Director of MegaFon Relations Peter Lidov said "Kommersant" that the company's metropolitan office has undergone a hacker attack. "Computers failed - the lock screen appeared on them, where they asked $ 300 for unlocking," he told. Then came information that the same thing happened from Telefonica and Vodafone operators in Spain.
According to Peter Lidov, specialists had to turn off the network at some stage so that the virus did not apply further. "A number of regions hurt, the rest preventively had to temporarily disable. It affected retail and subscriber support services, because operators naturally use a PC to access the base. Call centers repaired. This did not affect communication and personal accounts, "Mr. Lidov said.
As the researcher from Digital Security, Boris Ryutin, said MalwareHunteTeam experts and other independent researchers agree that it is a malicious program such as Ransomware, that is, a virus extortionist. "The danger of infection is that depending on the implementation, the user files may be irretrievably lost," it clarified.
"We see an attack, and the virus is very complex," said "Kommersant" in the company Solar Security. - At the moment we are developing recommendations on countermeasures. " "The virus is very complex, and so far it is impossible to exclude that it is something more dangerous than a simple encrypter. It is already obvious that its spreading speed is unprecedentedly high, "added to the company.
The Microsoft representative of Christina Davydova told "Kommersant" that experts added detection and protection against a new malicious program known as Ransom: Win32.wannacrypt. "In March, we also presented additional protection against malicious for a similar nature along with a security update, which prevents the spread of malicious software on the network," she said.
Moscow, May 19 - Prime, Natalia Karna.On Friday, subscribers of the cellular operator MegaFon have encountered problems with communication in a number of regions. The company clarified that voice communications problems are observed in Moscow and several other cities, "reducing the success of the dialing" is 30%. At the same time, the mobile Internet is working as usual, calls are possible through messengers. Recovery work The operator plans to complete in the coming hours.
Following the "MegaFon" about the problems in its networks, the Beeline and Yota operators were informed. Later, "Beeline" reported that the problems were only with one station, and they were already eliminated. MTS and Tele2 networks at the time of writing the article worked in normal mode.
The speculation is still more than information about the real development of events - perhaps the most clear picture is now in those who are inside the company, arguing the general director of the Telecom Daily Agency Denis Kuskov. "It can only be stated that the problems are not in the hardware of base stations. If some channel fails, it can be replaced with backup equipment. It seems that we are talking about a program failure - this indicates that problems are fixed in different regions. "He noted in a conversation with the Agency" Prime ".
According to the expert, the causes of such a failure can be both internal and external - exposure from the outside or viral attack. "The hackers climbed even in the Pentagon, what to talk about the operator's network, which is certainly protected not so good. From this, no one is insured, especially in our time when the world becomes everything defects in front of computer attacks," he noted.
Trail Wanna Cry.
The message "MegaFon" states that the network failure is not associated with Wannacry viral attack, the accident occurred on one of the elements of the network equipment. At the same time, a large-scale cyberatak with a malicious program worldwide touched on the MEGAFON network on May 15. Then the company reported that she completed the elimination of the consequences of a viral attack.
"We have already seen that during the day in a number of regions did not work the system of issuing driver's license. No one excludes that she could hit the virus. Such attacks usually go fan, and can give or not to give a result depending on how it was configured Wave of the virus, "- notes in this connection pieces.
Attackers use Wannacry to encrypt files to extort money for recovering encrypted data. Earlier, the director of Europol Rob Wainwright stated that large-scale cyberatak around the world was raised by more than 200 thousand users in 150 countries. Avast Anti-Virus Developers reported on 57 thousand hacker attacks using the WanacryPT0R 2.0 virus. According to the company, primarily the virus is distributed in Russia, in Ukraine and Taiwan. The Kaspersky Lab reported on 45 thousand attempts by hacker attacks in 74 countries around the world on Friday, the greatest number of attempts to infections were observed in Russia.
On Friday, the press service of the Bank of Russia reported on identifying isolated cases of compromising credit institutions using Wannacry virus, the consequences of which managed to quickly eliminate. The Bank of Russia in April sent information about the methods of identifying the "encrypter" type sent by mail and counteracting him. In particular, banks received recommendations for installing security update packages for Windows that are able to resist Wannacry virus.
Without significant consequences
Social and strategic facilities were not affected by MegaFon's problems, although it was originally information that a federal antimonopoly service had originally appeared. Later it became known that the failure occurred due to the disconnection of electricity in the building of the departments and is not related to the problems of MegaFon. These services were not affected.
MegaFon malfunctions did not affect the management and communication system of the Ministry of Emergency Situations of the Russian Federation. The departmental digital communication network and management with the integration of various services is maintained steadily in normal mode, reported in the department. According to the representative of the Ministry of Emergency Situations, in parallel with the main system in the regular mode, the backup management and communication systems are also working. Thus, the problems in the MegaFon network did not affect the performance and operation of the ministry. "The inconvenience felt only the Ministry of Emergency Situations, which are subscribers of the cellular network" MegaFon ", concluded in the Ministry of Emergency Situations.
As for the possible consequences for strategic facilities, while it is safe to assume that one of the employees of the Ministry of Defense remained without cellular communications, agree to pieces. As for the secret objects themselves, there are other communication and data protection options, and it is unlikely that problems with cellular communications will be critical. However, in the future, no one will be able to give 100- and even a 50 percent guarantee that the next breakdown will be limited only to cellular communications and will not affect social objects like a pension fund, he added.
There was no such thing in the history of the domestic telecoma!Today, in the entire European part of Russia, there were huge problems with the connection with MegaFon subscribers. Among the victims - and your humble servant. SMS came through one, Internet CHRAND per hour on a teaspoon, most of the calls went to nowhere.
But what's the unique? Well, there are interruptions ...
No, this time the situation is fundamentally new. The fact is that - now it is already possible to speak confidently - the result of interruptions were not technical malfunctions, but an attack on one of the largest cellular operators in Russia. Planned attack, clearly thought out, coordinated.
Today, two HLR-nodes of MegaFon were faced at the same time (this, expressing simply, the database of network subscribers) - Moscow (Central) and Rostov (responsible for the entire south of the European part of Russia). The network has ceased to "see" numbers and identify them with specific SIM cards. Now the megaphone techniques tell about the "technical malfunctions", but this is a unconvincing lie - the simultaneous breakdown of two most important infrastructure elements is comparable at the Roulette razaetka at once.
Much more likely another explanation - what happened was the result of a hacker attack, similar to DDOS in the case of Internet sites - a huge number of requests, at times exceeding the power of the nodes.
There is such an attack of a lot of money, so you wanted to annoy MegaFon, someone very powerful (let's say, other cellular operators would not go to this). Who is this, and for what "punishes" in any non-clear subscribers? Or is it not about them? And why is it denying in the Megaphone itself?
Most of the Internet users are similar to aquarium fish - there are no news in their memory for longer than a day. Let's not be fish and remember what events shaved infopol lately? Oh yeah, Alisher Usmanov, offended by slander at his address, sued Alexei Navalny and turned to him with an open video image, already melted bloggers for quotes ("from us two criminals you!" And "Ugh on You", for example).
And now just think - on Thursday, Usmanov publicly throws a glove in the face of Navalny. And on Friday there is an unprecedented attack on a megaphone ... which actually belongs just Usmanov. A person who opened openly against the "Pet of America", the owner of the State Department of Navalny. Such coincidences are even less likely - this can be compared with the fact that after 30 "Zero" in a row, the ball suddenly took off and hung in the air over the tape measure.
Yes, as Holmes said, if we throw everything impossible, it will remain the only right impact - whatever incredible it seemed. The overseas friends Alexey had a motive, and the opportunity to attack the Usmanov's business! We can already confidently say that today's connection interruptions were "revenge" for the fact that Usmanov arrived at the wall of the popular opposition policy. The interests of ordinary Russians for the forces behind bulk are insignificant.
Megaphone techniques, of course, will continue to talk about technical problems - after all, from the point of view of business, there is nothing good that people find out that the attack is being held against the assets of Usmanov from such a serious enemy. And yes, Usmanov Pride - he will not allow himself to admit that his staff could not beat this attack. But the facts, alas, say this is about it.
I think this is not the end. I would venture to assume that there will be problems and other structures associated with Usmanov - for example, the London Arsenal, leading the struggle for a place in the Champions League, success is now clearly not shine.
Interesting, however, what will be the answer to Usmanov. I do not think that he will give reverse. He is proud man and will not give in pressure. Rather, on the contrary - now the Navalny will have even big problems.
- 12 May 2017, 19:43 Computer systems of the Ministry of Internal Affairs and MegaFon have undergone viral attack
The inner computer system of the Ministry of Internal Affairs of Russia struck the virus, transfers "Varlamov.ru" with reference to several sources familiar with the situation.
The "media" source in the Ministry of Internal Affairs confirmed the fact of infection of departmental computers. According to him, we are talking about management in several regions.
Earlier, information about the possible infection of the virus appeared on the "Picaba" website and the Kaspersky Forum. According to some users, it's about the virus WCry. (also known as Wannacry. or Wannacryptor) - It encrypts the user files, changes their expansion and requires a special decrypt for bitcoins; Otherwise, the files will be deleted.
According to users on the Kaspersky Forum, the virus first appeared in February 2017, but "was updated and now looks different than previous versions."
In the press service of Kaspersky, they could not quickly comment on the incident, but promised to release a statement in the near future.
Company member Avast. Yakub Crawsec reported On Twitter, which is infected at least 36 thousand computers in Russia, in Ukraine and in Taiwan.
The site of Varlamov notes that information also appeared on infecting computers in public hospitals in several regions of Great Britain and the attack on the Spanish telecommunications company Telefonica.. In both cases, the virus also asks for payment.
The company noted that in March, additional protection against such viruses was already presented in the update.
"Users of our free antivirus and updated version of Windows are protected. We work with users to provide additional assistance, "added to the company.
Previously, the Kaspersky Lab "MediaZone" that Wannacrypt's virus uses Windows network vulnerability, closed Microsoft specialists in March.
MVD confirmed hacker attacks on their computers
The Ministry of Internal Affairs confirmed hacker attacks on their computers, reports RIA Novosti.
According to the press secretary of the Ministry of Internal Affairs Irina Wolf, the Department of Information Technologies, the Communications and Protection of Information of the Ministry recorded the viral attack on the MVD computers with the Windows operating system.
"Thanks to the timely adopted measures, about thousands of infected computers were blocked, which is less than 1%," said the Wolf, adding that the MIA server resources were not infected because they work on other operating systems.
"At the moment, the virus is localized, technical work is carried out on its destruction and updating of anti-virus protection tools," said the press secretary of the ministry.
On the Bitcoin wallets of hackers, distributed Wannacry virus, transferred more than six thousand dollars
Wannacry Virus Wannacry Virus transferred at least 3.5 Bitcoin, writes "Medusa". According to the course of 1740 dollars for one Bitcoin at 22:00 Moscow time, this amount is $ 6090.
The conclusion of the "Medusa" came on the basis of the history of transactions on the Bitcoin wallets, which the virus demanded to list the money. The address of the wallets were published in the report "Kaspersky Lab".
On three wallets spent 20 transactions for May 12. Basically, they were translated from 0.16-0.17 Bitcoin, which equals approximately 300 dollars. Such a sum of hackers demanded to pay in the pop-up window on infected computers.
Avast. counted 75 thousand attacks in 99 countries
IT company Avast. reported that the virus Wanacrypt0r. 2.0 infected 75 thousand computers in 99 countries, reported on the organization's website.
Mainly infected computers in Russia, in Ukraine and in Taiwan.
13 hours ago, a record about the transfer of bitcoins hackers in a total amount of 26 thousand US dollars has appeared on the blogging specialist in the field of Computer Security of Bryan Krebs.
Europol: 200 thousand computers in 150 countries have undergone viral attack
Infection with virus Wannacry. For three days, more than 200 thousand computers have undergone in 150 states, said in an interview to the British TV channel ITV. Director of the European Police Service Europol Rob Wainwright. His words quotes Sky News..
"The spread of the virus in the world is unprecedented. According to the latest estimates, we are talking about 200 thousand victims of at least 150 countries, and among these victims of the enterprise, including large corporations, "said Wainwright.
He suggested that the number of infected computers would most likely grow significantly when people return to work to their computers on Monday. At the same time, Wainwright noted that while people translated "amazingly little" money to dissectors of the virus.
In China, the virus attacked computers 29 thousand institutions
Virus Wannacry. Attack computers more than 29 thousand institutions, the score of the affected computers is on hundreds of thousands, leads the Agency "Xinhua" Data Center for Computer Threats Qihoo 360..
According to researchers, computers were attacked in more than 4,340 universities and other educational institutions. Also, the infection was noted on computers of railway stations, postal organizations, hospitals, shopping centers and government agencies.
"For us, no significant damage was not, for our institutions - nor for banking, nor for the health system, nor for others," he said.
"With regard to the source of these threats, then, in my opinion, Microsoft's management stated directly about this, they said that the primary source of this virus are the United States special services, Russia here is not at all. I am strange to hear something else in these conditions, "the president added.
Putin also called on to discuss the problem of cybersecurity "at a serious political level" with other countries. He stressed that it is necessary to "develop a system of protection against such manifestations."
Virusa Wannacry. There were clones
Virusa Wannacry.two modifications appeared, write "Vedomosti" with reference to the Kaspersky Lab. The company believes that both clones have created not the authors of the original extortion virus, but other hackers who are trying to take advantage of the situation.
The first modification of the virus began to spread in the morning of May 14. The Kaspersky Lab found three infected computers in Russia and Brazil. The second clone learned to bypass a piece of code, with the help of which stopped the first wave of infections, noted in the company.
About clones of the virus also writes Bloomberg.. Founder of the company Comae technologies.Having been engaged in cybersecurity, Matt Suish told that about 10 thousand computers were infected with the second modification of the virus.
According to the "Kaspersky Lab", today it was infected six times less computers than on Friday, May 12.
Virus Wannacry. Could create the North Korean group of hackers Lazarus.
Virus extortioner Wannacry. The hackers from the North Korean group of Lazarus could have been reported on the specialized site of the Kaspersky Lab.
Specialists of the company drew attention to the tweet of analyst Google Neil Meht. As concluded in the Kaspersky Lab, the message indicates similarity between the two samples - they have a common code. Cryptographic sample Wannacry. From February 2017 and sample group Lazarus. From February 2015.
"The detective is twisted all the strongest and now one and the same code found in # Wannacry. and in the Trojans from Lazarus.», -
The information security researcher under the nickname W0RM announced that they successfully conducted a hacker attack on the Russian mobile operator MegaFon. According to Hacker, they have access to the file system of several operator sites. In addition, the burglary was at the disposal of the company's official data.
According to Hacker, he had the opportunity to get access to the data of the "MegaFon" customers, but he did not do this, guided by ethical considerations. A hacker as a proof presents several screenshots, which show the file structure of one of the hacked sites and the domain name control panel MegaFon.Mobi.
The hacker claims that it has changed the password to enter his personal account. During the change of password, it turned out that the password consists of only 6 digits, and you can change only on the same six-digit digital password. Thus, a password consisting of 6 digits can be quite easily selected in the absence of blocking mechanisms from Brut-Fors. The role of such a mechanism on the MegaFon website performs Captich.
This defense was overcome using an outdated yandex widget, in which it is not necessary to introduce a capp. As the cracker said, enough 20-30 minutes for, picking up the password, access an arbitrary personal account on the subscriber's telephone number and explore the details of calls, SMS, FULL NAME and payments.
Such major success prompted Hacker to audit some other domains that belong to the company. As a result, he was able to receive an archive with a backup of the Jira project management system from the beginning of 2015. Taking advantage of the credentials of MegaFon employees, which were held in the archive, the hacker was access to corporate mail and some official resources.
Representatives of MegaFon declare that there were no facts of successful penetration into the system. Now the company carries out additional checks on the facts of messages on social networks.
In May of the current year, W0RM has already spent a successful attack on the entertainment site "Ask.ru". Then the researcher in shared access was posted a archive with passwords of users of the service. Before that, he carried out successful attacks of foreign media sites, such as The Wall Street Journal and Vice.
UPD (05/15/2017):MegaFon has become a victim of a new incident associated with information security. The Russian cellular operator, along with dozens of companies and organizations around the world, was the victim of the Wannacry encrypter activity..
Details can be found in the new from securenews.
