Hospitals are afflicted in Great Britain, in Russia – the Ministry of Internal Affairs, MREO and Megafon.
On the afternoon of May 12th, a virus called WannaCrypt attacked the UK healthcare system. He also paralyzed the work of several companies in Spain. According to first estimates , hackers infected about 50 thousand computers worldwide.
The WannaCrypt or WCry virus blocks the computer and asks for a ransom – $ 300 in bitcoins. Judging by the photos, the text is displayed in the language of the country in which the program operates.
The affected companies have spread a message that the virus is transmitted via email and encrypts data on the computer, and also blocks the screen.
The spread of the virus can be monitored on a special site.
The first information about the effect of the virus in Russia appeared on the CyberForum forum back in 2015. They also proposed the first solution.
On May 12, the fact of the attack of the WCry virus was confirmed in MegaFon. A company spokesman, Peter Lidov-Petrovsky, explained that the specialists had to disconnect computers from the public network so that the virus did not spread further.
We had warnings on a number of computers with a $ 300 ransom demand, the coverage was quite large. This did not affect the communication and subscribers, as the virus only attacked our computers.Peter Lidov-Petrovsky, director of MegaFon public relations
Among other operators about the attacks said in the “Beeline”. A company spokeswoman said that the experts managed to repel hacker attacks. sources also confirmed the attack on the computers of Svyaznoy employees.
The Interior Ministry denied information about the hacker attack, which was previously reported by the media. Interruptions in the work of the regional offices were called “planned technical works”, and a warning appeared on the website.
Dear visitors, we apologize for any inconvenience while working with the site, technical work is underway.MIA website
In the UK denied information about hacker attacks on their servers. As a representative of the department Svetlana Petrenko said, everything “works in a regular mode.”
About the hacker attack told in the Federal Registration Information System (FISM) MREO.
There is a possibility that the attack goes to servers in Moscow, the problem has already touched several regions across Russia, but so far nothing is clear. In MREO disable computers.interlocutor of the 47news edition in the traffic police
What a virus
According to the Motherboard edition, the WanaCrypt0r virus has an “incredible spread rate”. For distribution across organizations’ local networks, it uses the Eternal Blue vulnerability, which was previously used by the US National Security Agency. Using this protocol exploit to share SMB files, a virus from one infected computer can infect others on the same network.
The authors suggested that the virus could be created by hackers based on one of these tools. The journalist Sam Gad Jones wrote about this on Twitter.
“Hackers used an American exploit known as“ eternal blue ”, published by [hackers] Shadow Brokers, intelligence sources told FT.
Kevin Beaumont, a security specialist, wrote about using a worm called eternal blue
Confirmed – wcry ransomware spreading across Europe uses EternalBlue/MS17-010/SMB. PATCH NOW EVERYWHERE.— Kevin Beaumont 🧝🏽♀️ (@GossiTheDog) May 12, 2017
“Confirmed – wcry, spreading throughout Europe, used the” eternal blue “”
Kaspersky Lab specialists confirmed that the virus uses a previously discovered Windows vulnerability, which Microsoft promised to close in March 2017. According to the company, 75 thousand attacks were recorded in 74 countries around the world. Most of all – in Russia.
According to The New York Times, part of the responsibility for the attack lies with a group of hackers Shadow Brokers. Its members published an exploit from data stolen from Microsoft.