Yesterday's virus-extortionist was supplemented and amended NotPetya

Date:

2017-10-25 13:00:06

Views:

148

Rating:

1Like 0Dislike

Share:

Yesterday's virus-extortionist was supplemented and amended NotPetya

Virus-cryptographer, tried to attack Russian banks and infected the computers of a number of Ukrainian organizations and the Russian media, called BadRabbit. Specialists of the company «Group-IB», analyzed it, pointed out that the new «extortionist» — nothing like a superior version of the good old «Petit» raging last spring. The cyber security experts was able to trace the domain name, who began to spread the virus. It is likely that intruders will be able to track.

«the Investigation showed that the distribution of malware were conducted with resource 1dnscontrol.com. Domain name 1dnscontrol.com IP 5.61.37.209», — stated in the message released by the «Group-IB».

Employees «Group-IB» explain that BadRabbit — an improved and modified version of the virus «NotPetya» in the code which fixed the encryption algorithms and a number of innovations. However, the code of the new virus has pieces of code that is similar to what was found in «NotPetya» informed.

The CEO of the company «Group-IB» Ilya Sachkov on radio Sputnik said that the existing lead will allow you to find the attackers, but does not exclude that such attacks might be repeated in the future. The fact that the tools for creation of similar viruses is available, this means that to engage in its improvement and implementation is possible for almost anyone.

Having got on the computer, the virus ransomware encrypts all stored on the hard disk of the data blocks user access to PC and begins to extort the reward for unlocking at the rate of 0.05 bitcoin (around $ 300 at current exchange rates).

«There is a high probability to understand where you are coming from the physical hands and feet of this attack. You can determine who made the attack. The domain name was registered back in 2016, someone pays, it involves a few other malicious domains. The people who created them, operated since 2011. That is, in our opinion, quite clear criminal group. Not the fact that it is connected with this attack, but she was engaged in, including spam and phishing. Unlike the previous attacks, we already have a footprint and logic that will allow law enforcement agencies to conduct search operations and detain those who did», — quotes RIA «news» Ilya Sachkov.

Among the first victims of the new virus-cryptographer Kiev metro, Odessa airport and a number of Russian media, including «Interfax» «museums».

Tags:

Comments (0)

This article has no comment, be the first!

Add comment

Related News

Snapdragon PC — why and when will be released?

Snapdragon PC — why and when will be released?

Smartphones — compact, lightweight and slim device that allows you to do much of what "able" PC.

Google knows what to do with old computers

Google knows what to do with old computers

rapid advances in computer technology, there are less pleasant than accompanying the progress of growth of productivity and functionality aspect.

Supercomputer Hewlett-Packard have experienced in space

Supercomputer Hewlett-Packard have experienced in space

a Month ago at the ISS in the cargo hold of the cargo ship Dragon has arrived SpaceBourne supercomputer, developed jointly by NASA and Hewlett-Packard.