The disruptions in the work of the traffic police departments have been eliminated. This was stated by the press service of the Ministry of Internal Affairs. Earlier it became known that in a number of Russian regions In particular, a problem arose with the issuance of driver's licenses. The computers of ministry employees were infected with a virus that quickly spread throughout the world.

In Russia, in addition to the Ministry of Internal Affairs, malware penetrated the networks of the Ministry of Emergency Situations, Russian Railways, Sberbank, and Megafon. In general, by this minute, companies and departments report that the problem has been localized or resolved. And Microsoft took extraordinary measures: it released an emergency update that eliminates vulnerabilities not only for the latest operating systems, but also for outdated Windows XP. It has not been officially supported since 2014, although it is still very popular.

British doctors have called their work in the last 24 hours a return to the paper age. If possible, planned medical procedures are postponed for several days, and care is given first to emergency patients. Until now, it has not been possible to completely restore the operation of the computers that kept patient records, test results, and much more. The cause was the WCry virus - an abbreviation for the English Wanna Cry (translated as “I want to cry”).

It soon became clear that such emotions were not only experienced in Britain. Then there were reports that the virus had infected the computers of the Spanish telecommunications giant Telefonica, then spread to France, Germany, Italy, and Romania. A malicious program spread across the planet like wildfire.

“We are actually watching a cyber apocalypse scenario unfold today. Alarming developments affect the entire industry. In the last 24 hours alone, 45,000 systems in 74 countries have been infected,” said computer security expert Varun Badhwar.

Each system is sometimes not even hundreds, but thousands of computers. On the screens of each of them, users saw a message translated into dozens of languages. It says that all information on the computer is encrypted, and you must pay for decryption and the ability to continue working. Depending on the country - 300 or 600 dollars.

Similar ransomware viruses have been known for many years, however, if previously ordinary users encountered this more often, now the main blow has fallen primarily on organizations that, without exaggeration, are of strategic importance for each country.

“It’s clear that they hit the most critical ones. And it is clear that criminals will always look for the most vulnerable points, that is, those who will really pay. And this simply speaks of cynicism,” said Adviser to the Russian President on Internet Development German Klimenko.

Russia is also among the victims. Just the day before, the first data appeared that a malicious program had penetrated the computers of the Ministry of Internal Affairs. Reports of the consequences of failures came from different regions. Thus, in Zhukovsky near Moscow, according to the testimonies of visitors, the computers in the passport office did not work the day before. Several cities at once had to temporarily suspend the issuance and replacement of driver’s licenses, license plates.

“At the moment the virus has been localized. Conducted engineering works for its destruction. Leakage of official information from the information resources of the Ministry of Internal Affairs is completely excluded,” said official representative of the Russian Ministry of Internal Affairs Irina Volk.

The programmers and the information center of Russian Railways are in a rush. The virus has penetrated there too. The extent of the problem is not known, but it is known that some passengers encountered inconvenience when issuing tickets online.

“The virus is currently contained. There were no technological failures within the network. Accordingly, this virus attack did not affect the transportation of goods and passengers. There is no security threat,” said Russian Railways spokeswoman Ekaterina Gerasimova.

Large Russian companies such as Megafon and Yota also encountered problems. Obviously, there are many more victims, but most prefer not to talk about it. Most companies restore systems from so-called database backups, which are periodically stored on special servers.

Meanwhile, law enforcement agencies in different countries are trying to get on the trail of the hackers who organized the attack around the world. Although this is extremely difficult to do. After all, it is still not clear from which country the virus was launched. The British newspaper The Telegraph, however, has already rushed to blame the notorious “Russian hackers” for the incident.

However, even Western experts were skeptical about such a pursuit of sensation. After all, the strongest blow of the virus fell precisely on Russia. According to independent antivirus companies, the largest number of infected computers is in our country.

It is also already known that in fact hackers did not come up with anything new. They just used a program that was stolen from the United States National Security Agency. This was reported by former employee of this American intelligence agency Edward Snowden.

From E. Snowden's Twitter: "Wow, the NSA's decision to create tools to attack American software is now putting the lives of hospital patients at risk."

According to Snowden, the hackers merely modified a program that the US National Security Agency used to spy on users around the world.

Intelligence agencies have been exploiting a vulnerability in the Windows operating system for many years. And only recently did Microsoft come to their senses.

"Users free antivirus Microsoft and updated Windows versions protected. Back in March, we added a security update that provides additional protection against a potential attack,” said Microsoft Russia spokeswoman Kristina Davydova.

It is unknown who is now using the secret developments of the American intelligence services. And even if you pay the criminals, the financial trail will lead nowhere. After all, payment for computer resuscitation is accepted exclusively in bitcoins. This is one of the most popular so-called cryptocurrencies today. Not money, but digital code, which is simply impossible to track.

“Why do hackers always ask for bitcoins? As you remember from movies about pirates, they loved gold most of all. Why? Because it is passed from hand to hand. It is impossible to trace how this process takes place. The same thing happens with modern pirates and hackers. They always want to get bitcoins because it is an uncontrolled way of exchanging value,” says Internet technology specialist Grigory Bakunov.

In any case, digital technology experts still advise not to pay extortionists. Firstly, there is no guarantee that they will not be deceived, and then, if you pay once, then in the future, most likely, you will have to pay more.

Antivirus companies promise to release protection before the start of the new work week. The message about the first success has already come from the same Britain. One of the programmers completely accidentally managed to stop the spread of the virus.

Svetlana Petrenko, representative of the Investigative Committee: “There were no hacker attacks on the resources of the Investigative Committee. Everything is working as normal."

TASS, citing a police source, reports that the Ministry of Internal Affairs also did not record any hacker attacks.

Source: “As of 20:00 Moscow time one system information and analytical support for the department’s activities was not hacked.”

According to a number of users, we are talking about the WCry virus (also known as WannaCry or WannaCryptor) it encrypts the user’s files, changes their extension and requires you to buy a special decryptor for bitcoins.

Avast employee (antivirus developer) Jakub Kroustek reported on Twitter that at least 36 thousand computers around the world have already been infected. Most of them are located in Russia, Ukraine and Taiwan.

It was previously reported that the ransomware virus was in hospitals across the UK. A map of the spread of the virus around the world has already appeared on the Internet.

Due to a hacker attack Russian operator Megafon had to turn off part of computer network. As the operator’s director of public relations, Pyotr Lidov, said, employees’ computers began to suddenly reboot, and after the reboot, a window appeared demanding to pay $300, which did not allow them to continue working.

Peter Lidov: “The scale is quite large, affecting most of the regions of our country. But we are coping, now together with Kaspersky Lab (whose solutions Megafon uses for protection) we are resolving this issue.”

Spanish media reports that local telecommunications company Telefonica has also been attacked by ransomware. The hackers demanded payment of the equivalent of 509,487 euros by May 15. If this does not happen, the attackers threatened to delete all archives to which they gained access.

The Financial Times, citing cybersecurity analysts, writes that the attacks in the UK and Spain used a modified malware from the US National Security Agency (NSA). According to experts, the American intelligence tool known as eternal blue was combined with the WannaCry ransomware.

British Prime Minister Theresa May commented on what is happening in global cyberspace. According to her, attacks on the country's hospitals are part of a global hacker attack.

Theresa May: “We know that a number of medical institutions reported a hacker attack. This attack was not aimed specifically at the NHS (National Health System ed.). This is part of an international hacker attack that affected institutions in different countries... We have no information that patient information fell into the wrong hands.”

Internet expert Grigory Bakunov said on the radio station “Echo of Moscow” that the virus only threatens computers based on the operating room Windows systems. Most smartphone owners have no need to worry.

Grigory Bakunov: “This malware tries to work with government and large structures, but ordinary people also suffer. Everyone has this hole in Windows, and it’s not difficult to exploit. And if the computer didn't receive Last update from Windows, it is vulnerable. However, this does not apply mobile systems, such as Android and iOS."

Yesterday, an epidemic of a new computer encryption virus began. It mainly affected the work of Russian and Ukrainian organizations, but also affected companies from other countries of the world. The virus warns users that all their files are encrypted, and attempts to recover them on their own are useless. The ransomware virus demands the transfer of $300 in Bitcoin cryptocurrency in exchange for unlocking access.

According to information from Group-IB (the fight against cybercrime), during the day more than 100 companies in the CIS were affected, and by the evening Kaspersky Lab announced that the number of victims worldwide was in the thousands. The virus spreads on Windows systems, but the exact mechanism of its operation is not yet known, a Doctor Web representative said. Microsoft is aware of the situation and is conducting an investigation, a company spokesman said.

Attack on oil

In the afternoon, the largest Russian oil company, Rosneft, reported on its Twitter account about a powerful hacker attack on the company’s servers, without providing details. One of the employees of Bashneft (controlled by Rosneft), on condition of anonymity, told Vedomosti about the attack: “The virus initially disabled access to the portal, to the internal messenger Skype for business, to MS Exchange - they did not attach any significance, they thought it was just a network failure , then the computer rebooted with an error. Died HDD, the next reboot already showed a red screen." According to him, employees were ordered to turn off their computers. The information that the virus affected Bashneft was confirmed by two sources close to the company. A hacker attack could lead to serious consequences, but thanks to the fact that the company switched to backup system management of production processes, neither production nor oil preparation has been stopped, a Rosneft representative said.

How to avoid infection

To avoid infecting your computer with a virus, a Doctor Web representative advises not to open suspicious emails, create backups important data, install security updates for software and use an antivirus. A Kaspersky Lab representative also reminds its users to check if their antivirus is enabled. Also, using the AppLocker program, you need to block a file called perfc.dat, advises Kaspersky Lab. To stop the spread of the virus, companies need to close TCP ports (data distribution protocol over the network) 1024-1035, 135 and 445, Group-IB reported.

New victims

Late in the evening, the Bank of Russia reported that several Russian banks had been infected. The disruption due to a cyber attack was confirmed by the Russian Home Credit Bank (HKF-Bank). The bank emphasized that it had noticed signs of instability and decided to conduct a review of all security systems. HCF Bank branches were open, but operated in advisory mode; ATMs and call centers continued to operate. The HCF Bank website was unavailable. A Vedomosti correspondent paid twice for the services of one of mobile operators via the Internet from a HCF Bank card.

The payments went through, the 3-D Secure protocol did not work - the bank client did not receive an SMS with a transaction confirmation code. At the Russian office of Royal Canin (a division of Mars), difficulties arose with IT systems, a company representative said. Evraz was also subject to a hacker attack, but its main production facilities continued to operate and there was no threat to employees or businesses, a company representative said. The virus attack affected offices in Europe (including Russia and Ukraine), a representative of the confectionery manufacturer Mondelez confirmed.

World Tour

Although Russia and Ukraine have recorded the most incidents, the virus is also active in other countries, said Vyacheslav Zakorzhevsky, head of the anti-virus research department at Kaspersky Lab. It is hardly possible to configure a self-propagating virus so that it affects only certain countries, the representative of Doctor Web agrees.

The virus wishes to remain anonymous

This is the second case of a global ransomware attack in the last two months. In mid-May, a wave of infections with the WannaCry ransomware occurred around the world. The virus infected computers that had not installed the Windows operating system update. During the hacker attack, WannaCry infected up to 300,000 computers in more than 70 countries and encrypted the information on them, making it unusable. In Russia, in particular, Megafon and the Ministry of Internal Affairs were attacked.

Good day, friends! As you know, security and protection of your electronic friend are pressing issues for a huge number of users. Cunning worms and insidious Trojans are constantly roaming the Internet, trying to sneak through loopholes on your PC and wreak havoc on your hard drive. Today I invite us all to remember the most famous computer viruses of our time.

Eight new-age malware

First, let's make a short list of all these malicious utilities, and then I will talk about each in more detail, including the newest and most tricky ones. So here are these scoundrels:

• ILOVEYOU – 2000;
• Nimda - 2001;
• SQL Slammer/Sapphire – 2003;
• Sasser - 2004;
• Storm Trojan - 2007;
• Conficker - 2008;
• Wannacry – 2017;
• Petya – 2017.

I LOVE YOU

This virus is considered the pioneer of large-scale computer infections around the world. It began spreading on the night of May 5 in the form of emails with a malicious script attached.

When he opened this letter, he immediately began sending himself using the Microsoft Outlook contact sheet (at that time this program was considered the height of perfection for sending emails). Over the next few days, it infected about 3 million PCs around the world and overwrote files on them. The damage from its destructive activities amounted to approximately 1015 billion dollars. For this, the ILOVEYOU virus even entered the Guinness Book of Records, receiving the “honorary” title of the most destructive virus.

Nimda

This malware spread in a matter of minutes. Its scripts were written in such a way that it affected not only the computers of ordinary users, but even server parts under Windows control NT and 2000, which at that time had enough powerful protection. It penetrated the hard drive through email distribution. The targets of infection were Internet portals that did not have the necessary protection system.

This worm was attributed to the authorship of Al-Qaeda (a terrorist organization banned in the Russian Federation). However, no evidence was received. According to rough estimates, the damage from the virus amounted to more than $50 million, and then networks of banks, hotels, federal courts, and so on collapsed.

SQL Slammer/Sapphire

A notable feature of this worm is its small size. It weighed only 376 bytes, but these bytes infected about 75 thousand computers in the world in 10 minutes. As a result of his attack, networks were shut down emergency services, many hosts crashed, and Internet access disappeared at a nuclear power plant in Ohio, USA.

Sasser

The epidemic of this worm began at the end of April 2004. Within a few days, the worm managed to infect about 250,000 computers around the world. After infecting one device, the worm gained access to the Internet and looked for computers with a vulnerability through which it could get there. The virus did not cause any particular harm or dirty tricks - it just let the computer into endless cycle reboots.

Interestingly, its author was not a bearded hacker with a powerful desktop, but an ordinary 17-year-old teenager from Germany with a home PC. He was identified quickly enough, after which he was sentenced to probation. It is difficult to explain why, because his creation sabotaged the work of airlines, hospitals, post offices, the British coast guard and many other social institutions and caused damage of 18 billion dollars.

Storm Trojan

8% of infected computers out of the total number around the world - this is the result of the march of the Storm Trojan virus across the planet. The principle of its operation is very common - it involved infecting a PC and connecting to the so-called botnet. In it, a huge number of computers were connected into one network, without the knowledge of the owners, which served the only purpose - massive attacks on powerful servers. It was quite difficult to neutralize him, since he independently changed his code every 10 minutes.

Conficker

The Conficker worm exploited operating system vulnerabilities and disabled many services, including security. It is considered the “progenitor” of malicious programs that are distributed via USB drives. In them, he created the autorun.inf file, which I'm sure many of us have seen.

By the way, you can still find a type of virus that hides files on storage media and replaces them with its own shortcuts. I have already described how to restore visibility to such files in the article.

Its purpose is the same as the previous one - uniting infected PCs into a common botnet. In this way, he was able to “subjugate” a huge number of machines and bring down the networks of not only ordinary companies, but also the defense ministries of Germany, France and the UK. According to the most conservative estimates, it caused damage in the amount of $9 billion.

Wannacry

Today, only those who don’t surf the Internet or watch TV have never heard of Wannacry. It belongs to the Trojan Winlock family of viruses. This cutting-edge, cunning and incredibly clever network worm, also known as ransomware, works as follows: it encrypts the vast majority of files stored on the hard drive, after which it locks the computer and displays a ransom window. It was proposed to transfer the money in the form of bitcoins, a modern cryptocurrency. The worm was able to infect about 500,000 people in 150 countries, with India, Ukraine and Russia being the most affected.

It is known that the hackers were able to obtain $42,000 from their victims. The attack was stopped by accident. It was discovered that before starting to encrypt files, the malware accesses a non-existent domain, and if it does not exist, the process begins. It was a small matter - the domain was registered, and the procession of Wannacry stopped. So the world was saved from the computer apocalypse. On this moment the damage is estimated at $1 billion. The virus has disrupted the work of many banks, transport companies, and dispatch services. If not for the miraculous rescue, millions of people could have gone bankrupt or died in train and plane accidents. According to experts, this was a significant case. Now it has become clear to everyone how dangerous modern unusually complex and carefully designed fraudulent schemes are.

They began to fight information crime very seriously, including in our country. However, a month later in June 2017, Petya virus.

Petya

The Petya ransomware virus is a trend in June 2017. It is very similar to Wannacry, but there is a significant difference - it does not encrypt separate files, but blocks all hard entire disk. Its creators relied on fans of unlicensed software, because not every user follows official updates Microsoft, namely one of them, released a patch that closed the hole through which Petya is now getting onto the PC.

It is distributed through attachments in emails. If the user runs this file, the computer will reboot and a simulated disk check for errors will appear on the screen. After this, a red skull will appear in front of your eyes across the entire monitor. To decrypt the hard drive you need to transfer a certain amount in bitcoins.

Experts believe that the more technology develops, the more people will want to use it to deceive their neighbors. This is the harsh reality of the 21st century.

According to statistics, in 2016, about 650,000,000 rubles were stolen from Russians’ bank cards. This is 15% less than in 2015. Sociologists believe that the residents of our country have seen through the majority. However, new, previously unknown ways to lure money out of your wallet appear almost every day.

This is what the list of the most famous and dangerous viruses, which amaze people's electronic assistants in the 21st century. If you were interested in reading about them, share the article on in social networks so that your friends also know about this danger. Also don't forget to subscribe to blog updates!

PS: Amazing facts

Dear reader! You have watched the article to the end.
Have you received an answer to your question? Write a few words in the comments.
If you haven't found the answer, indicate what you were looking for.

VILNIUS, May 13 - Sputnik, Georgy Voronov. A ransomware virus has infected computers around the world.

It all started in Spain, but the uproar arose after a cyber attack on British medical institutions, because the computers of hospitals and clinics were hacked there, and there was a danger to people's lives.

This virus, one of the so-called crypto-viruses or encryptors, encrypts any files, and reverse decryption is possible for a fee. We are talking about the WCry ransomware virus, also known as WannaCry (Wanna Decryptor) or WannaCrypt0r 2.0. He encrypts the information on the computer and demands a ransom of $300 to $600 in Bitcoin for decryption.

According to the influential group of cybersecurity experts MalwareHunterTeam, servers in Russia and Taiwan suffered the most as a result of the virus attack. They were also hit hard computer systems Great Britain, Spain, Italy, Germany, Portugal, Turkey, Ukraine, Kazakhstan, Indonesia, Vietnam, Japan and the Philippines.

Capture history

"New virus is spreading with hellish speed,” MalwareHunterTeam researchers report.

Avast antivirus recorded 57 thousand hacker attacks using the WannaCry virus on Friday, the company’s blog reports. This virus was noticed by company specialists back in February, but on Friday it began to spread massively new version hacker program.

In turn, Kaspersky Lab on Friday recorded 45 thousand hacker attacks in 74 countries around the world using the WannaCry virus, with the largest number of infection attempts occurring in Russia. The computers of the largest companies and federal ministries, including Sberbank, Megafon, the Ministry of Internal Affairs and the Ministry of Emergency Situations, were attacked.

Who is guilty?

The US has offered international assistance to combat virus attacks. The American Department of Homeland Security (DHS) has announced its readiness to provide technical support and assistance in the fight against the WannaCry ransomware. The statement notes that a patch was released in March to address the vulnerability to the virus. Installing a patch helps protect operating system from this threat, the ministry said.

“We are actively sharing information related to this event and stand ready to provide technical support and assistance as needed to our partners both in the United States and internationally,” the statement said.

Meanwhile, former US intelligence officer Edward Snowden wrote on Twitter that a computer virus originally developed by the US National Security Agency (NSA) could have been used in the global hacker attack on Friday.

"The NSA's decision to create tools to attack American software now threatens the lives of patients in hospitals," Snowden said. "Despite warnings, the NSA developed such tools. Today we see the cost."

Protect yourself

Experts note that those computers that are not updated are vulnerable. In fact, if you keep your Windows up to date, there won't be any problems. In cases of infection, a very large percentage is the human factor.

Such crypto-viruses are mainly distributed in the form emails. They can be received from acquaintances whose computers have been hacked, or from strangers. The letters contain an attachment.

There are two ways of infection. In one case, it is an Excel file, basically a zip file, people open the attachment in e-mail and a process is immediately launched that encrypts the files. The second option is macros. In a programme " Microsoft Office"There are so-called macros that work in the same "Word" or "Exel". This, so to speak, additional programs. Now, if you launch a "Word" file, you are asked: does the file contain macros, should I activate it? You click "Ok" and the macros start loading viruses."

If you do not open attachments received from strangers, as well as unusual files received from friends, then infection with a crypto virus is unlikely to occur.