Yesterday, an epidemic of a new computer encryption virus began. It mainly affected the work of Russian and Ukrainian organizations, but also affected companies from other countries of the world. The virus warns users that all their files are encrypted, and attempts self-recovery useless. The ransomware virus demands the transfer of $300 in Bitcoin cryptocurrency in exchange for unlocking access.
According to information from Group-IB (the fight against cybercrime), during the day more than 100 companies in the CIS were affected, and by the evening Kaspersky Lab announced that the number of victims worldwide was in the thousands. The virus spreads on Windows systems, but the exact mechanism of its operation is not yet known, a Doctor Web representative said. Microsoft is aware of the situation and is conducting an investigation, a company spokesman said.
Attack on oil
In the afternoon, the largest Russian oil company, Rosneft, reported on its Twitter account about a powerful hacker attack on the company’s servers, without providing details. One of the employees of Bashneft (controlled by Rosneft), on condition of anonymity, told Vedomosti about the attack: “The virus initially disabled access to the portal, to the internal messenger Skype for business, to MS Exchange - they didn’t attach any importance, they thought it was just a network failure, then the computer rebooted with an error. Died HDD, the next reboot already showed a red screen." According to him, employees were ordered to turn off their computers. The information that the virus affected Bashneft was confirmed by two sources close to the company. A hacker attack could lead to serious consequences, but thanks to the fact that the company switched to backup system management of production processes, neither production nor oil preparation has been stopped, a Rosneft representative said.
How to avoid infection
To avoid infecting your computer with a virus, a Doctor Web representative advises not to open suspicious emails, create backups important data, install security updates for software and use an antivirus. A Kaspersky Lab representative also reminds its users to check if their antivirus is enabled. Also, using the AppLocker program, you need to block a file called perfc.dat, advises Kaspersky Lab. To stop the spread of the virus, companies need to close TCP ports (data distribution protocol over the network) 1024-1035, 135 and 445, Group-IB reported.
New victims
Late in the evening, the Bank of Russia reported that several Russian banks had been infected. The disruption due to a cyber attack was confirmed by the Russian Home Credit Bank (HKF-Bank). The bank emphasized that it had noticed signs of instability and decided to conduct a review of all security systems. HCF Bank branches were open, but operated in advisory mode; ATMs and call centers continued to operate. The HCF Bank website was unavailable. A Vedomosti correspondent paid twice for the services of one of mobile operators via the Internet from a HCF Bank card.
The payments went through, the 3-D Secure protocol did not work - the bank client did not receive an SMS with a transaction confirmation code. At the Russian office of Royal Canin (a division of Mars), difficulties arose with IT systems, a company representative said. Evraz was also subject to a hacker attack, but its main production facilities continued to operate and there was no threat to employees or businesses, a company representative said. The virus attack affected offices in Europe (including Russia and Ukraine), a representative of the confectionery manufacturer Mondelez confirmed.
World Tour
Although Russia and Ukraine have recorded the most incidents, the virus is also active in other countries, said Vyacheslav Zakorzhevsky, head of the anti-virus research department at Kaspersky Lab. It is unlikely that a self-propagating virus can be configured so that it affects only certain countries, the representative of Doctor Web agrees.
The virus wishes to remain anonymous
This is the second case of a global ransomware attack in the last two months. In mid-May, a wave of infections occurred around the world. WannaCry ransomware. The virus infected computers that had not installed the operating system update Windows systems. During hacker attack WannaCry infected up to 300,000 computers in more than 70 countries and encrypted the information on them, making it unusable. In Russia, in particular, Megafon and the Ministry of Internal Affairs were attacked.
On November 11, 1983, the first virus was written, which opened a new era dangerous programs for computers.
An American student from the University of Southern California, Fred Cohen, compiled a program that demonstrated the possibility of infecting a computer with a virus reproduction rate of 5 minutes to 1 hour.
The first non-laboratory virus, called "Brain", capable of infecting only floppy disks, appeared in January 1986 and was of Pakistani origin. And the first antivirus program was developed in 1988. The following year, Cohen wrote a paper in which he not only anticipated the dangers of viruses spreading over computer networks, but also talked about the possibility of creating anti-virus programs.
Let's remember which viruses were the most destructive in the short history of computer networks.
10th place. Code Red
The virus was launched in 2001 and infected 360 thousand machines, creating a botnet to attack the White House website. The virus displayed a message on the screen “Hacked By Chinese!” (“Hacked by the Chinese!”) is a reference to communist China, although in reality the virus was most likely written by ethnic Chinese in the Philippines.
9th place. Morris
In 1988, the virus infected 60 thousand computers over the network, preventing them from working normally. Damage from the Morris worm was estimated at approximately $96.5 million.
The creator of the virus, Robert Morris, kept the program code well hidden, and it is unlikely that anyone could prove his involvement. However, his father, a computer expert at the National Security Agency, thought it best for his son to confess everything.
At trial, Robert Morris faced up to five years in prison and a fine of $250 thousand, however, taking into account mitigating circumstances, the court sentenced him to three years probation, a $10 thousand fine and 400 hours of community service.
8th place. Blaster
According to reports from Kaspersky Lab, about 300 thousand computers were infected around the world. For the user was launched in 2003 to attack Microsoft sites. Its author was never found.
For the user, this worm was relatively safe, except for the side effect of regularly rebooting the computer. The purpose of this worm was to attack Microsoft servers on August 16, 2003 at midnight. However, Microsoft temporarily closed its servers, which reduced the damage from the virus to a minimum.
Blaster contained a hidden message in its code addressed to Bill Gates: “Billy Gates, why are you making this possible? Stop making money, fix yours software!».
7th place. Melissa
The author of the virus, David Smith, named his brainchild after a stripper from Miami. Actually, when infected on home page a stripper appeared. The virus caused more than $80 million in losses. Microsoft companies and Intel even had to shut down its own mail servers.
Smith was arrested and sentenced to three years in prison.
6th place. CIH
The famous Chernobyl virus, which was written by Taiwanese student Chen Yinghao specifically for Windows 95\98 operating systems. On April 26, the anniversary of the nuclear power plant accident, the virus was activated, paralyzing computers.
According to various estimates, about half a million people have suffered from the virus. personal computers Worldwide.
According to The Register, on September 20, 2000, authorities in Taiwan arrested the creator of the famous computer virus, but according to Taiwanese laws at the time, he did not break any laws and he was never prosecuted for creating the virus.
Chen currently works at Gigabyte.
5th place. Nimda
Distributed via email. Became the fastest spreading virus. It took him only 22 minutes to infect millions of computers.
4th place. Storm Worm
In 2007, the virus infected millions of computers by sending spam and stealing personal data.
3rd place. Slammer
The most aggressive virus. In 2003, he destroyed data from 75 thousand computers in 10 minutes.
2nd place. Conficker
One of the most dangerous computer worms known today.
The malicious program was written in Microsoft Visual C++ and first appeared online on November 21, 2008. It attacks operating systems of the family Microsoft Windows(from Windows 2000 to Windows 7 and Windows Server 2008 R2). As of January 2009, the virus infected 12 million computers worldwide. February 12, 2009 Microsoft promised $250 thousand for information about the creators of the virus.
1 place. I LOVE YOU
When the attachment was opened, the virus sent a copy of itself to all contacts in address book Windows, as well as to the address specified as the sender's address. It also made a number of malicious changes to the user's system. The virus was sent to mailboxes from the Philippines on the night of May 4 to May 5, 2000; the subject line of the letter contained the line “ILoveYou”, and the script “LOVE-LETTER-FOR-YOU.TXT.vbs” was attached to the letter. The ".vbs" extension was hidden by default, leading unsuspecting users to think it was a simple text file.
In total, the virus infected more than 3 million computers around the world. The estimated damage that the worm caused to the global economy is estimated at $10-15 billion, for which it was included in the Guinness Book of Records as the most destructive computer virus in the world.
On November 11, 1983, the first virus was written, which ushered in a new era of dangerous computer programs.
An American student from the University of Southern California, Fred Cohen, compiled a program that demonstrated the possibility of infecting a computer with a virus reproduction rate of 5 minutes to 1 hour.
The first non-laboratory virus, called "Brain", capable of infecting only floppy disks, appeared in January 1986 and was of Pakistani origin. And the first anti-virus program was developed in 1988. The next year, Cohen wrote a paper in which he not only anticipated the dangers of viruses spreading over computer networks, but also talked about the possibility of creating anti-virus programs.
Let's remember which viruses were the most destructive in the short history of computer networks.
10th place. Code Red
The virus was launched in 2001 and infected 360 thousand machines, creating a botnet to attack the White House website. The virus displayed a message on the screen “Hacked By Chinese!” (“Hacked by the Chinese!”) is a reference to communist China, although in reality the virus was most likely written by ethnic Chinese in the Philippines.
9th place. Morris
In 1988, the virus infected 60 thousand computers over the network, preventing them from working normally. Damage from the Morris worm was estimated at approximately $96.5 million.
The creator of the virus, Robert Morris, kept the program code well hidden, and it is unlikely that anyone could prove his involvement. However, his father, a computer expert at the National Security Agency, thought it best for his son to confess everything.
At trial, Robert Morris faced up to five years in prison and a fine of $250 thousand, however, taking into account mitigating circumstances, the court sentenced him to three years probation, a $10 thousand fine and 400 hours of community service.
8th place. Blaster
According to reports from Kaspersky Lab, about 300 thousand computers were infected around the world. For the user was launched in 2003 to attack Microsoft sites. Its author was never found.
For the user, this worm was relatively safe, except for the side effect of regularly rebooting the computer. The purpose of this worm was to attack Microsoft servers on August 16, 2003 at midnight. However, Microsoft temporarily closed its servers, which reduced the damage from the virus to a minimum.
Blaster contained a hidden message in its code addressed to Bill Gates: “Billy Gates, why are you making this possible? Stop making money, fix your software!
7th place. Melissa
The author of the virus, David Smith, named his brainchild after a stripper from Miami. In fact, when infected, a stripper appeared on the home page. The virus caused more than $80 million in losses. Microsoft and Intel even had to turn off their own mail servers.
Smith was arrested and sentenced to three years in prison.
6th place. CIH
The famous Chernobyl virus, which was written by Taiwanese student Chen Yinghao specifically for Windows 95\98 operating systems. On April 26, the anniversary of the nuclear power plant accident, the virus was activated, paralyzing computers.
According to various estimates, about half a million personal computers around the world were affected by the virus.
According to The Register, on September 20, 2000, authorities in Taiwan arrested the creator of the famous computer virus, but according to Taiwanese laws at the time, he did not break any laws and he was never prosecuted for creating the virus.
Chen currently works at Gigabyte.
5th place. Nimda
Distributed via email. Became the fastest spreading virus. It took him only 22 minutes to infect millions of computers.
4th place. Storm Worm
In 2007, the virus infected millions of computers by sending spam and stealing personal data.
3rd place. Slammer
The most aggressive virus. In 2003, he destroyed data from 75 thousand computers in 10 minutes.
2nd place. Conficker
One of the most dangerous computer worms known today.
The malicious program was written in Microsoft Visual C++ and first appeared online on November 21, 2008. It attacks operating systems of the Microsoft Windows family (from Windows 2000 to Windows 7 and Windows Server 2008 R2). As of January 2009, the virus infected 12 million computers worldwide. February 12, 2009 Microsoft promised $250 thousand for information about the creators of the virus.
1 place. I LOVE YOU
When the attachment was opened, the virus sent a copy of itself to all contacts in the Windows address book, as well as to the address specified as the sender's address. It also made a number of malicious changes to the user's system. The virus was sent to mailboxes from the Philippines on the night of May 4 to May 5, 2000; the subject line of the letter contained the line “ILoveYou”, and the script “LOVE-LETTER-FOR-YOU.TXT.vbs” was attached to the letter. The ".vbs" extension was hidden by default, leading unsuspecting users to think it was a simple text file.
In total, the virus infected more than 3 million computers around the world. The estimated damage that the worm caused to the global economy is estimated at $10-15 billion, for which it was included in the Guinness Book of Records as the most destructive computer virus in the world.
The idea of creating such programs appeared back in the 50s, and the first working programs appeared in the 60s. In the early 80s, the Apple II computer became the first object of interest for the creators of such viruses as Virus 1,2,3 And Elk Cloner— the virus greeted users with a short poem. By the end of the 80s, real viral epidemics began. The year 1987 was marked by three virus attacks at once. Pakistan virus, or virus Brain, infected over 18 thousand computers in the United States. Initially, the program was supposed to punish local Pakistani “pirates,” but suddenly it spread beyond the country and infected hundreds of computers around the world. The second wave of the epidemic occurred at Lehigh University (USA): the virus destroyed the contents of several hundred floppy disks from the library of the university’s computer center and students’ personal floppy disks in a few days. The latest epidemic occurred before the New Year: the virus from the University of Jerusalem quickly spread throughout the world, although it did not cause serious harm to anyone.
One of the most famous viruses of the past (by the way, it still remains one of the most dangerous) is called "Chernobyl". The virus was created by Taiwanese university graduate Chen Yin Hau in 1997 and its effect was similar to that of a timed bomb. At first, the virus modestly hid on the disk, and at X-hour—April 26—the anniversary of the Chernobyl disaster and the birthday of its creator—the virus mercilessly deleted all content hard drive and at times even damaged the BIOS, turning the computer into a pile of metal. About 500 thousand computers fell victim to the Chernobyl virus.
Virus with a tender name I LOVE YOU began operating in the 2000s within his means Email And removable media. The virus launched a script added to the letter, disguised as a text file with a declaration of love from a girl. It managed to leak not only onto home PCs, but also onto work and even Pentagon computers. ILOVEYOU caused the main damage during deletion, as many networks and even mail servers were turned off for this purpose.
In 2004 it was published malware, who received the honorary title of one of the first “Internet Destroyers.” Giant botnet MyDoom was distributed by email, and during the first days, every tenth letter contained this virus. The virus is known for having 18 versions, the phrases “I’m just doing my job, nothing personal, sorry” and DDoS attacks on Microsoft server and SCO Group.
One of the most dangerous viruses of the present appeared in 2008. Conficker chose Microsoft Windows as the object of his action. The pest blocked access to all sites with antiviruses and operating system updates, and in 2009 managed to affect the viability of 12 million PCs around the world. Microsoft offered a reward of $250,000 for the name of the creator of Conficker.
One of the last viruses created in 2012 was found by Kaspersky Lab specialists. Computer worm Flame capable of performing a variety of malicious actions, for example, stealing and destroying confidential information and interact with other malware.
... and seasoned burglars
One of the first hackers of the computer world, John Draper, was born back in 1944 in a small town at the US Air Force Base in Silicon Valley. The nickname Captain Crunch stuck to him after the name of his corn flakes. It was in them that he found a gift - a toy whistle, with which he began his hacking career. The fact is that the whistle imitated the telephone network access signal, and Draper came up with an original way to call for free. Draper is considered the founder of the telephone phreaker movement. telephone networks, however, for promoting this idea and equipment for free calls in the 70s, he went to prison. Draper later switched to computers, developing software in the company of his friends Wozniak and Jobs - Apple.
Today John Draper is on the other side: he is part of a group of leading researchers in the field information security and heads his own company developing anti-spam systems and repelling hacker attacks.
Name Kevin Mitnick managed to become a household name: he has more than one high-profile “victory” over computer system. The school's local system was the first to be hacked in 1980. Much more serious systems followed. In 1981 (Mitnick was 17 years old) he hacked into the computer network of the North American Air Defense in Colorado. But his real “passion” was telephony. Having hacked the network of the large telephone company Pacific Bell, he copied textbooks on the communication technologies used at that time and programs for working with them. Afterwards Mitnik did what every self-respecting hacker did. Having hacked into a computer at a university in Los Angeles, Kevin used it to attack the Pentagon. The “joke” did not go well and Mitnik was sentenced to 6 months in prison.
The 80-90s were truly “dashing” years for Mitnik: a prison sentence, a course of treatment for “computer addiction”, a quiet life and then a federal wanted list, hacking of telephone companies and a new prison term. The collapse happened in 1994, when Mitnik tried to hack home computer leading American expert on computer security Tsutomu Shimomura. In 1995, he was arrested and after 23 charges were brought and damages of over $80 million were established, Mitnik ended up in prison for 4 years.
Now Kevin Mitnick is a respectable US citizen, dealing with issues network security and writes books with real stories from the life of hackers.
Editor-in-Chief of the magazine computer technologies Wired News Kevin Poulsen I also left spy games a long time ago. And once Poulsen hacked such powerful systems as those of the FBI and gained access to classified information regarding wiretapping telephone conversations. After this prank, he had to hide from FBI agents for a long time, change his addresses and even his appearance. As a result, the hacker was caught and sentenced to five years. He left prison completely law-abiding and took up journalism.
Giants such as Microsoft, NY Times, Yahoo, Citigroup, Bank of America and Cingular suffered at the hands of another hacker - Adriana Lamo. He used the Internet on every available computer, which earned him the nickname “homeless hacker.” Lamo amused himself by finding errors in the security of well-known companies, using them to hack, and then informing management about these errors. However, the intrusion into the NY Times network resulted in 6 months of house arrest, 2 years of probation and 65 thousand dollars in compensation to the injured party. Lamo is now an independent security consultant, lecturing and writing articles.
Robert Tappan Morris, an associate professor at the Massachusetts Institute of Technology, is famous for creating the world's first network worm. The first attack was successful: on November 2, 1988, the work of six thousand computers in the United States was paralyzed. In July 1989, he was charged with computer fraud - for the first time in judicial practice, and in 1990, Morris was sentenced to three years of probation, 400 hours of community service and a fine of 10 thousand dollars.
'Biggest military computer hack ever' credited to Scottish hacker Gary McKinnon. According to the indictment, McKinnon hacked computers at NASA, the National Aeronautics and Space Administration, the Department of Defense, the Army, the Navy and the US Air Force. Moreover, the hacker deleted critical files in operating system, which made it impossible for more than 2,000 computers in the Military District of Washington to be used for 24 hours, and deleted US Navy weapons logs. In turn, McKinnon denies causing damage, explaining that he was only looking for hidden materials about the existence of UFOs. McKinnon's case has been under consideration for several years and the issue of extraditing him to the United States, where he faces 70 years in prison, has not been resolved.
Loading...
