In the evening of May 12, from all over the world, messages of mass infection of computers with a cryptographic program began to arrive. For the removal of the lock, the attackers demanded a ransom.
Experts, IT specialists and journalists almost immediately began to speculate about who is behind the cyberattack. So, the British media hinted at the “Russian trace”, and the ex-employee of the US National Security Agency did not rule out involvement in the occurred NSA.
What a virus
“Kaspersky Lab” recorded about 45 thousand attempts to infect the encryption program WannaCry in dozens of countries. The largest number of cyber attacks was observed in Russia, where the goal of criminals was the computers of the Ministry of Internal Affairs, Sberbank, the Ministry of Health, Megafon and several other large organizations and departments. The virus was localized, no leakage of service information occurred.
The attack occurred through a known network vulnerability Microsoft Security Bulletin MS17-010. On the screens of infected computers, an announcement appeared about the data blocking and the requirement to transfer to the attackers $ 600 in bitcoins. According to experts, WannaCry’s “extortion program” was combined with a tool of American intelligence services, known as eternal blue (“inexhaustible blue”).
In total, not less than 74 countries hit, including Britain, Italy, Turkey, Germany, Spain, Brazil, Kazakhstan, Ukraine, China, Japan and others.
In the UK, due to the actions of hackers, the work of 40 health facilities was disrupted. As a result, the work of emergency departments was disrupted, planned inspections and operations were canceled, and the ambulance, in which computers still continued to work, had to be sent to hospitals.
In Germany, according to users of social networks, the main German railway company Deutsche Bahn was attacked.
+++EIL+++ Globaler Trojaner Angriff: auch die deutsche Bahn ist betroffen. Alle Systeme wurden heruntergefahren. pic.twitter.com/x456EmFnSh
— █👁█ (@46616C7365) 12 мая 2017 г.
In Brazil, the work of several government agencies, including the social security system, was disrupted. The state oil and gas company Petrobras and the Ministry of Foreign Affairs of the country disconnected their systems as a precautionary measure. The Foreign Ministry website was unavailable throughout the day.
In Spain, telecommunications company Telefónica suffered.
Again, the “Russian”?
According to The Telegraph, the hacker group Shadow Brokers began infecting computers with a virus shortly after the US attacks on Syria, which allegedly testifies to the connection of cyber-fraudsters to Russia. There was no concrete evidence of the publication.
Former employee of the US National Security Agency Endward Snowden, in turn, said that the indirect responsibility for the attacks is carried by the NSA, whose spyware was used by hackers. According to him, “if the NSA privately disclosed the imperfections that made this attack possible, when they found them,” this could not happen.
In addition, he noted that the tools created by the Agency for attacks on US software, now threatens the lives of people in hospitals.
— Edward Snowden (@Snowden) 12 мая 2017 г.
Wikileaks accused the NSA that the viruses created in the department are linked to cyber attacks.
NOTE: The current hospital ‘ransom ware’ directly relates to computer viruses produced by the NSA. Not to WikiLeaks’ CIA #Vault7 series.
— WikiLeaks (@wikileaks) 12 мая 2017 г.
At the same time, an expert on information security of Security Monitor CJSC Taras Tatarinov in a conversation with RT noted that these cyber attacks can not be called targeted, it is rather the spread of a new type of ransomware virus. Only such professionals can create such malicious programs and it is practically impossible to track them.
“The fact that such a large number of countries is covered indicates that a team of criminals was operating, but it is not at all necessary that they attacked from one state or another, it could be an international group,” he said.
Zecurion CEO Alexei Raevsky agrees with him, who in a conversation with RT expressed the opinion that the attackers were looking for any companies with vulnerabilities in their equipment and then used them.
Microsoft engineers have already released a patch for fixing a vulnerability that could infect computers. Now the company works with clients to provide them with additional assistance.
Experts at Kaspersky Lab, in turn, recommended that users install an update from Microsoft and make sure that the network is protected.
The US Department of Homeland Security also recommended not opening unfamiliar links and files in e-mail messages, as well as making backup copies of data.
Original: “Русские” или уже АНБ? Сноуден, СМИ и эксперты прокомментировали кибератаки