A new ransomware virus called "Wanna Cry" has infected tens of thousands of computers worldwide and continues to spread

15 May 2017
At the end of last week, information about a new cyber attack spread around the world. We are talking about the spread of the Wanna Cry virus, which has become one of the most widespread in history. According to TASS data, as a result of the attack about 200 thousand natural and legal persons in 150 countries suffered, and more than 1.3 million computers worldwide are still threatened by the new virus.Wanna Cry virus belongs to the Ransomware category, or in other words is a typical ransomware. After infecting a computer, it encrypts its data and demands a ransom for the user to regain access to it. However, unlike other malware of this type, the ransom amount will increase depending on the time that has passed since the infection. A victim will have to pay between $300 and $600 in bitcoins to gain access to their files by transferring the money to a wallet specified by the attackers. The virus made its first appearance on May 12 in Britain, where it infected hospitals in London and several other cities. Then it quickly spread to other countries. Interestingly, according to Kaspersky Lab, most of the attacks were in Russia. The attacks targeted Russia's Ministry of Internal Affairs, Emergencies Ministry, Russian Railways, Central Bank, Ministry of Health, Sberbank and Megafon, as well as the IT systems of other companies and agencies.It is reported that the new malware uses the "EternalBlue" exploit, developed and used by the US NSA. After infecting one computer, the malware infects other computers as well, exploiting a vulnerability in SMB protocol that makes it possible to launch the malicious code remotely. Curiously, a fix for the aforementioned problem has already been published by Microsoft in bulletin MS17-010 of March 14, 2017. This means that such a global spread of the virus could have been avoided by timely installation of up-to-date Windows security updates. The first major success was achieved by a British cybersecurity specialist. In his Twitter account, MalwareTechBlog, he published information that the spread of "WannaCry" had been stopped. The thing is that the virus addressed the same address on the Internet and, if there was no response, it continued the attack. Probably, this algorithm was laid down by the attackers to stop the attack at the right moment. After a specialist from MalwareTechBlog registered a domain named iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, the attacks stopped. He later added that he could now cite an accidental international cyberattack stop to his resume. True, the triumph did not last long: the attackers had already managed to improve the code and release a new version of the malware. According to a warning from Motherboard, the peak of the infection could hit today, May 15. In order to prevent your computer from being infected it is recommended to install updated Windows security updates, be careful on the Internet, especially with all kinds of mailings, and use a reliable antivirus, such as, for example, Kaspersky Anti-Virus or ESET Nod32. If infection is unavoidable, you definitely should not pay for the work of cybercriminals and buy back their keys to unlock your files. Moreover, no one can guarantee that the data will actually be unlocked or that there will be no reinfection.