On May 1st and 2nd, 2017, a large-scale virus attack took place on computers running Windows OS. In Russia alone, about 30,000 computers were infected. Among the victims were not only ordinary users, but also many organizations and government agencies. According to reports from the network, the Constitutional Court of the Ministry of Internal Affairs of the Russian Federation and the Magathon network were partially infected. Also, a number of other, less well-known organizations suffered from the WannaCry attack, or as it is more often called – WCry. How the ransomware virus penetrated such protected devices is not yet known. Whether this was a consequence of an error by one of the users, or whether this is a general vulnerability of the Ministry’s network is not reported. The first information on the RuNet appeared on the Kaspersky website (in a form), where there was active discussion of the new virus.

What kind of virus is this?

After penetrating the computer, the virus unpacks, installing its own system encryption codes for user data, and in the background begins to encrypt all information on the computer with its own codes of the filename.wncry type. Here's what happens after your computer catches a virus:

• Immediately after entering the system, the virus begins to completely control the system, blocking the launch of any software, even without installation,
• Antiviruses and utilities that do not require installation, which are launched immediately after connecting the drive to the system, also do not give any result and simply do not start,
• All USB ports and drives stop functioning,
• The screen will be blocked by the Wana DecryptOr 2.0 banner, informing you that your computer is infected with a virus, all data on it is encrypted, and you need to pay the ransomware.

The owners of the virus offer the user to transfer an amount equivalent to $300 in bitcoins to their account. There is also information that if you do not pay the required amount within 3 days, the payment amount will be doubled. If payment is not received within a week, the virus will delete all user data from the computer. Judging by information from some of our users, this timing scheme is not the same for everyone, and there are devices on which the payment period for ransomware is 14 days.

How to protect yourself from the virus.

There is no need to panic; the virus is not new and cannot be protected from. This is an ordinary encryptor, the analogues of which we have already encountered several times. To avoid catching computer virus, be careful when using all software. We do not recommend updating any software, even built-in software, until it is precisely determined how the virus penetrates the system. We are inclined to believe that the virus enters the computer through vulnerabilities in some program. And vulnerabilities in programs most often appear after an unsuccessfully developed update, in which there is such a huge “hole” that allows viruses to get into the system. If you have the experience and capabilities, install a high-quality third-party firewall, and strengthen monitoring of the system and network activity for a while.

Helping the victims

On Friday, May 12, a regular client, a designer, contacted us with a laptop on which his layouts, sources, and others were stored graphic files. His computers were infected with the WannaCryptor virus. A number of “experiments” were conducted that yielded results! Here's what helped us:

• Disassembled the computer and removed HDD with data
• Connected the drive to the iMac,
• By searching through decryptors, we found several that helped extract some of the data from drive D.
• Afterwards, the customer decided to reinstall the system and delete the remaining data,
• Just in case, we made a system image on our storage device, as soon as a solution to the problem appears, we will save the remaining data.

Dear friends, if you have become a victim of this virus, please contact us, we will try to help. We carry out experiments free of charge) And here we tell you in detail how. Let's fight evil together!

On April 12, 2017, information appeared about the rapid spread of a ransomware virus called WannaCry throughout the world, which can be translated as “I want to cry.” Users have questions about updating Windows against the WannaCry virus.

The virus on the computer screen looks like this:

The bad WannaCry virus that encrypts everything

The virus encrypts all files on the computer and demands a ransom to a Bitcoin wallet in the amount of $300 or $600 to supposedly decrypt the computer. Computers in 150 countries around the world were infected, with Russia being the most affected.

Megafon, Russian Railways, the Ministry of Internal Affairs, the Ministry of Health and other companies are closely faced with this virus. Among the victims are ordinary Internet users.

Almost everyone is equal before the virus. The difference, perhaps, is that in companies the virus spreads throughout local network within an organization and instantly infects as many computers as possible.

The WannaCry virus encrypts files on computers using Windows. Microsoft released MS17-010 updates for various versions of Windows XP, Vista, 7, 8, 10 back in March 2017.

It turns out that those who are determined automatic update Windows are not at risk for the virus because they received the update in a timely manner and were able to avoid it. I don’t presume to say that this is actually the case.

Rice. 3. Message when installing update KB4012212

The KB4012212 update required a reboot of the laptop after installation, which I didn’t really like, because it’s unknown how this could end, but where should the user go? However, the reboot went fine. This means that we live peacefully until the next virus attack, and, alas, there is no doubt that such attacks will occur.

In any case, it is important to have a place to restore the operating system and your files from.

Windows 8 update from WannaCry

For laptop with licensed Windows 8 update KB 4012598 was installed, because

Facebook

Twitter

VK

Odnoklassniki

Telegram

Natural science

WannaCry ransomware virus: what to do?

A wave of a new virus has swept across the world - ransomware Wanna Cry (other names Wana Decrypt0r, Wana Decryptor, WanaCrypt0r), which encrypts documents on a computer and extorts 300-600 USD for decoding them. How can you tell if your computer is infected? What should you do to avoid becoming a victim? And what to do to recover?

Is your computer infected with the Wana Decryptor ransomware virus?

According to Jacob Krustek () from Avast, over 100 thousand computers have already been infected. 57% of them are in Russia (isn’t that a strange selectivity?). reports the registration of more than 45 thousand infections. Not only servers are infected, but also computers of ordinary people on which the operating systems Windows XP, Windows Vista, Windows 7, Windows 8 and Windows 10 are installed. All encrypted documents have the prefix WNCRY in their name.

Protection against the virus was found back in March, when Microsoft published a “patch,” but, judging by the outbreak of the epidemic, many users, including system administrators, ignored the computer security update. And what happened happened - Megafon, Russian Railways, the Ministry of Internal Affairs and other organizations are working on treating their infected computers.

Given the global scale of the epidemic, on May 12, Microsoft published a protection update for long-unsupported products – Windows XP and Windows Vista.

You can check whether your computer is infected using an antivirus utility, for example, Kaspersky or (also recommended on the Kaspersky support forum).

How to avoid becoming a victim of the Wana Decryptor ransomware virus?

The first thing you must do is close the hole. To do this, download

The new ransomware malware WannaCry (which also has a number of other names - WannaCry Decryptor, WannaCrypt, WCry and WanaCrypt0r 2.0) made itself known to the world on May 12, 2017, when files on computers in several healthcare institutions in the UK were encrypted. As it soon became clear, companies in dozens of countries found themselves in a similar situation, and Russia, Ukraine, India, and Taiwan suffered the most. According to Kaspersky Lab, on the first day of the attack alone, the virus was detected in 74 countries.

Why is WannaCry dangerous? The virus encrypts various types of files (using the .WCRY extension, making the files completely unreadable) and then demands a ransom of $600 for decryption. To speed up the money transfer procedure, the user is intimidated by the fact that in three days the ransom amount will increase, and after seven days the files will no longer be decryptable.

Computers based on operating systems are at risk of becoming infected with the WannaCry ransomware virus. Windows systems. If you are using licensed Windows versions and regularly update your system, you don’t have to worry that a virus will enter your system this way.

Users of MacOS, ChromeOS and Linux, as well as mobile operating systems iOS and Android WannaCry attacks are not something to be afraid of at all.

What to do if you are a victim of WannaCry?

The UK's National Crime Agency (NCA) recommends that small businesses who have been victims of ransomware and are concerned about the virus spreading online should take the following actions:

• Immediately isolate your computer, laptop, or tablet from your corporate/internal network. Turn off Wi-Fi.
• Change drivers.
• Without connecting to Wi-Fi networks, directly connect your computer to the Internet.
• Update your operating system and all other software.
• Update and run your antivirus software.
• Reconnect to the network.
• Monitor network traffic and/or run a virus scan to make sure the ransomware is gone.

Important!

Files encrypted by the WannaCry virus cannot be decrypted by anyone except attackers. Therefore, do not waste time and money on those “IT geniuses” who promise to save you from this headache.

Is it worth paying money to attackers?

The first questions asked by users faced with the new WannaCry ransomware virus are: how to recover files and how to remove a virus. Not finding free and effective ways decisions, they are faced with a choice: to pay money to the extortionist or not? Since users often have something to lose (personal documents and photo archives are stored on the computer), the desire to solve the problem with money really arises.

But the NCA is strongly urging Notpay money. If you do decide to do this, keep the following in mind:

• First, there is no guarantee that you will get access to your data.
• Secondly, your computer may still be infected with a virus even after payment.
• Thirdly, you will most likely simply give your money to cybercriminals.

How to protect yourself from WannaCry?

Vyacheslav Belashov, head of the information security systems implementation department at SKB Kontur, explains what actions to take to prevent infection with the virus:

The peculiarity of the WannaCry virus is that it can penetrate a system without human intervention, unlike other encryption viruses. Previously, for the virus to operate, it was necessary for the user to be inattentive - to follow a dubious link from an email that was not actually intended for him, or to download a malicious attachment. In the case of WannaCry, a vulnerability that exists directly in the operating system itself is exploited. Therefore, Windows-based computers that did not install the March 14, 2017 updates were primarily at risk. One infected workstation on the local network is enough for the virus to spread to others with existing vulnerabilities.

Users affected by the virus naturally have one main question: how to decrypt their information? Unfortunately, there is no guaranteed solution yet and it is unlikely to be foreseen. Even after paying the specified amount, the problem is not solved. In addition, the situation can be aggravated by the fact that a person, in the hope of recovering his data, risks using supposedly “free” decryptors, which in reality are also malicious files. Therefore, the main advice that can be given is to be careful and do everything possible to avoid such a situation.

What exactly can and should be done at the moment:

1. Install the latest updates.

This applies not only to operating systems, but also to antivirus protection tools. Information on Windows update can be found out .

2. Make backup copies of important information.

3. Be careful when working with mail and the Internet.

You need to pay attention to incoming emails with dubious links and attachments. To work with the Internet, it is recommended to use plugins that allow you to get rid of unnecessary advertising and links to potentially malicious sources.