Portugal, the attack was carried out on a telecommunication company Portugal Telecom
In Portugal there was an attack on the servers and devices of the telecommunications company Portugal Telecom. However, the spokesperson of the company has said that the activities of the Portugal Telecom services the damage is not affected.
“We were the target of the attack, which takes place across Europe, large-scale attack. But none of our services were not damaged,” – said in Portugal Telecom. The company assured that cooperate with law enforcement to help them in apprehending hackers.
Romania has reflected the anti-government hacker attack
Meanwhile, the Romanian information service reported that the Bucharest repelled an attempt cyber attacks against the Romanian government institutions.
“There were attempted cyber attacks against the Romanian government departments, conducted most likely by criminals who participated previously in other incidents of the same type”, – stated in the message (quoted by TASS).
“Thanks to effective interagency cooperation implementation of the attack and damage have been warned, and also identified goals and methodology of the attack,” – said in Bucharest.
In Romania claim that, “most likely, an attempt was made by the organization associated with classification of cybercrime APT28/Fancy Bear.
Thus, according to journalists, the foreign Ministry of Romania received an email with an attachment containing spyware, which is installed on the recipient’s computer when the attachment is opened.