The organizations of Russia and Ukraine are paralyzed by a virus-extortionist for personnel officers

The epidemic of a new virus-extortionist Petya has started on the Internet. It spreads through e-mail, hitting, first of all, the personnel departments of large organizations. Most seriously, the virus affected Ukraine, where government agencies, banks, airports, etc., suffered from malware.

NEW VIRUS-ENCRYPTION

Russian and Ukrainian companies are attacked by the virus-encryptor Petya, the Group-IB company said. The virus infects computers running Windows and encrypts their contents, demanding to transfer the ransom for a "decryption" in the amount of $ 300 in the form of beatcoins.

ATTACK THROUGH FRAMEWORK 

The attack began at about 14:00 Moscow time. The virus spreads through false ("phishing") emails. As one of the experts in the field of information security told, most often false letters are sent to the personnel departments of large organizations.

The letter allegedly contains a summary of potential applicants, which is attached as a link to Dropbox. The link instead of the resume loads an executable file, which installs malware. Next is the infection of the entire corporate network.

The head of Kaspersky Lab's Global Analysis and Threat Center, Costin Raiu, wrote on his Twitter that the new virus forged Microsoft's electronic signature. As a result, during the launch of malicious software, the user is not given a warning that this program can be dangerous.

Who suffered in Russia 

In Russia, the oil company Rosneft and its subsidiary Bashneft were attacked by the virus. In the middle of the day their sites were unavailable. Rosneft was informed that the oil production of the company was not affected, as it was transferred to the reserve management system, and appealed to the law enforcement agencies on the fact of the attack.

In Russia, problems with the virus were reported by the representative offices of Mondelez (produces chocolate Alpen Gold and Milka) and Mars, as well as HCF-Bank. This bank does not have a website; The organization announced the suspension of its operations. The network of clinics "Invitro", carrying out medical tests, reported that the virus paralyzed the work of its call-center, in connection with which the clients of the clinic are recommended to contact it through social networks. In addition, the clinic suspended the implementation of Cito's research (urgent analyzes).

"CYBER-CATASTROPHE" FOR UKRAINE 

The most serious consequences from a virus attack are observed in Ukraine. Dozens of state and commercial organizations were affected. In particular, the websites of the country's government, the Ministry of Internal Affairs, the Ministry of Health, the Ministry of Culture and several other ministries were inaccessible. Vice Prime Minister of Ukraine Pavel Rozenko said on his Facebook page that all computers in the government were infected.

In the banking sector among the "victims" of Petya are called Oschadbank, Pivdenny, PTA, Privatbank. The National Bank of Ukraine reported that the affected banks are experiencing difficulties in servicing, and informed the country's financial institutions of this threat.

In the transport sector, the airport "Boryspil" (the main airport of the country) and the Kiev subway were affected. Due to the virus, payment by bank cards does not work in the metro. The airport's website does not have an on-line scoreboard with a timetable, flights can be delayed at the airport itself.

Also, the Petya virus attacked Ukrposhta, Novyi Pochta, Ukrenergo, Kyivenergo, TNK's refueling network, Channel 24, the ATR channel, Kievvodokanal, the site of the Chernobyl nuclear power plant, the Antonov aircraft manufacturer and the Dokument state enterprise (Is engaged in registration of documents).

IN THE TRACK OF WANNACRY 

According to the head of Kaspersky Lab's anti-virus research department, Vyacheslav Zakorzhevsky, although most infections from the new cryptographic virus occur in Russia and Ukraine, there are victims in other countries. The new virus does not apply to previously known malware families.

At the same time, the Petya virus spreads on the local network in the same way as the other worm-typing virus - WannaCry, whose epidemic occurred in mid-May 2017. WannaCry also demanded a ransom for decrypting information in bitcoins. The virus operated around the world, but the greatest consequences from its activities were in Russia: the virus struck the computers of the Ministry of Internal Affairs, the Investigative Committee, the Ministry of Health, the Emergencies Ministry, Yota Megaphone and other organizations.