The WannaCry encryption virus has blocked your PC! How to protect yourself from infection? WannaCry encryption virus: what to do? Encryptor Traven
-
Over 200,000 computers have already been infected!
The main targets of the attack were directed at the corporate sector, which also included telecommunications companies in Spain, Portugal, China and England.
-
The heaviest blow fell on Russian traders and companies. This includes Megafon, RZ and, for unconfirmed information, the Investigative Committee and the Ministry of Internal Affairs. Oschadbank and the Ministry of Health also reported attacks on their systems.
For deciphering the data, the criminals demand a ransom of 300 to 600 dollars in bitcoins (about 17,000-34,000 rubles).
Updated Windows 10 version 1909
Interactive infection map (CLICK ON MAP) 
Vikno with a high price 
Encrypts files in the latest extensions
Regardless of the targeting of the virus by attacks in the corporate sector, the average consumer is also not immune to WannaCry penetration and possible loss of access to files.
-
Instructions for protecting your computer and data from a new type of infection:
1. Complete the installation using Kaspersky System Watcher, which is equipped with a built-in function to recover changes that were released from the encryptor, which managed to bypass the protection.
2. Antivirus users from Kaspersky Lab are advised to check that the System Monitoring function is enabled.
3. Antivirus users in ESET NOD32 for Windows 10 have been provided with the function of checking for new available OS updates. If you picked it up from afar and it was turned on, then everything you need is new Windows Update will be installed and your system will be completely protected from the WannaCryptor virus and other similar attacks.
4. Also, ESET NOD32 products have a function in the program that detects unknown threats. This method foundations for the use of behavioral, heuristic technologies.
If a virus behaves like a virus, it is more likely that it is a virus.
The technology of the ESET LiveGrid security system with version 12 successfully repelled all attacks against this virus, and all this was done even before updating the signature databases.
5. ESET technologies provide security for a wide range of devices Windows systems XP, Windows 8 and Windows Server 2003 (We recommend that you use data recovery from these older systems). Because of Vinikle even more high level According to the OS, Microsoft has decided to release an update. Entice them.
6. To reduce to a minimum the threat of damage to your PC, it is necessary to update your Windows versions 10: Start - Settings - Updates and Security - Check if updates are available (in other cases: Start - All Programs - Windows Update - Search for Updates - Download and Install).
7. Install the official patch (MS17-010) from Microsoft, which fixes the SMB server, through which a virus can penetrate. This server activities in this attack.
8. Make sure that all relevant security tools are running and running on your computer.
9. Check the viruses of your entire system. In case of a naked, mischievous attack under the name MEM: Trojan.Win64.EquationDrug.gen, restart the system.
Once again I recommend that you check to ensure that patches MS17-010 are installed.
Currently, Kaspersky Lab, ESET NOD32 and other anti-virus products are actively working on writing programs for decrypting files that will help investigators of infected PCs to improve access to files.
Over the course of ten years, cybercrimes have successfully fought against minor and spillovers. All-worldly pavutinnya. However, the remaining fate was clearly indicated by an increase in the number of attacks, as well as the growth of their level - criminals are becoming unsafe, and unprofitable programs are expanding at a pace that has never been seen before.
Enter
There are software programs that caused an incredible disruption in 2017, causing problems for thousands of organizations around the world. For example, in Australia, the attacks of such terrorists as WannaCry and NotPetya have caused concern among the ordinary level.
Considering the “successes” of the profiteers of this fate, we look at 10 of the most unsafe organizations that have generated the greatest profits. We understand that we will learn lessons from the coming fate and it is not permissible for such problems to penetrate our measures.
NotPetya
The attack of this zdirnik originated from the Ukrainian program accounting information M.E.Doc, which changed the harrowing in Ukraine 1C. Over the course of a few days, NotPetya infected hundreds of thousands of computers in more than 100 countries. This malware is a variant of the old Petya scam, and they are also alarmed by the fact that the NotPetya attacks exploited the same exploit as the WannaCry attacks.
The world has expanded NotPetya to several organizations in Australia, for example, the Cadbury chocolate factory in Tasmania, which had to suddenly shut down their entire IT system. The same thief managed to infiltrate the world's largest container ship, which belongs to the Maersk company, which is reported to have cost up to 300 million dollars in revenue.
WannaCry
This monster, terrible for its scale, has practically buried all the world. In this attack, the controversial EternalBlue exploit was used, which exploits a vulnerability in the Microsoft Server Message Block (SMB) protocol.
WannaCry infected victims in 150 countries and over 200,000 machines on the first day. We have published this huge amount of selfishness.
Locky
Locky was the most popular fighter in 2016, but did not take effect in 2017. New variants of Locky, which took the names of Diablo and Lukitus, were named after the same fate, vikoryst the same vector of attack (phishing) to obtain exploits.
Locky himself was behind the scandal related to email fraud in Post Australia. Thanks to the Australian Commission to fuel competition and protect their neighbors, residents spent over $80,000 through this scam.
CrySis
This instance is assigned to the master remote desktop protocol (RDP). RDP is one of the most popular methods of expanding data, because in this way cyberware can compromise machines that control the purposes of the organization.
CrySis victims were forced to pay between $455 and $1,022 to update their files.
Nemucod
Nemucod is all about using a phishing sheet that looks like an invoice for transport services. This hijacker grabs junk files that are stored on malicious websites.
According to phishing lists, Nemucod is ranked ahead of Locky.
Jaff
Jaff is similar to Locky and has similar methods. This facility does not use original methods for expanding or encrypting files, but it is still the most successful practice.
The criminals behind it extorted up to $3,700 for access to encrypted files.
Spora
To expand the variety of programs, cybercriminals attack legitimate sites by adding JavaScript code to them. For those who spent money on such a site, they will be shown in advance of the advance that promotes the new Chrome browser Please continue to look at the site. After becoming obsessed with the so-called Chrome Font Pack, users became infected with Spora.
Cerber
One of the numerous attack vectors used by the Cerber hacker is called RaaS (Ransomware-as-a-Service). For this scheme, the criminals are trying to pay for the expansion of the Trojan, costing hundreds of pennies. Invariably, these “servants” of cybercriminals are deployed to destroy, and then give other criminals tools to expand.
Cryptomix
This is one of the few benefits that do not exist for the type of payment portal available on the dark web. Victims of the crime must be aware if cybercrime is sent to them email instructions.
Victims of Cryptomix included traders from 29 countries, who were forced to pay up to $3,000.
Jigsaw
Another one on the list, which has begun its activity in 2016. Jigsaw inserts images of the clown from the Saw film series into email spam lists. As soon as the user clicks on the images, the filer not only encrypts, but also deletes the files at a time, because the user also delays the payment of the voucher, the size of which is $150.
Visnovki
As a matter of fact, there are current threats against vikoryists and subtle exploitation against theft of measures. Regardless of the fact that increased awareness among cybersecurity agents can help them to get infected, businesses must go beyond basic cybersecurity standards to protect themselves. Defending against current threats requires proactive approaches that leverage the power of real-time analysis that builds on intelligence mechanisms that include understanding behavior and the context of threats.
On May 12, it became known about an encrypting virus that is spreading at a record rate: in one weekend, it infected over 200 thousand. computers in 150 countries around the world. After this expansion of the virus was stopped, within a day several more versions of the virus appeared and this expansion will continue. Therefore, we publish evidence on the diet, which will tell you about the viruses that are found and will help you to hijack your computer.
Kuzmich Pavlo Oleksiyovich, Director of the Laboratory of Computer Forensics at ITMO University.What is the virus of computers and other devices of individual users?
Thus, the virus can infect the computers of foreigners. For all that, the spy agents of these organizations detected infections, hijacked computers to intercept mail and “surf” on the Internet, and, without skimming the pages and websites, installed free security software on them. . This method of cheating cannot be called new: the problem of so-called encryption viruses has been relevant for many years, and the price of 300 dollars can be considered completely “humane”. So, before us, before the laboratory of the same fate, one organization was attacked, from which, for decrypting just one file with clients, criminals extorted 700 US dollars from the same bitcoins.
What should you earn so as not to be wasted by this virus?
First of all, be respectful of where you go on the Internet. In other words, it is important to respect the mail and, before opening any files in sheets, transfer that it is not a dirty sheet. Viruses often appear in files sent to Rostelecom, where the security service never enforces payment procedures. Often the same shakhrayskie sheets began to be found in the name of Oschadbank, as well as bailiffs. To avoid becoming a victim of evildoers, it is important to carefully observe where the message is in the sheet, as well as how the file is expanded and added to the sheet. Well, it’s important that I would like to work at some point backup copies important documents on the side of your sensitive nose.
Does this mean that all bases of attacked organizations are blocked at once? How can they help evildoers achieve their goals? How is personal data compromised from these databases?
I think that talking about the blocking of robots is, of course, not a good idea: it’s a big problem for all the workers. However, the fact that security officers from various departments use work computers for work on the Internet is alarming. It is entirely possible that in this way the confidential records of their clients – from various commercial organizations, as well as large amounts of personal data – from government agencies could be compromised. Please be assured that such information was not generated on these computers.
What is the situation with Megafon subscribers? It's not safe to show off at once mobile internet?
Most of all, no fragments of the infrastructure elements of the network are protected from such attacks. Moreover, one can speak with high confidence about those who Denmark virus insurance coverage for spills in the operating system manufactured by Microsoft, and Merezheve obladnannya Most importantly, it is necessary to use either a weak operating system or operating systems Linux families.
What happens when the virus reaches the system? How do you know if your computer is infected?
The most often infected and active phase of the virus - data encryption - manifests itself in a significant decrease in computer productivity. This is due to the fact that encryption is an extremely resource-intensive process. You can also note this when files with unintended extensions appear, otherwise it is too late to work on any actions at this stage.
How will it be possible to renew blocked data?
Most often it is impossible to renew. Previously, the key was the same for all infected people, but after that, the virus was captured and decrypted, and standard codes became widely known (they can be found on anti-virus software forums). software security), the criminals began to encrypt information with a new key. Before speaking, it is difficult to create a simple version of the cipher: most often it is asymmetrical encryption, and breaking such a cipher is very difficult, although it is expensive in terms of hours and resources, which actually becomes impossible.
How long will it take for a virus to spread across the Internet?
I think that until that moment, until the author and yogo are expanded. And this will happen until people everywhere are caught by law enforcement agencies and until people stop opening pages with viruses and begin to be more respectful of their actions on the Internet.
Grigory Shablin, virus analyst, expert in galusi information security ITMO University will help international business through the protection of computer information (caution: programmer vocabulary!).
Malefactors are violating the vulnerability of the SMB protocol MS17_010 – the patch is already on Microsoft servers. Those who have not renewed can be wasted under distribution. Well, one might say, these koristuvachs themselves are to blame - they vikorized pirated software or did not update Windows. I don’t know how the situation is developing: there was a similar story with the bug MS08_67, which also became infected with the Kido worm. What you can do right away: you need to either turn on your computer or update Windows. It turns out that there are a lot of anti-virus companies competing for the right to release a decryption utility. They will be able to earn money without having a brilliant PR-hit, as well as the opportunity to earn good money. It is not a fact that you will be able to recover all locked files. This virus can penetrate anywhere through computers that have not yet been updated. Before speaking, this exploit was taken from the archive that was “recovered” from the US National Security Agency (NSA), which is an example of what intelligence agencies can do in any emergency situation.
For information from the press service of ITMO University
The first day of 2017, there was a large-scale virus attack on computers running Windows OS. In Russia, nearly 30,000 computers were infected. Among the number of victims, there were not only ordinary members of the government, but also a large number of organizations and government structures. According to information from the border, the Constitutional Court of the Ministry of Internal Affairs of the Russian Federation and the Magathon border are often infected. Also, a number of other smaller organizations suffered from the WannaCry attack, or as it is more often called - WCry. It is not yet clear how the virus penetrated the stolen device. What became the result of the pardon of one of the koristuvachs, what is the secret influence of the Ministry's measures - is not known. The first information in RuNet appeared on the Kaspersky website (in form), and there was active discussion about the new virus.
What is this virus?
After penetrating the computer, the virus unpacks, installs its own system data encryption codes, and in the background begins to encrypt all information on the computer using official codes of the filename.wncry type. This is what happens after your computer gets a virus:
- Immediately after being introduced into the system, the virus begins to completely control the system, blocking the launch of any software, without installation,
- Antiviruses and utilities do not require installation, but they are launched immediately after connecting the storage device to the system and do not give the desired result, and simply do not start,
- All USB ports and disk drives stop functioning,
- The screen will be blocked by the Wana DecryptOr 2.0 banner, which notifies you that your computer is infected with the virus, all data is encrypted, and it is necessary to make payment to the administrators.
How to protect yourself from the virus.
There is no point in panicking; the virus is not new and there is no way to protect yourself from it. The most important encryptor, whose analogues we have already tried more than once. Don't get drunk computer virus, be respectful when using any software. We do not recommend updating any software, unless you know exactly how the virus penetrates the system. We are inclined to think that the virus reaches the computer through infection in any program. And problems in programs most often appear after a recent update, in which there is such a large “hole” that allows viruses to get into the system. If you have evidence of your ability, let me make it clear third party firewall, and monitor the system and monitoring activity for the entire hour.
We will also help those who suffered
On Friday, the 12th of May, it has become brutal to us permanent client, designer, with a laptop on which his layouts, output codes, and other graphic files were saved. Your computer has been infected with the WannaCryptor virus. A number of “experiments” were carried out and they yielded results! Axis that helped us:
- We took out the computer, got rid of it hard drive with data,
- Connected the disk to the iMac,
- Using the brute force method of decryptors, we found a number that helped extract some of the data from drive D.
- Afterwards, the deputy made a decision to reinstall the system with the data that had been lost,
- About every breakdown, they created an image of the system on our nose, as soon as a major problem appeared - it’s probable that we lost it.