Content |
History
2022: Ransomware virus attacked Russian government agencies
On December 1, 2022, it became known that Russian government agencies attacked a new ransomware virus. It deletes files even after paying the ransom.
As Izvestia was told in Kaspersky Lab, we are talking about a ransomware called CryWiper. Specialists of the antivirus company found malware in city halls and courts in several regions of the country, but it can be distributed more widely. Kaspersky Lab cybersecurity expert Fyodor Sinitsyn said that CryWiper, after infecting the device, spoiled files and displayed a message demanding a ransom for decoding more than 500 thousand rubles (0.5 bitcoin).
According to Sinitsyn, even if you pay the hackers, the user will still not be able to save his files. They will disappear beyond repair. The expert pointed out that such consequences are the original plan of the virus developer, and not a mistake.
Kaspersky Lab specialists also said that CryWiper attacks files of all formats, with the exception of those responsible for the operation of the system itself. First of all, the virus acts on archives, user documents and databases. data
CryWiper is also aware of the appearance in Positive Technologies. They recalled that in January 2022, the WhisperGate virus attacked according to a similar scheme. It erased not only files according to the list of extensions, but also the main boot record of the disk (MBR - a special code that is needed to load the operating system), Alexei Vishnyakov, head of the malware detection department of the Positive Technologies security expert center, told the newspaper.
Viruses of this kind are called "wipers" by experts, which can be translated as a "eraser" - programs erase data when the device is infected.
To protect against this kind of cyber attack, experts recommended banning remote desktop connections from public networks. In addition, it is important to update VPN solutions and software. Developers periodically find vulnerabilities in their programs and fix them in new versions. Experts also advised using data backup.[1]