The "most dangerous in history" computer virus has appeared on the Internet. What is a computer virus? Just about the difficult & nbsp How to avoid infection

Broadcast

From the beginning From the end

Do not update Update

This concludes Gazeta.Ru online reporting. Thank you for being with us. Today, 74 countries around the world are facing one of the largest hacker attacks in the world. Fraudsters blocked computers and asked for a ransom in cryptocurrency. The amount, according to various sources, ranges from 300 to 600 dollars.

The most affected country was Russia. Ukraine, Japan, India and other countries were also seriously affected.

Take care of yourself and your information. Update your Windows and keep the world safe.

We continue to monitor developments. Stay with us.

Previously, similar messages came from Spain. Now the Russians have stepped up.

It seems to be written and understandable, but still somehow not in Russian. This means that the software was written at least not by Spaniards and not by Russians.

The Russian Emergencies Ministry also reported attempts to attack their computers. Nothing happened to the hackers.

“All attempts of virus attacks on computers were blocked, not a single computer was infected. All Internet resources of the Ministry of Emergency Situations of Russia are working as usual," the ministry's press service told TASS.

The hacker attack has really united almost the whole world today. Yes, making the network safe, apparently, is our common task.

“And if the NSA creates a tool to attack Windows XP that is no longer supported by Microsoft, and it falls into the hands of criminals, should the agency itself release a patch?”

“This is a special case. If the NSA had notified the vulnerabilities found in time, the hospitals would have had years - not even months - to prepare, ”Snowden continued.

The network was actively interested in what Edward Snowden thinks on this issue. That's what.

“Wow, the NSA has created tools to hack American software that ends up threatening the lives of hundreds of patients,” writes former National Security Agency official Edward Snowden.

The Ministry of Internal Affairs of the Russian Federation admitted that on Friday the department's computers were still subjected to a virus attack. According to Interior Ministry spokeswoman Irina Volk, less than 1% of computers were infected. All managed to track and localize in time. “The Department of Information Technologies, Communications and Information Protection of the Ministry of Internal Affairs of Russia recorded a virus attack on the department’s personal computers running the Windows operating system. Thanks to timely measures taken, about a thousand infected computers were blocked, which is less than 1%, ”Volk quotes TASS.

By the way, experts say that the easiest way to protect yourself from an attack is to close port 445.

Just a couple of weeks ago, "Gazeta.Ru" in its material that the number of hacker attacks with extortion on the Internet has doubled over the past year. This is evidenced by the annual report on cybercrime from the telecommunications company Verizon.

The diagram clearly shows that Russia is experiencing the greatest problems with the attack. Following are Ukraine and India, however, by a very large margin.

Remarkably, the UK, where netizens reacted most acutely to the attack, did not even make the top 20 most affected countries.

Then there was a cool video graphics, which shows how fast and where the virus was spreading. Apparently, the United States and China were the first to be attacked. Russia was "connected" very soon. And, apparently, the first attack was made, as expected, on computers in Moscow. You can see the interactive map itself.

ESET Russia, however, says that the virus just exploits the vulnerability of most versions of Microsoft. “When the vulnerability is exploited, a network encoder is launched, and decrypting files is almost impossible. The way to protect yourself from this virus is to update the OS,” Vitaly Zemskikh, Head of Sales Support at ESET Russia, told Gazeta.Ru. By the way, the interlocutor confirmed that with the March update of the MS17010 OS, everything is “fixed” as it should.

And here is another comment from Microsoft. Company representatives say that the gap that the scammers took advantage of today, Windows just closed on March 14, along with the update. Those who from that moment still saw the inscription “System update in progress”, as they say in the company, are safe.

Various media around the world write that telecommunications systems and hospitals have become the main targets of cybercriminals.

Microsoft said that users with free antivirus software and the Windows system update feature turned on will be protected from attacks. Sky News writes about it. Users of the good old "Windows" can exhale.

Since it is relevant, here are the most basic computer security rules. 1. Update installed anti-virus programs on a strictly scheduled basis.

2. Pay attention to what files you download from mail to your work and home computers.

3. It is best if only you use your computer, whether at work or at home.

4. Update all applications and programs. Programmers are working to fix security holes in their software. Don't neglect their work.

5. Install antiviruses on mobile devices.

6. Be careful even with sources you trust. They can also be hacked.

7. Combine different antivirus technologies. Not only general scanning, but also scanners for individual, for example, browsers.

8. Have a spare anti-virus program, the software of which is recorded on a separate - "clean" and tested media.

10. And most importantly, if you are suddenly "hacked", do not panic. Most importantly, remember that any problem can be fixed.

Alexei Fedorov, head of Avast's representative office in Russia and the CIS, in an interview with Gazeta.Ru, emphasized that today's attack is one of the largest. “Judging by the specialization of most of the victims who were attacked in the first place (medical facilities), the attackers tried to get to organizations for which prompt access to information and the correct operation of the IT infrastructure are literally a matter of life and death. Accordingly, they will be ready to quickly pay extortionists money in order to restore the efficiency of their infrastructure,” Fedorov comments on the situation.

He also stated that "the cynicism and the scale of the activities of computer intruders are growing." “We are dealing with a well-coordinated international-level attack,” added an Avast spokesman and advised PC users to strictly adhere to computer security rules.

On Twitter they write that WannaCry breaks when there are no files. They also write that the program supports 28 languages. We remind you that attacks were recorded in 74 countries.

Ransomeware WannaCry is a malicious virus that enters the victim's computer and encrypts or blocks all files and data on it, offering to pay a ransom for decryption, a Check Point Software Technologies security consultant told Gazeta.Ru. “Ransomware is now truly becoming one of the most critical threats: according to Check Point, in the second half of 2016, it was repeatedly in the top 3 most active malware for attacks around the world. To deliver them, attackers use phishing, spam mailings, and other tools. The danger is that many prefer to pay a ransom, thereby encouraging attackers to continue using this technique, ”the expert said.

By the way, which country's computers were the first to be attacked is also unclear. Everything happens at a fast pace.

But the Financial Times already has some idea about the nature of the virus. The newspaper writes that WannaCry is a modified malware of the US National Security Agency Eternal Blue. The program spreads the virus through file sharing protocols that are installed on the computers of many organizations around the world. They write that the virus is spreading at some surprisingly high speed.

Viruses, Trojans, worms and other malware - these living creatures are always in short supply on the Internet. Let's figure out what a virus is, how it lives and how it harms our computers.

Computer viruses: what is it?

A virus is an independent program that is installed against the will of the user on his computer. The virus installs itself into the software or operating system, damages the software, and then continues to spread throughout the system. The human biological virus does the same thing, and it causes disease, hence the name.

The word "virus" is often used by both ordinary users and professionals to refer to any type of malware. However, a virus in the classical sense is precisely a pest that breaks a PC, disrupting its normal operation.

A computer virus can be "caught" in different ways. For example, web pages and email attachments can be used to directly launch a virus into a system. Often the virus is embedded in a program downloaded from the Internet, which "releases" the virus into the wild after you install it.

When a virus is launched, it infects many files, that is, copies its malicious code into them in order to exist on the computer for as long as possible. Both simple Word documents and scripts, program libraries and all other files on your computer can be at risk.

What damage does a computer virus cause?

Viruses can cause a variety of harms. In most cases, they delete files or permanently damage them. If this happens to an important system file, you will not be able to start the operating system after infection. Damage to physical hardware is also possible, but is quite rare. For example, among other things, the virus can overclock the video card, causing it to overheat and lead to failure.

How to recognize viruses?

A real virus, written by a professional, prevents the user from knowing that the computer is infected. Or the user may only realize it when it's too late.

However, there are a few tips: If your computer suddenly becomes noticeably slower, this may be a sign of a virus.

A virus scanner will help you find and remove a virus. There are many free programs to scan your computer for viruses.

Antivirus software or a virus scanner at the network connection level can help you prevent a virus from entering your PC. In the following article, we will talk about the best antivirus software for the Windows operating system and which antivirus is the most productive.

You can read about mobile antiviruses for Android in our review.

Failures in the work of the traffic police units have been eliminated. This was stated in the press service of the Ministry of Internal Affairs. Earlier it became known that in a number of Russian regions there was, in particular, a problem with the issuance of driver's licenses. The computers of the ministry's employees were infected with a virus that rapidly spread throughout the world.

In Russia, in addition to the Ministry of Internal Affairs, the malware penetrated the networks of the Ministry of Emergency Situations, Russian Railways, Sberbank, and MegaFon. In general, companies and departments report localization or elimination of the problem by this minute. And Microsoft went to extreme measures: released an emergency update that eliminates vulnerabilities not only for the latest operating systems, but also for the outdated Windows XP. It has not been officially supported since 2014, although it is still very popular.

British doctors call their work a return to the paper age in the last 24 hours. Planned medical procedures are postponed for a few days if possible, assistance is provided primarily to emergency patients. Until now, it has not been possible to fully restore the operation of computers in which patients were recorded, test results, and much more. The reason was the WCry virus - an abbreviation for the English Wanna Cry (translated as "I want to cry").

It soon became clear that such emotions are experienced not only in Britain. Then there were reports that the virus hit the computers of the Spanish telecommunications giant Telefonica, then spread to France, Germany, Italy, and Romania. The malicious program spread across the planet at the speed of a forest fire.

“We are actually watching the cyber apocalypse scenario unfold today. Alarming developments affect the entire industry. In the last 24 hours alone, 45,000 systems in 74 countries have been infected,” said computer security expert Varun Badhwar.

Each system is sometimes not even hundreds, but thousands of computers. On the screens of each of them, users saw a message translated into dozens of languages. It says that all information on the computer is encrypted, and you must pay for decryption and the ability to continue working. Depending on the country - 300 or 600 dollars.

Such ransomware viruses have been known for many years, however, if ordinary users were more likely to encounter this before, now the main blow has fallen primarily on organizations that are, without exaggeration, of strategic importance for each country.

“It is clear that they hit the most critical. And it is clear that criminals will always look for the most vulnerable points, that is, those who will really pay. And this simply speaks of cynicism,” said Herman Klimenko, adviser to the President of Russia on the development of the Internet.

Russia is among the victims. The day before, the first evidence appeared that a malicious program had penetrated the computers of the Ministry of the Interior. Reports about the consequences of failures came from different regions. So, in Zhukovsky near Moscow, according to the testimonies of visitors, the computers in the passport office did not work the day before. Immediately in several cities, it was necessary to temporarily suspend the issuance and replacement of driver's licenses and car numbers.

“At the moment, the virus is localized. Technical work is underway to destroy it. Leakage of official information from the information resources of the Ministry of Internal Affairs is completely ruled out,” said the official representative of the Russian Ministry of Internal Affairs, Irina Volk.

The programmers and the information center of the Russian Railways are having a rush. The virus got there too. The extent of the problem has not been reported, but some passengers are known to have experienced inconvenience when issuing tickets online.

“Currently, the virus is localized. There were no technological failures within the network. Accordingly, this virus attack did not affect the transportation of goods and passengers. There is no security threat,” Russian Railways spokeswoman Yekaterina Gerasimova said.

Such large Russian companies as Megafon and Yota also faced problems. Obviously, there are many more victims, but most prefer not to talk about it. Most companies restore systems from so-called database backups that are stored periodically on special servers.

Meanwhile, law enforcement agencies in different countries are trying to get on the trail of hackers who organized the attack around the world. Although it is extremely difficult to do so. After all, it is still not clear from which country the virus was launched. The British newspaper The Telegraph, however, hastened to blame the notorious "Russian hackers" for what had happened.

However, even Western experts were skeptical about such a pursuit of a sensation. After all, the strongest blow of the virus just fell on Russia. According to independent anti-virus companies, the largest number of infected computers is in our country.

It is also already known that in fact the hackers did not come up with anything new. They just took advantage of a program that was stolen from the United States National Security Agency. This was announced by a former employee of this American intelligence service, Edward Snowden.

From E. Snowden's Twitter: "Wow, the NSA's decision to create tools to attack American software is now putting the lives of hospital patients at risk."

According to Snowden, the hackers merely modified a program that the US National Security Agency used to spy on users around the world.

Intelligence agencies have exploited a vulnerability in the Windows operating system for many years. And only recently, Microsoft realized it.

“Users of free Microsoft antivirus and an updated version of Windows are protected. Back in March, we added a security update that provides additional protection against a potential attack,” said Kristina Davydova, spokeswoman for Microsoft in Russia.

Who is now using the secret developments of the American intelligence services is unknown. And even if you pay the criminals, the financial trail will lead nowhere. After all, payment for the resuscitation of a computer is accepted exclusively in bitcoins. This is one of the most popular so-called cryptocurrencies today. Not money, but a digital code, which is simply impossible to trace.

“Why do hackers always ask for bitcoin? As you remember from movies about pirates, they loved gold most of all. Why? Because it is passed from hand to hand. It is impossible to trace how this process goes. The same thing happens with modern pirates, hackers. They always want to get bitcoins, because this is an uncontrolled way of exchanging values,” says Internet technology specialist Grigory Bakunov.

In any case, digital experts still advise extortionists not to pay. Firstly, there is no guarantee that they will not be deceived, and then, if you pay once, then in the future, most likely, you will have to pay further.

Antivirus companies promise to release protection before the start of the new working week. The message about the first success has already come from the same Britain. One of the programmers accidentally managed to stop the spread of the virus.

The Anna Kournikova virus got its name for a reason - the recipients thought they were uploading photos of a sexy tennis player. The financial damage from the virus was not the most significant, but the virus became very popular in popular culture, in particular, it is mentioned in one of the episodes of the 2002 series Friends.

2 Sasser (2004)

In April 2004, Microsoft released a patch for the LSASS (Local Security Authentication Server) system service. A little later, a German teenager released the Sasser worm, which exploited this vulnerability on non-updated machines. Numerous variations of the Sasser have appeared on the networks of airlines, transport companies and medical facilities, causing $18 billion in damage.

3 Melissa (1999)

Named after a Florida stripper, the Melissa virus was designed to spread by sending malicious code to the top 50 contacts in the victim's Microsoft Outlook address book. The attack was so successful that the virus infected 20 percent of computers worldwide and caused $80 million in damage.

The creator of the virus, David L. Smith, was arrested by the FBI, spent 20 months in prison and paid a $5,000 fine.

While most of the malware on our list caused trouble, Zeus (aka Zbot) was originally a tool used by an organized crime group.

The Trojan used phishing and keylogging techniques to steal bank accounts from victims. The malware successfully stole $70 million from victims' accounts.

5 Storm Trojan (2007)

Storm Trojan has become one of the fastest growing threats, with three days after its release in January 2007, it reached an 8% infection rate on computers worldwide.

The Trojan created a massive botnet of 1 to 10 million computers, and due to its code change architecture every 10 minutes, Storm Trojan proved to be a very persistent malware.

The ILOVEYOU (Letter of Happiness) worm masqueraded as a text file from a fan.

In fact, the love letter posed a serious danger: in May 2000, the threat spread to 10 percent of computers connected to the network, forcing the CIA to shut down its servers to prevent further spread. Damage is estimated at $15 billion.

7 Sircam (2001)

Like many early malicious scripts, Sircam used social engineering techniques to force users to open an email attachment.

The worm used random Microsoft Office files on the victim's computer, infected them, and sent malicious code to address book contacts. According to a University of Florida study, Sircam caused $3 billion in damage.

8. Nimda (2001)

Released in the wake of the September 11, 2001 attacks, the Nimda worm has been widely attributed to al-Qaeda, but this has never been proven, and even Attorney General John Ashcroft has denied any connection to the terrorist organization.

The threat spread along several vectors and led to the downfall of banking networks, networks of federal courts and other computer networks. Nimda's cleanup costs exceeded $500 million in the first few days.

At just 376 bytes, the SQL Slammer worm contained a lot of destruction in a compact shell. The worm took out the Internet, emergency call centers, 12,000 Bank of America ATMs, and took most of South Korea offline. The worm was also able to disable access to the global web at a nuclear power plant in Ohio.

10 Michaelangelo (1992)

The Michaelangelo virus has spread to a relatively small number of computers and caused little actual damage. However, the concept of a virus that supposed to “blow up the computer” on March 6, 1992 caused mass hysteria among users, which was repeated every year on this date.

11 Code Red (2001)

The Code Red worm, named after a variant of the Mountain Dew drink, infected a third of the Microsoft IIS web server suite after it was released.

He was able to break whitehouse.gov by replacing the main page with the message “Hacked by Chinese!”. The damage from the actions of Code Red around the world is estimated at billions of dollars.

12. Cryptolocker (2014)

On computers infected with Cryptolocker, important files were encrypted and a ransom was required. Users who paid the hackers more than $300 million in bitcoin gained access to the encryption key, the rest lost access to the files forever.

The Sobig.F Trojan infected more than 2 million computers in 2003, paralyzing Air Canada and slowing computer networks around the world. The malware resulted in $37.1 billion in cleanup costs, one of the most expensive recovery campaigns of all time.

14. Skulls.A (2004)

Skulls.A (2004) is a mobile Trojan that infected Nokia 7610 and other SymbOS devices. The malware was designed to change all icons on infected smartphones to the Jolly Roger icon and disable all smartphone functions except for making and receiving calls.

According to F-Secure Skulls.A caused minor damage, but the Trojan was insidious.

15. Stuxnet (2009)

Stuxnet is one of the most famous cyber warfare viruses. Created as a joint effort between Israel and the United States, Stuxnet targeted Iran's uranium enrichment systems.

Infected computers controlled the centrifuges until they were physically destroyed, and informed the operator that all operations were proceeding normally.

In April 2004, MyDoom was named by TechRepublic as the “worst infection of all time,” for good reason. The worm increased page loading times by 50 percent, blocked infected computers from accessing anti-virus software sites, and launched attacks against computer giant Microsoft, causing service denials.

The MyDoom cleanup campaign cost $40 billion.

17. Netsky (2004)

The Netsky worm, created by the same teenager who developed Sasser, roamed the world via email attachments. The P version of Netsky was the most prevalent worm in the world two years after it was launched in February 2004.

18. Conficker (2008)

The Conficker worm (also known as Downup, Downadup, Kido) was first discovered in 2008 and was designed to disable anti-virus programs on infected computers and block automatic updates that could remove the threat.

Conficker quickly spread through multiple networks, including those of the UK, French and German defense agencies, causing $9 billion in damage.

Svetlana Petrenko, a representative of the Investigative Committee: “There were no hacker attacks on the resources of the Investigative Committee. Everything is working normally.”

TASS, citing a police source, reports that the Ministry of Internal Affairs has not recorded any hacker attacks either.

Source: "As of 20:00 Moscow time, the unified system of information and analytical support for the activities of the department was not hacked."

According to some users, we are talking about the WCry virus (also known as WannaCry or WannaCryptor) it encrypts the user's files, changes their extension and requires you to buy a special decryptor for bitcoins.

An employee of Avast (antivirus developer) Jakub Kroustek on his Twitter said that at least 36,000 computers around the world have already been infected. Most of them are located in Russia, Ukraine and Taiwan.


Previously, it was reported that the ransomware virus was in hospitals across the UK. A map of the spread of the virus around the world has already appeared on the Web.


Due to a hacker attack, the Russian operator Megafon had to turn off part of the computer network. According to Pyotr Lidov, director of the public relations operator, employees' computers began to suddenly reboot, and after the reboot, a window appeared demanding to pay $300, which did not allow them to continue working.

Petr Lidov: “The scale is quite large, it affected most of the regions of our country. But we are coping, now together with Kaspersky Lab (whose solutions Megafon uses for protection) we are solving this issue.

Spanish media reports that the local telecommunications company Telefonica has also been attacked by a ransomware virus. The hackers demanded to pay the equivalent of 509,487 euros by May 15. If this does not happen, then the attackers threatened to delete all the archives to which they had access.

The Financial Times, citing cybersecurity analysts, writes that the attacks in the UK and Spain used modified malware from the US National Security Agency (NSA). According to experts, the US intelligence tool known as eternal blue (“inexhaustible blue”) was combined with WannaCry ransomware.

British Prime Minister Theresa May commented on what is happening in the global cyberspace. According to her, the attacks on the country's hospitals are part of a global hacker attack.

Theresa May: “We are aware that a number of medical institutions have reported a hacker attack. This attack was not directed specifically at the NHS (National Health System ed.). This is part of an international hacker attack that affected institutions in different countries ... We have no information that patient information fell into the wrong hands.

Internet expert Grigory Bakunov on the air of the Echo of Moscow radio station said that the virus only threatens computers based on the Windows operating system. Most smartphone owners should not be afraid.

Grigory Bakunov: “This malware tries to work with government and large structures, but ordinary people also suffer. Everyone has this hole in Windows, it is not difficult to exploit it. And if the computer has not received the latest update from Windows, it is vulnerable. However, this does not apply to mobile systems such as Android and iOS.

Similar posts