Modern technologies allow hackers to constantly improve the methods of fraud in relation to ordinary users. As a rule, for these purposes, viral software is used, penetrating the computer. Encrypting viruses are particularly dangerous. The threat is that the virus spreads very quickly, encrypting files (the user is simply not able to open a single document). And if it is quite simple, then much more difficult to decrypt data.
What to do if the virus encrypted the files on the computer
Each, even users who have a powerful antivirus software are insured by attacking an encrypter. Troyans file encryptionors are represented by various code, which may not be under the antivirus. Hackers even manage to attack a large company that did not take care of the necessary protection of their information. So, "picing" in online the program encrypter, it is necessary to take a number of measures.
The main signs of infection - the slow work of the computer and changing the names of documents (you can notice on the desktop).
- Restart the computer to interrupt encryption. When you turn on, do not confirm the launch of unknown programs.
- Run the antivirus if it has not been attacked an encrypter.
- Copies will help restore information in some cases. To find them, open the "Properties" of the encrypted document. This method works with encrypted Vault expansion data, which is information on the portal.
- Download the utility of the latest version to combat viruses-encrypters. The most effective offers Kaspersky Lab.
Encrybers Viruses in 2016: Examples
When dealing with any viral attack, it is important to understand that the code is very often changing, supplemented with the new protection against antiviruses. Of course, protection programs need some time as the developer does not update the base. We have selected the most dangerous viruses-encrypters of recent times.
ISHTAR RANSOMWARE
IShtar - encryptionman extorting money from the user. The virus was seen in the fall of 2016, infected with a huge number of users of users from Russia and a number of other countries. It applies with the help of email distribution, in which nested documents are coming (installers, documents, etc.). ISHTAR infected with encrypperer is obtained in the name of the "ISHTAR" console. The process creates a test document in which it is indicated where to seek the password. The attackers require from 3,000 to 15,000 rubles for it.
The danger of the iShtar virus is that today there is no decryptor who would help users. Companies engaged in the creation of anti-virus software, it is necessary to decipher the entire code. Now you can only isolate important information (if they are of particular importance) to a separate medium, waiting for the output of the utility capable of deciphering the documents. It is recommended to reinstall the operating system.
Neitrino.
Neitrino encrypter appeared on the public spaces in 2015. On the principle of attacks similar to other viruses of this category. Changes the names of folders and files by adding "Neitrino" or "Neutrino". Decifractions The virus is with difficulty - not all representatives of antivirus companies are taken for this, referring to a very complex code. Some users can help restore the shadow copy. To do this, right-click on the encrypted document, go to Properties, the Previous Version tab, click Restore. It will not be superfluous to use the free utility from the Kaspersky Lab.
Wallet or .wallet.
Wallet virus appeared at the end of 2016. In the process of infection, changes the name of the data to the "name..wallet" or similar. Like most encrypter viruses, enters the system through attachments in emails that are sent by intruders. Since the threat appeared quite recently, the antivirus programs do not notice it. After the encryption creates a document in which the fraudster indicates the mail to communicate. Currently, anti-virus software developers are working on deciphering the encrypter virus code [Email Protected] Attack users can only wait. If the data is important, it is recommended to save them to an external drive, clearing the system.
Enigma.
Enigma virus encryption began infecting computers of Russian users at the end of April 2016. The AES-RSA encryption model is used, which is found in most extortionable viruses. The virus enters the computer with the help of a script that the user itself starts by opening the files from a suspicious email. There is still no universal tool to combat Enigma encryption. Users licensed to antivirus can ask for help on the official website of the developer. Also found a small "loophole" - Windows UAC. If the user clicks "No" in the window, which appears in the process of infection with the virus, it will be able to subsequently restore information using shadow copies.
Granit.
The new Virus-encrypter Granit appeared in the autumn of 2016. Infection occurs on the following script: the user starts a installer that infects and encrypts all the data on the PC, as well as connected drives. Fight with the virus is difficult. To delete, you can use special utilities from Kaspersky, but it has not been able to decipher the code. Perhaps it will help the restoration of previous data versions. In addition, a specialist who has a lot of experience can decipher, but the service is expensive.
Tyson.
It was recently seen. It is an extension of the already known encrypter No_more_ransom, which you can learn about our site. Enters personal computers from email. A lot of corporate PC has been attacked. The virus creates a text document with instructions for unlocking, offering to pay "ransom". Tyson encrypter appeared recently, so there is no key to unlock yet. The only way to restore information is to return the previous versions if they are not deleted by the virus. You can, of course, take a chance, transferring money to the score specified by attackers, but there is no guarantee that you will receive a password.
SPORA.
In early 2017, a number of users became a victim of the new SPORA encrypter. According to the principle of operation, it is not very different from his fellow, but it boasts more professional performance: the instruction on getting a password is better compiled, the website looks more beautiful. A virus encryption screen SPORA in C, uses a combination of RSA and AES to encrypt the victim data. The attack was usually computers on which the 1C accounting program is actively used. The virus, hiding under the guise of a simple account in format.pdf, forces employees of companies to run it. Treatment has not yet been found.
1c.Drop.1
This virus encryption is for 1C appeared in the summer of 2016, violating the work of many accounting. Designed was designed specifically for computers using 1C software. Finding through the file in an email to the PC, offers the owner to update the program. Whatever the user clicked the virus, the virus will start encryption. Experts "Dr.Web" work on the decryption tools, but have not yet been found. Similar to that complex code that can be in several modifications. Protecting from 1C.DROP.1 is only the vigilance of users and regular archiving of important documents.
dA_VINCI_CODE.
New encrypter with an unusual name. A virus appeared in the spring of 2016. The predecessors are characterized by improved code and resistant encryption mode. DA_VINCI_Code infects a computer thanks to the executive application (attached, as a rule, to an email), which the user starts independently. Da Vinci Code encrypter (DA VINCI Code) copies the body to the system directory and the registry, providing automatic start when Windows is turned on. A unique ID is assigned to the computer of each victim (helps to get a password). It is almost impossible to decipher the data. You can pay money to intruders, but no one guarantees the password.
[Email Protected] / [Email Protected]
Two email addresses, which were often accompanied by encrypting viruses in 2016. It is they who serve to communicate the victim with an attacker. Addresses to the most different types of viruses are attached: da_vinci_code, no_more_ransom and so on. It is extremely recommended to communicate, as well as transfer money to fraudsters. Users in most cases remain without passwords. Thus, showing that the encrypters of intruders work, bringing income.
Breaking Bad.
It appeared in early 2015, but actively spread only in a year. The principle of infection is identical to other encrypters: installation of a file from an email, data encryption. Ordinary antiviruses, as a rule, do not notice the Breaking Bad virus. Some code cannot bypass Windows UAC, so the user has the opportunity to restore previous versions of documents. The decryptor has not yet introduced a single company developing antivirus software.
Xtbl
Very common encryptionman, which delivered trouble to many users. Finding on the PC, the virus in a matter of minutes changes the extension of the files by NTBL. A document is created in which the attacker extorts money. Some varieties of the XTBL virus cannot destroy the files to restore the system, which allows you to return important documents. The virus itself can be removed by many programs, but it is very difficult to decipher the documents. If it is the owner of a licensed antivirus, use technical support by attaching samples of infected data.
Kukaracha.
Cacaracha encrypter was seen in December 2016. The virus with an interesting name hides user files with the RSA-2048 algorithm, which is characterized by high resistance. Kaspersky anti-virus designated it as Trojan-ransom.win32.scatter.lb. Kukaracha can be removed from the computer so that the infection is not subject to other documents. However, infected today is almost impossible to decipher (a very powerful algorithm).
How does a virus encrypter work
There is a huge number of encrypters, but they all work according to a similar principle.
- Entering a personal computer. As a rule, thanks to the attached file to an email. Installation Includes the user itself by opening the document.
- File infection. Envically all types of file types are subjected to encryption (depending on the virus). A text document is created in which contacts are indicated to communicate with intruders.
- Everything. The user cannot get access to any document.
Fighting means of popular laboratories
The widespread encryption holders who are recognized as the most dangerous threats for user data has become an impetus for many antivirus laboratories. Each popular company provides its users with programs to help fight encrypters. In addition, many of them help decipher document protection documents.
Kaspersky and encrybers viruses
One of the most famous anti-virus laboratories of Russia and the world offers today the most effective means to combat extortionable viruses. The first barrier for the encryption virus will be Kaspersky Endpoint Security 10 with the latest updates. Antivirus simply will not miss a threat to the computer (though, new versions may not stop). To decrypt information, the developer directly presents several free utilities:, XoristDecryptor, RakhniDecryptor and Ransomware Decryptor. They help to find a virus and pick up the password.
Dr. Web and encrypters
This laboratory recommends using their anti-virus program, the main feature of which has been reserved files. Storage with copies of documents, in addition, protected from unauthorized access of attackers. Owners of the Licensed Product Dr. The Web is available for assistance in technical support. True, experienced professionals can not always withstand this type of threats.
ESET NOD 32 and encrypters
At the same time, this company did not remain, providing its users with good protection against penetration of viruses to a computer. In addition, the laboratory recently released a free utility with relevant databases - ESET Crysis Decryptor. Developers declare that it will help in the struggle, even with the newest encrypters.
The new wave of attacks of the encryptionist virus attacks rolled the world, among the affected Russian media and Ukrainian companies. In Russia, Interfax suffered from the virus, but the attack touched only part of the agency, since its IT services managed to disable part of a critical infrastructure, the Russian company Group-IB said. They called the Badrabbit virus.
On an unprecedented viral attack on Interfax on its page on Facebook, Yuri Pogorellov's deputy director was informed. Two interfax officers confirmed "Vedomosti" to disable computers. According to one of them, a visually blocked screen is similar to the result of the actions of the famous Petya virus. The virus attacked by Interfax warns that it is not necessary to try to independently decipher the files, and requires to pay a redemption of 0.05 bitcoine ($ 285 for yesterday's course), which invites you to a special site on the TOR network. The virus encrypted the virus assigned a personal identification code.
In addition to the Interfax, two more Russian media suffered from the encrypper virus, one of which is the Petersburg edition of the Fontanka, knows Group IB.
The chief editor of the Fontanka, Alexander Gorshkov, told "Vedomosti" that the "Fontanka" servers were attacked by unknown attackers. But the pots assures that the attack of the encrypter virus on the "fountain" speech does not go: the computers of the editorial staff function, the server was hacked, which was responsible for the work of the site.
Interfax divisions in the UK, Azerbaijan, Belarus and Ukraine, as well as the site "Interfax-Religion" continue to work, told "Vedomosti" regrowling. It is not clear for what reason damage did not touch other units, perhaps this is due to the interfax network topology, with where the servers where the servers are territorially, and with the operating system that is installed on them, he says.
Ukrainian Interfax during the day Tuesday reported a hacker attack at Odessa International Airport. The airport on its page apologized to the passengers "for the forced increase in service time", but judging by his online scoreboard, on Tuesday he still continued to send and accept airplanes.
More about Kiberatka, the Metropolitan Metropolitan of Kiev was told in his Facebook-Account - there were problems with paying for bank cards. The FRONT News Edition reported that the metro was attacked by a virus-encrypter.
GROUP-IB concludes a new epidemic. In recent months, there are already two waves of attacks of encrypters viruses in the world: the Wannacry virus appeared on May 12, and on June 27 - the Petya virus (it is notpetya and expetr). They penetrated computers with the Windows operating system, where updates were not installed, encrypted the contents of hard drives and demanded $ 300 for decoding. As it turned out later, Petya did not think to decrypt the computers of the victims. The first attack touched up hundreds of thousands of computers in more than 150 countries, the second - 12,500 computers in 65 countries. The victims of attacks were the Russian " Megaphone », Evraz. , « Gazprom "And" Rosneft " Almost the virus suffered invitro medical centers, which did not take analyzes in patients for several days.
Petya was able to collect only $ 18,000 for almost a month and a half. But damage caused incomparable. One of his victims is the Danish logistic giant Moller-Maersk assessed the disappeared revenue from cyberatics at $ 200-300 million.
Among the divisions of Moller-Maersk, the main blow came on Maersk Line engaged in sea transportation of containers (in 2016 Maersk Line earned a total of $ 20.7 billion, 31,900 people operate in the division).
Business quickly came to my senses after the attack, but the company and regulators remained on guard. So, in August, the directors of their branches were warned by the directors of its branches, the Federal Networking Company of the EEC (manages the All-Russian Electric Network), and a few days later, Russian banks received a similar warning from FINCERT (the structure of the CBB CBBC).
The new attack of the encryptionist virus noted the "Kaspersky Lab", according to the observations of which most attack victims are located in Russia, but there are infection and in Ukraine, in Turkey and Germany. All signs indicate that this is a focused attack on corporate networks, the head of the Kaspersky Lab Anti-virus study is confident, Vyacheslav Zakorzhevsky: Methods similar to Expetr tools are used, but no connection with this virus is not traced.
And according to Eset anti-virus company, the encrypter is still a relative of Petya. The attack uses a malicious program diskcoder.d - this is a new modification of the encoder.
Pullery reported that the Symantec anti-virus was installed on Interfax computers. Representatives of Symntec yesterday did not respond to the request of the "Vedomosti".
On April 12, 2017, information about the rapid spread around the world of the virus-encryption officer called Wannacry, which can be translated as "I want to cry." Users have questions about Windows update from Wannacry virus.
The virus on the computer screen looks like this:
Bad virus Wannacry that all encrypts
The virus encrypts all files on the computer and requires a redemption on Bitcoin's wallet in the amount of $ 300 or $ 600 for allegedly deciphering the computer. Computers in 150 countries of the world were infected with infection, the most affected - Russia.
MegaFon, Russian Railways, Ministry of Internal Affairs, Ministry of Health and other companies came closely with this virus. Among the victims there are simple Internet users.
Before the virus is almost all equal. The difference is perhaps that in companies the virus applies across the entire local network inside the organization and instantly infects the maximum possible number of computers.
Wannacry virus encrypts files on computers using Windows. In Microsoft, in March 2017, MS17-010 updates were released for various versions of Windows XP, Vista, 7, 8, 10.
It turns out that those who are configured to automatically update Windows are outside the risk zone for the virus, for the update was received in a timely manner and could avoid it. I do not assume that it really is.
Fig. 3. Message when installing the update KB4012212
Update KB4012212 After installation required the restart of the laptop, which I did not really like it, for it is unknown than it can end, but where to go to the user? However, the reboot went fine. So we live quietly until the next viral attack, and that such attacks will be doubted, alas, do not have to.
In any case, it is important to have to come from where to restore the operating system and its files.
Windows 8 update from Wannacry
For a laptop with licensed windows 8, an update was installed KB 4012598, for
Wannacry, Petya, Mischa and other extortion viruses will not threaten you if you adhere to simple recommendations for preventing PC infection!
Last week, the entire Internet stipped the news about the new virus-encrypter. He provoked a much larger-scale epidemic in many countries of the world than the notorious Wannacry, whose wave fell on May of this year. Names have a new virus: Petya.a, EXPETR, notPety, Goldeneye, Trojan.ransom.Petya, Petrwrap, DiskCoder.c, however, most often he appears just like Petya.
This week the attacks continue. Even in our office, a letter came, slyly disguised for some kind of mythical update of software! Fortunately, no one thought of opening the filed archive :) Therefore, I would like to devote today to the question of how to protect my computer from extortion viruses and not become a victim of Petya or some more encrypter.
What do extortion viruses do?
The first extortion viruses appeared approximately in the early 2000s. Many who in these years enjoyed the Internet, probably remember Trojan.Winlock. It blocked the boot of the computer and to get the unlock code requested to list a certain amount on the WebMoney wallet or on a mobile phone:
The first Windows blockers were very harmless. Their window with the text about the need to list the funds at the beginning could simply "nail" through the task manager. Then there were more complex versions of Trojan, which made edits at the registry level and even MBR. But it was possible to "cure", if you know what to do.
Modern extortionable viruses have become very dangerous. They not only block the operation of the system, but also encrypt the contents of the hard disk (including the main boot record of the MBR). For unlocking the system and decrypting files, attackers are now charged in Bitcoin "ah, an equivalent amount from 200 to 1000 US dollars! And even if you list the agreed funds on the specified wallet, then this will not give warranty that hackers will send you a unlock key .
An important point is that today there are practically no working ways to get rid of the virus and get back their files. Therefore, in my opinion, it is better not initially to come across all sorts of tricks and more or less reliably protect your computer from potential attacks.
How not to become a victim of the virus
Encipher viruses usually apply to two ways. The first exploits various windows technical vulnerabilities. For example, Wannacry used EternalBlue exploit, which allowed access to a computer using the SMB protocol. A new Petya encryption can penetrate the system through open TCP ports 1024-1035, 135 and 445. A more common way of infection is phishing. Simply put, users themselves infect PCs, opening the malicious files sent by mail!
Technical Protection against Encrybers Viruses
Although direct infection of viruses and not so frequent, but they happen. Therefore, it is better to eliminate already known potential security bars. First, you need to update the antivirus or install it (for example, it copes well with the recognition of encrypter viruses free 360 \u200b\u200bTotal Security). Secondly, you must install the latest Windows updates.
So to eliminate the potentially dangerous bug in the SMB Microsoft protocol released extraordinary updates for all systems, starting with Windows XP. You can download them for your version of the OS.
To protect against Petya, it is recommended to close the ports on the ports on the computer. To do this, the easiest way to use regular firewall. Open it in the control panel and select the section in the sidebar "Extra options". Filtering Rules Management Window opens. Choose "Rules for incoming connections" and on the right side click "Create Rule". A special master in which you need to make a rule "For Port", then choose the option "Defined Local Ports" and prescribe the following: 1024-1035, 135, 445 :
After adding the port list, install the option on the next screen. "Block connection" For all profiles and set the name (description optional) for the new rule. If you believe the recommendations on the Internet, it will not give the virus to download the files you need even if it gets to your computer.
In addition, if you are from Ukraine and used accounting on me.doc, you could install updates that contained backdors. These backdors were used for large-scale computers with Petya.a virus. Of the analyzed today, you know at least three updates with security vulnerabilities:
- 01/10/175-10.01.176 of April 14;
- 01/10/180-10.01.181 of May 15;
- 01/10/188-10.01.189 of June 22.
If you installed these updates, then you are in the risk group!
Protection from Phishing
As already mentioned, in most infections guilty, nevertheless, the human factor. Hackers and spammers launched a large-scale phishing campaign worldwide. In its framework, email emails were sent out of official organizations with various investments, which were issued for accounts, updates for or other "important" data. It was enough to open a disguised malicious file, as it installed the virus on the computer, which encrypts all the data!
How to distinguish a phishing letter from real. This is very easy if you follow common sense and the following recommendations:
- From whom the letter? First of all, pay attention to the sender. Hackers can sign a letter, at least the name of your grandmother! However, there is an important point. Email "Grandma" you need to know, and the address of the sender of the phishing letter, as a rule, will be an indefinable set of characters. Something like: " [Email Protected]". And the nuance is: the name of the sender and its address, if this official letter, usually correlated among themselves. For example, E-mail from a certain company" Pupkin and Co "may look like" [Email Protected]", but it is unlikely to have the kind" [Email Protected]" :)
- What is the letter? As a rule, phishing letters contain any call to action or hint on it. At the same time, in the body of the letter, usually nothing is written or nothing is written, or some additional motivation is given to the opening of nested files. Words "URGENT!", "The score for services" or "critical update" in letters from unknown senders can be a bright example of trying to hack you. Think logically! If you have not requested any accounts, updates or other documents from a particular company, then this is a probability of 99% - phishing ...
- What in the letter? The main element of phishing letters are its investments. The most obvious type of attachment can be an exe file with fake "update" or "program". Such investments are a rather rude face, but are found.
More "elegant" ways to deceive the user are to disguise the script downloading the virus, under the document Excel or Word. Masking can be two types. At the first version, the script itself is issued for the office document and it is possible to recognize it by the "double" extension of the name, for example, " .xls.js."Or" Summary .doc.vbs."In the second case, the attachment may consist of two files: a real document and a file with a script that is called as a macro from Word or Excel's office document.
In any case, it is not worth opening such documents, even if the "sender" asks you a lot about it! If you even suddenly among your customers have a one who theoretically could you send a letter with such content, it is better to bother to contact him directly and clarify whether it sent you any documents. Advanced television in this case can save you from unnecessary trouble!
I think, if you close all the technical bars in your computer and you will not give in to the provocations of spammers, then no viruses are scary to you!
How to restore files after infection
And, nevertheless, you were pleased to infect the computer with a virus-encrypter ... Do not turn off the PC after the appearance of an encryption message !!!
The fact is that due to a number of errors in the code of the viruses themselves, before rebooting the computer, there is a chance to pull out the key from the memory you need to decrypt files! For example, Wannakiwi utility will suit to obtain the Wannacry decryption key. Alas, there is no such solutions to restore files after the attack of Petya, but you can try to extract them from the shadow copies of the data (if you have activated the option to create them on the hard disk section) using the ShadowExplorer miniature program:
If you have already rebooted the computer or the above tips did not help, it is possible to restore files only using data recovery programs. As a rule, encrypter viruses operate according to the following scheme: create an encrypted copy of the file and remove the original without it overwriting. That is, only the file label is actually deleted, and the data itself is saved and can be restored. There are two programs on our site: it will suit more to resuscitize media files and photos, and R.Saver copes well with documents and archives.
Naturally, the virus itself needs to be removed from the system. If Windows is loaded, then for this, the MalwareBytes Anti-Malware program is well. If the virus has blocked the loading, then the Dr.Web LiveCD boot disk with a proven utility to combat various malware DR.Web Cureit on board. In the latter case, it will also have to recover MBR. Because LiveCD from Dr.Web based on Linux, then I think you will be useful for instructions from a habra on this topic.
conclusions
The problem of windows on Windows is relevant for many years. And every year we see that the viruses are inventing increasingly sophisticated forms of damage to computers of users. The last epidemics of encryption virusers demonstrate to us that the attackers are gradually moving towards active extortion!
Unfortunately, even if you pay money, it is unlikely to get any answer. Most likely, it will have to restore its data on their own. Therefore, it is better to show vigilance in time and prevent infection than then to mess around with the elimination of its consequences!
P.S. It is allowed to freely copy and quote this article if you specify an open active reference to the source and maintaining the authorship of Ruslana TRADER.
The new Wannacry malicious program (has a number of other names - Wannacry Decryptor, Wannacrypt, WCry and WanacryPT0R 2.0), declared itself to the world on May 12, 2017, when files on computers in several health facilities in the UK were encrypted. As soon as it turned out, in such a situation, companies were in dozens of countries, and Russia, Ukraine, India, Taiwan were injured. According to the Kaspersky Lab, only on the first day of attack the virus was discovered in 74 countries.
What is dangerous Wannacry? The virus encrypts the files of various types (receiving extension. WCRY, files become completely unreadable) and then requires a redemption of $ 600 per decoding. To speed up the procedure for transferring money, the user is intimidated by the fact that after three days the amount of redemption will increase, and seven days later, files cannot be decrypted at all..
Threat to infected with Wannacry encryptionist is subject to computers based on Windows operating systems. If you use licensed versions of Windows and regularly update the system, you can not worry that the virus will penetrate into your system that is this way.
MacOS, Chromeos and Linux users, as well as mobile operating systems IOS and Android attacks Wannacry should not be afraid.
What if you have become a victim of Wannacry?
The British National Crimination Agency (NCA) recommends a small business that has become a victim of extortioners and is concerned about the spread of the virus on the network, take the following actions:
- Examine the computer, laptop or tablet from the corporate / internal network immediately. Disconnect Wi-Fi.
- Change the drivers.
- Without connecting to the Wi-Fi network, connect the computer to the Internet directly.
- Update the operating system and everything else by software.
- Update and run antivirus.
- Repeate to the network.
- Monitor network traffic and / or run scanning to viruses to make sure that the encrypter disappeared.
Important!
WANNACRY virus encrypted files cannot be deciphered by anyone, except for intruders. Therefore, do not waste time and money on those "IT geniuses", which promise you to get rid of this headaches.
Is it worth paying money to intruders?
The first questions that users are asked, who collided with the new Wannacry cigrier virus - how to restore files and how to remove the virus. Without finding free and efficient ways to solve, they are faced with a choice - pay money to the extortioner or not? As often users have something to lose (personal documents and photo archives are stored in the computer), the desire to solve the problem with the help of money really arises.
But NCA persistently calls notpay money. If you still decide to do this, then keep in mind the following:
- First, there is no guarantee that you will get access to your data.
- Secondly, your computer and after payment can still remain an infected virus.
- Thirdly, you most likely just give your money cybercriminals.
How to protect yourself from Wannacry?
What actions to take to prevent the infection with the virus, explains Vyacheslav Belastov, head of the Department for the Implementation of System Protection Systems SCB Contour:
The Wannacry virus feature is that it can penetrate the system without the participation of a person unlike other encryption viruses. Earlier, for the action of the virus, it was necessary that the user showed inattention, it moved over a questionable link from the letter, which he actually was not intended, or downloaded a malicious investment. In the case of WANNACRY, the vulnerability is operated directly in the operating system itself. Therefore, first of all in the risk group turned out to be computers based on Windows, which did not establish updates of March 14, 2017. There is enough one infected workstation from the local network to the virus to spread to the rest with the available vulnerability.
At the victims of the viruses of users naturally one main question - how to decipher your information? Unfortunately, so far there is no guaranteed solution and is hardly foreseen. Even after payment of the specified amount, the problem is not solved. In addition, the situation may be aggravated by the fact that a person hoped to restore his data risks using allegedly "free" decinteers, which are actually malicious files. Therefore, the main advice that can be given is to be attentive and do everything possible to avoid a similar situation.
What exactly can and must be taken at the moment:
1. Install the latest updates.
This applies not only to operating systems, but also means of anti-virus protection. Windows update information can be found.
2. Make backup copies of important information.
3. Be careful when working with mail and the Internet.
It is necessary to pay attention to incoming letters with dubious references and investments. To work with the Internet, it is recommended to use plugins that allow you to get rid of unnecessary advertising and references to potentially malicious sources.
