2022/12/01 12:22:30

CryWiper (ransomware virus)

Content

History
- 2022: Ransomware virus attacked Russian government agencies
Notes

History

2022: Ransomware virus attacked Russian government agencies

On December 1, 2022, it became known that Russian government agencies attacked a new ransomware virus. It deletes files even after paying the ransom.

As Izvestia was told in Kaspersky Lab, we are talking about a ransomware called CryWiper. Specialists of the antivirus company found malware in city halls and courts in several regions of the country, but it can be distributed more widely. Kaspersky Lab cybersecurity expert Fyodor Sinitsyn said that CryWiper, after infecting the device, spoiled files and displayed a message demanding a ransom for decoding more than 500 thousand rubles (0.5 bitcoin).

According to Sinitsyn, even if you pay the hackers, the user will still not be able to save his files. They will disappear beyond repair. The expert pointed out that such consequences are the original plan of the virus developer, and not a mistake.

Kaspersky Lab specialists also said that CryWiper attacks files of all formats, with the exception of those responsible for the operation of the system itself. First of all, the virus acts on archives, user documents and databases. data

CryWiper is also aware of the appearance in Positive Technologies. They recalled that in January 2022, the WhisperGate virus attacked according to a similar scheme. It erased not only files according to the list of extensions, but also the main boot record of the disk (MBR - a special code that is needed to load the operating system), Alexei Vishnyakov, head of the malware detection department of the Positive Technologies security expert center, told the newspaper.

Viruses of this kind are called "wipers" by experts, which can be translated as a "eraser" - programs erase data when the device is infected.

To protect against this kind of cyber attack, experts recommended banning remote desktop connections from public networks. In addition, it is important to update VPN solutions and software. Developers periodically find vulnerabilities in their programs and fix them in new versions. Experts also advised using data backup.^[1]

Notes

↑ Stripping handwriting: government agencies attacked a new ransomware virus

Источник — «https://tadviser.com/index.php/Article:CryWiper_(ransomware_virus)»

The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article
If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible.

Simple Link

How to create a "smart plant": Key characteristics of a modern digital enterprise 7300

Model Studio CS: How to use BIM to give new impetus to the development of the fuel and energy complex 4500