Ukraine attacked a new virus-the extortioner
June 27, around noon, there is information that has been hacking into several Ukrainian banks and government agencies. Later it became known that the strike hit “New Post”, “Ukrpochta”, “Ukrsotsbank”, “Sberbank”, “Ukrzaliznitsa”, the airport “Borispol”, “Epicenter”, “24 channel”, a number of ministries and hospitals.
At the moment, not all ATMs of some banks, branches are closed the “New mail” and “Ukrposhta” suspended flights from the airport “Borispol”. In addition to large companies and government agencies were attacked and the local utility company, the number of victims of the virus increases.
As it became known, for a failure in the systems of enterprises guilty virus ransomware that has encrypted the data and demanded a ransom in bitcoins equivalent to $300.
Under threat are the Windows computers. There are currently no messages about what was the infected computers based on other operating systems. Hacking is very similar to the one that was associated with the virus WCry. The last time it infected the Windows-based computers 7 and under.
About the virus was known in 2016. The PC takes place through the opening of incoming mails and the virus can disguise phishing emails and do not cause any suspicion. When infected, the system “crashes” and usually the user tries to reboot the computer. But this is what to do and not: after rebooting the system is completely blocked.
However, evidence that this is a virus WCry, yet. “New Mail” in your message claims that a virus called Petya.A and edition of “the League” indicates that this is a DOS/Petya.A.
Should we be afraid of virus home Windows-based PC? At the moment it is known that the distribution of phishing emails were made solely on the corporate boxes, but, according to the company ISSP, there are already cases of infection of home computers.
How to protect yourself and your computer:
- force the update of the virus database and operating system
- not open (it is better to block) incoming messages with attachments *.exe, *.js*, *.vbs from %AppData%
- if contamination has occurred – do not restart the computer!
At the level of the mail gateway – blocking message that contains active content (*.vbs, *.js, *.jse, *.exe); – level proxy – blocking loading files with active content (*.vbs, *.js, *.jse); block SMB and WMI ports (especially 135 and 445).
- Top 10 apps for iOS and Android (19 — 25 June)
- According to rumors, Samsung Galaxy Note 8 will be in late September
- Travel in the Kiev metro will soon be replenished in the terminal or online
- Tesla plans to launch its own streaming music service
- How to choose a blender: 6 main parameters
- Startup of the week from Hello: COVI — a device for smart home control