Hackers, extortionists, blocking tens of thousands of computers in companies and institutions around the world, used the modified program of the us national security Agency (NSA), reports the website Politico. Most infections were observed in Russia was affected, among other things, the computers of the Ministry of interior. The virus has blocked system in more than 70 countries. The most resonant messages have come from Britain: the ransomware has infected the computers in hospitals that have been forced to refuse patients.
According to Politico, to attack the hackers used a modified software of the national security Agency, which in April, leaks have hit the Internet. The group published its hackers called themselves the Shadow Brokers. Who now uses malicious code is unclear.
About using code NSA also writes in his Twitter , Edward Snowden is a former employee of the Department, taking refuge in Russia after the promulgation of the data about the electronic surveillance Agency.
We are talking about the virus WCry, also known as WannaCry and WannaCryptor. Its meaning lies in the theft of the archives, it encrypts files on the computer and requires the victim ransom in bitcoins for the ability to recover data. In some cases unlocking was required to transfer an amount equal to $ 300, others $ 600. The virus exploits a vulnerability in the Windows operating system “patch” for which the Creator of the OS Microsoft released in March. Were infected computers that have not installed the patch.
According to Kaspersky Lab, most of the infections in Russia, Ukraine, India, and Taiwan.
According to”Kommersant”, the Ministry of interior contamination covered about 1000 computers. The attack was so powerful that the time was not working even the official websites of the interior Ministry, for example in Moscow, Kaluga, Lipetsk and Penza regions. The problem was in the Central site office. After the job is recovered, the sites were running line: “Dear visitors, we apologize for the inconvenience when working with the website, technical work is underway”. Media reported about the contamination and the Investigation Committee, but there it was denied. Online resources the TFR worked without a hitch.
British media have linked the activities of the Shadow Brokers with Russia
Another version of the events recounts the British The Telegraph, which talks about a “Russian trace” in the cyber attack.
The newspaper reminds that the day after the missile strikes the US on the Syrian airfield the group published a “warning” Trump, condemning the decision. And yet a week later, April 14, Shadow Brokers made hacker attack, using the code the NSA. This program is supposed to have been used in the recent attacks.
According to the newspaper, “some experts” suggest that this sequence of events is not accidental, and tie the activities of the group with Russia. In addition, the publication provides nothing that would confirm such a “connection”, says RIA “Novosti”.