Virus-extortionist paralyzed tens of thousands of Windows around the world

The Trojan blocks access to files until the victim pays the ransom


The Network is gaining momentum scale virus epidemic. The attack by the virus-the extortioner was infected tens of thousands of Windows computers around the world. The Trojan blocks access to files until the victim pays the ransom.

Experts on IT security have linked the attack with a Trojan WanaCrypt0r 2.0 (WCry). Once in, the malware encrypts the user files (Office documents, zip and rar archives, images, Photoshop, and so on) and change the extension on .WNCRY, making them unreadable. To remove the lock you can use the decryption — its creators WCry require to buy for a certain sum in bitcoins.

Data on infection with a virus-extortionist come from all over the world. As reported in the blog of antivirus company Avast, attack WCry experienced at least 50 thousand computers. Leaders in the number of infections in Russia, Ukraine, UK, USA, Spain, Italy and Vietnam.

In Russia WCry paralyzed the servers of the Ministry of internal Affairs, Investigative Committee and “MegaFon”.

In Europe, the Trojan managed to hit one of the largest telecommunications companies Telefonica, the Spanish electricity producer Iberdrola, gas supplier, Gas Natural, service, Express delivery company FedEx, as well as the computers of the health care system in the UK.

“On the screen appears a message requesting to transfer the equivalent of $300 in bitcoins to the Bitcoin wallet. To skip this screen can not” — said the employee of one of the English hospitals. According to her, WCry gives you three days to pay the ransom, after which the amount will be doubled. But if the user does not fulfill the terms of extortionists for seven days, the files will be lost forever.

In Avast saying that for the first time WCry was seen in February. WanaCrypt0r 2.0 is the improved version which has been translated into 28 languages, including Russian, Bulgarian and Vietnamese. Apparently, the malware gets on Windows-computers using exploit ETERNALBLUE (MS17-010) created by the Equation Group cybergraphics. This organization, write to Avast, attributed to a close relationship with the American national security Agency (NSA).

Burglary tool, developed by the Equation previously stole another hacker group — ShadowBrokers, and posted them in open access. According to experts, these tools and took advantage of the cyber criminals behind WCry. Also they were involved vulnerability in Server Message Block (SMB) Protocol in Windows that is responsible for sharing files on the network.

The Trojan is detected by antivirus software such as Avast and “Kaspersky Lab” (there should be included a component of “Monitoring system”), but a utility that would unlock encrypted WCry files, not yet released.

We will remind, Turchynov will be responsible for the implementation of the NSDC decision on cybersecurity.