The world is once again in danger. He is facing an epidemic, this time a computer one. Everyone online is attacked by a virus with the romantic detective name “mask”. Experts are already calling it the most dangerous in history, because we are no longer talking about the rather familiar “disabling equipment” or the no less primitive “theft of funds from accounts.”

Malicious program code, it is possible, works in the interests of global network cyber espionage associated with certain government agencies. "Spies" hunt for secret documents, user identification encryption keys, files for remote computer access and other valuable data. The “mask” can also intercept communication channels.

- How to spot danger in lines of computer code? Danger that will harm not only you. An insidious virus that can open the doors of the most closed vaults. And no one will notice the spy unless they know one word.

In Spanish slang it means "mask". A dangerous group of cybercriminals that was exposed by Moscow programmers. The guys from Kaspersky Lab are against hackers who have enormous resources, and not only financial ones. This suggests that there may be some kind of government structure hiding behind the “Mask”.

Stuart Sumner, editor of Computing Magazine:

- What makes these different? hacker programs, is the ability to bypass protection and hide from search engines that should protect the user. No antivirus can detect the problem, all traces are completely erased from the system, the movement of the virus cannot be tracked. Normal technologies are simply helpless against the new generation of evil software!

If for an ordinary person the news about “disguised” attacks went practically unnoticed, then in the computer world they literally caused panic. Unprecedented malicious software, so sophisticated that it is almost impossible to recognize it.

- Imagine that you received a letter. Not ordinary spam about a deceased namesake who left a million as an inheritance. And a completely plausible email from a familiar address. It contains a link to a video from YouTube or an article in a reputable newspaper. Why not take a look?

One click - and the spy is already doing its job. It is completely invisible on your computer and does not cause any obvious damage. It is known that the Mask managed to attack 380 targets in this way. Only? But it’s not a matter of quantity - all the points for strikes were selected very carefully.

Oksana Kundirenko, correspondent:

- They are obsessed with safety. What are you not ready for? large corporations: offices are located in impregnable skyscrapers, security is everywhere, surveillance cameras, metal detectors at the entrance. Waste - when an invisible virus gets to secret data and steals it in a matter of seconds.

"Masks" attacked government agencies, diplomatic offices and embassies, the world's largest energy and oil and gas companies, research organizations, political and civil activists. Morocco, Brazil, Great Britain - these are the countries with the most attacks. The result is that computers in 31 countries were infected.

Keith Martin, Professor of information security, University of Royal Holloway:

- The traditional way to hack into someone else’s computer is called “phishing”, it’s something like fishing. An attacker writes malicious code and launches it into the network. Any fish that swallows the bait is caught! But these fishermen are lovers of spearfishing - "PR phishing". Because they identify their victims and cunningly slip them their codes.

What’s amazing is that the group worked and remained unnoticed for seven whole years! Moreover, she did not steal money, like ordinary criminals. Their main goal is to collect valuable information from infected systems: these are various documents, encryption keys, files for management remote access to the computer, setting up encrypted networks. For victims, losing this type of information can be catastrophic.

Joseph Menn, investigative journalist, technology projects:

- When oil and gas companies are under threat, it is always dangerous. It is unclear whether the hackers need information about the economy or, much more, strategic geopolitical information. What is very interesting is the language of the hackers, they spoke Spanish. Until this moment, there were no such level of professionals in the Spanish-speaking world.

The masks have been torn off - Kaspersky Lab boasts. Now its employees are busy eliminating the danger. They understood the principle of spy work - they were given away by one short word, used when encrypting codes:

Oksana Kundirenko, correspondent:

- There is more mysterious and unsolved in this story. What exactly was stolen? How will criminals use this information? The exposed “masks” shut down all their servers and disappeared without a trace, leaving only a trail of questions. And the understanding that virtual world More and more dangers lurk.

Oksana Kundirenko, Details of the week, Inter TV channel.

Yesterday, an epidemic of a new computer encryption virus began. It mainly affected the work of Russian and Ukrainian organizations, but also affected companies from other countries of the world. The virus warns users that all their files are encrypted, and attempts self-recovery useless. The ransomware virus demands the transfer of $300 in Bitcoin cryptocurrency in exchange for unlocking access.

According to information from the Group-IB company (fighting cybercrime), during the day more than 100 companies in the CIS were affected, and by the evening Kaspersky Lab announced that the number of victims worldwide was in the thousands. The virus spreads on Windows systems, but the exact mechanism of its operation is not yet known, a Doctor Web representative said. Microsoft is aware of the situation and is conducting an investigation, a company spokesman said.

Attack on oil

During the day, the largest Russian oil company Rosneft on its Twitter account reported a powerful hacker attack on the company’s servers, without providing details. One of the employees of Bashneft (controlled by Rosneft), on condition of anonymity, told Vedomosti about the attack: “The virus initially disabled access to the portal, to the internal messenger Skype for business, to MS Exchange - they did not attach any significance, they thought it was just a network failure , then the computer rebooted with an error. Died HDD, the next reboot already showed a red screen." According to him, employees were ordered to turn off their computers. The information that the virus affected Bashneft was confirmed by two sources close to the company. A hacker attack could lead to serious consequences, but thanks to the fact that the company switched to backup system management of production processes, neither production nor oil preparation has been stopped, a Rosneft representative said.

New victims

Late in the evening, the Bank of Russia reported that several Russian banks had been infected. The disruption due to a cyber attack was confirmed by the Russian Home Credit Bank (HKF-Bank). The bank emphasized that it had noticed signs of instability and decided to conduct a review of all security systems. HCF Bank branches were open, but operated in advisory mode; ATMs and call centers continued to operate. The HCF Bank website was unavailable. A Vedomosti correspondent paid twice for the services of one of mobile operators via the Internet from a HKF Bank card. Disruption of work due to a cyber attack was confirmed by the Russian Home Credit Bank. Home Credit Bank admitted that it does not carry out operations due to cyber attacks, its website and 3D secure do not work

The payments went through, the 3-D Secure protocol did not work - the bank client did not receive an SMS with a transaction confirmation code. In the Russian office Royal Canin(a division of Mars) experienced difficulties with its IT systems, a company representative said. Evraz was also subject to a hacker attack, but its main production facilities continued to operate and there was no threat to employees or businesses, a company representative said. Virus attack affected offices in Europe (including Russia and Ukraine), a representative of the confectionery manufacturer Mondelez confirmed. World tour

Although Russia and Ukraine have recorded the most incidents, the virus is also active in other countries, said Vyacheslav Zakorzhevsky, head of the anti-virus research department at Kaspersky Lab. It is hardly possible to configure a self-propagating virus so that it affects only certain countries, the representative of Doctor Web agrees.

The cyberattacks were carried out simultaneously in different countries Europe, and with the start of the working day in the United States, several messages were received from there, The Wall Street Journal wrote at about 18.00 Moscow time. Danish shipping company A.P. Moller-Maersk, owner of the world's largest sea container carrier Maersk Line, said it had stopped operating computer systems in many of its divisions and regions. The IT systems of several companies belonging to the British advertising conglomerate WPP Group were subjected to a cyber attack. The attack was also reported by major law firm DLA Piper and French construction company Saint Gobain, whose spokesman told the Financial Times it had "isolated its computer systems to protect data."

The virus wishes to remain anonymous

This is the second case of a global ransomware attack in the last two months. In mid-May, a wave of infections occurred around the world. WannaCry ransomware. The virus infected computers that had not installed the Windows operating system update. During the hacker WannaCry attacks hit up to 300,000 computers in more than 70 countries and encrypted the information on them, making it unusable. In Russia, in particular, Megafon and the Ministry of Internal Affairs were attacked.

One of the reasons for the “popularity” of ransomware is the simplicity of the business model, explained Alexander Gostev, chief antivirus expert at Kaspersky Lab. According to him, if a virus manages to penetrate the system, then there is practically no chance of getting rid of it without losing personal data. Bitcoin ransom also plays into the hands of scammers: payment is anonymous and almost impossible to track, he explains. Moreover, unlocking the computer after paying the ransom is not at all guaranteed, notes Sergei Nikitin, deputy head of the Group-IB computer forensics laboratory.

Initially, the virus was identified as already known Petya ransomware, but soon the experts disagreed on the diagnosis. Kaspersky Lab isolated it as a separate strain; a Doctor Web representative last night considered it either a modification of Petya or something else. Nikitin thinks that we are talking about a modification of Petya, which is distributed in the mailing list and to activate it, just open the attachment in the letter received by mail. As soon as one person clicks on the link, the infection spreads throughout the enterprise’s internal network, explains the author of the Cybersecurity telegram channel, Alexander Litreev. But the way of distribution new threat differs from the standard scheme used by Petya, notes a Doctor Web representative. To the sensational WannaCry virus new virus has no relation, Nikitin and Zakorzhevsky agree. However, it is impossible to decrypt the files that the ransomware likes on your own.

How to avoid infection

To avoid infecting your computer with a virus, a Doctor Web representative advises not to open suspicious emails, create backups important data, install security updates for software and use an antivirus. A Kaspersky Lab representative also reminds its users to check if their antivirus is enabled. Also, using the AppLocker program, you need to block a file called perfc.dat, advises Kaspersky Lab. To stop the spread of the virus, companies need to close TCP ports (data distribution protocol over the network) 1024-1035, 135 and 445, Group-IB reported.

Pavel KANTYSHEV, Vitaly PETLEVOY, Elizaveta SERGINA, Mikhail OVERCHENKO

Computer viruses can significantly reduce the performance of your computer and also destroy all data on your hard drive. They are able to constantly reproduce and propagate themselves. Something reminiscent of human viruses and epidemics. Below is a list of the ten most dangerous computer viruses in the world.

Multi-vector Nimda worm

Nimda- computer worm/virus that damages files and negatively affects the operation of the computer. First seen on September 18, 2001. The name of the virus comes from the word admin spelled backwards. Due to the fact that the Nimda worm uses several methods of propagation, it became the most widespread virus/worm on the Internet within 22 minutes. Distributed by email, through open network resources, shared folders and file transfers, as well as through browsing malicious websites.

Conficker

Conficker is one of the most dangerous and well-known worms, targeting computers running operating systems Microsoft Windows. Linux systems and Macintosh are completely resistant to it. It was first discovered on the network on November 21, 2008. By February 2009, Conficker had infected 12 million computers around the world, including government, corporate and home computers. On February 13, 2009, Microsoft offered a $250,000 reward for information about the creators of the virus. A special group was even created to combat Conficker, which was unofficially dubbed Conficker Cabal. The damage caused by the malware is estimated at $9.1 billion.

Storm Worm is a backdoor Trojan horse that infects Microsoft Windows operating systems. It was first discovered on January 17, 2007. It is distributed mainly by email with a letter that has the heading “230 dead as storm batters Europe”, and later with other headings. The file attached to the letter contains a virus that creates an information “hole” in the computer system, which is used to receive data or send spam. It is estimated that about 10 million computers were infected with the Storm Worm malware.

Chernobyl

Chernobyl is also known as CIH - computer virus, created by Taiwanese student Chen Ying Hao in June 1998. Works only on computers running Windows control 95/98/ME. It is considered one of the most dangerous and destructive viruses, since once activated it can damage data BIOS chips and destroy all information from hard drives. In total, about 500,000 people were affected by Chernobyl personal computers worldwide, losses are estimated at $1 billion. The author of the virus, Chen Ying Hao, has never been brought to justice and now works for Gigabyte.

Melissa

Melissa is the first email macro virus, infecting about 20% of all computers worldwide. It was first noticed in March 1999. Malicious program was sent to the first 50 Outlook Express addresses. The letter had an attached file LIST.DOC (virus), allegedly containing passwords to 80 paid porn sites. The program was invented by David Smith from New Jersey. On December 10, 1999, he was sentenced to 20 months in prison and a fine of $5,000. While the damage caused by the virus amounted to about $80 million.

SQL Slammer

SQL Slammer was a computer worm that generated random IP addresses and sent itself to those addresses. On January 25, 2003, it hit Microsoft servers and another 500,000 servers around the world, causing a significant decline in bandwidth Internet channels, and South Korea, in general, was disconnected from the Internet for 12 hours. The slowdown was caused by numerous routers crashing under the burden of extremely high outbound traffic from infected servers. The malware spread with incredible speed, in 10 minutes it infected about 75,000 computers.

Code Red

Code Red is a specific type of computer virus/worm that attacks computers running the Microsoft IIS web server. It was first discovered on July 15, 2001. This malware basically replaced the content of pages on the affected site with the phrase “HELLO! Welcome to http://www.worm.com! Hacked By Chinese! In less than a week, Code Red hit more than 400,000 servers, including the White House server. The total damage caused by the virus is about $2.6 billion.

Sobig F

Sobig F is a computer worm that infected about a million computers running operating systems in 24 hours on August 19, 2003. Microsoft systems Windows, thereby setting a record (although it was later broken by the Mydoom virus). Distributed via email with an attachment. After activation, the virus looked for addresses on the infected computer and sent itself to them. Sobig F itself was deactivated on September 10, 2003, and Microsoft promised $250 thousand for information about the creator of the virus. To date, the criminal has not been caught. The damage caused by the malware is estimated to be $5–10 billion.

Mydoom is an email worm that infects computers under managed by Microsoft Windows. The epidemic began on January 26, 2004. The malware began to spread very quickly using email, a letter with the subject “Hello”, “Test”, “Error”, “Mail Delivery System”, “Delivery Notification”, “Report Server”, which had an attachment. When opened, the worm sent itself to other addresses, and also modified the operating system in such a way that the user could not access the websites of many news feeds, antivirus companies, and some sections of the Microsoft website. The virus has also put a huge strain on internet channels. Mydoom contains text message"Andy, I'm just doing my job, nothing personal, sorry." Was programmed to stop spreading on February 12, 2004.

I LOVE YOU

ILOVEYOU is a computer virus that has successfully infected more than three million personal computers running Windows. In 2000 it was distributed by email, a letter with the subject “ILOVEYOU” and the attachment “LOVE-LETTER-FOR-YOU.TXT.VBS”. After opening the application, the worm sent itself to all addresses in the address book and also made numerous changes to the system. The damage caused by the virus amounts to $10–15 billion, which is why it was listed in the Guinness Book of Records as the most destructive computer virus in the world.

At the beginning of this week, the virus continued its march through Asian countries - the British publication The Telegraph writes that 30 thousand infections were recorded in China. Large computers were affected by the virus. oil and gas company PetroChina, as well as a number of government agencies. Authorities in the Republic of Korea reported several cases of infection (we are talking about computers from seven companies); in Japan, computers at 600 sites were attacked, including some computers from a large Japanese electronics manufacturer, Hitachi. About 5% of the infection occurred on computers from India, but the virus did not cause serious damage in this country.

A new global wave of cyber attacks should follow “in the coming days and weeks,” experts say. Attackers update their programs to make them more efficient, while other hackers are inspired by their experiences to carry out their own scams.

The attack used spyware from American intelligence agencies. This was confirmed by Microsoft

WannaCry encrypts or locks all files and data on the infected computer, offering to pay a ransom for decryption, expressed in cryptocurrency - bitcoins. For this “service” the attackers demand $600 (33.9 thousand rubles). Otherwise, the virus promises to delete files within three days. According to media reports, the extortionists received $42 thousand, but have not yet withdrawn funds from the accounts to which the victims sent the ransom.

The hackers who organized cyberattacks around the world took advantage of spyware software, which was allegedly used by the National Security Agency (NSA), wrote the American newspaper Politico. According to her, the attackers demanding a ransom for restoring the operation of computer networks used spyware that had previously been distributed by a group of hackers operating under the pseudonym Shadow Brokers. They claimed to have gained access to programs allegedly developed by the NSA.

Last weekend this was confirmed by Microsoft, the company that develops the Windows operating system, which turned out to be vulnerable to the virus. CEO Brad Smith called for urgent collective action in light of the cyber attack, likening the leak to the theft of several Tomahawk cruise missiles from the military. “The leaders of the world’s countries should take the current attack as a wake-up call. They need to take a different approach and apply the same strict rules in cyberspace as when protecting weapons in the physical world,” said the president of the corporation.

To protect against the virus, Microsoft has released software updates, including for operating systems. Windows systems XP, Windows 8 and Windows Server 2003, which are no longer supported.

It will be extremely difficult to detect the culprits

This opinion was expressed in an interview with a TASS correspondent by Pavel Kuzmich, a leading expert on security issues at ITMO University. information technologies, Director of the Laboratory of Computer Forensics at ITMO University. According to the expert, “writing viruses requires quite professional skills,” but “the entry point into programming as a field of activity today is very low.” “Both a schoolchild and a very advanced IT specialist could cope with the task, so it is difficult to outline in advance any circle of suspects. Today there are millions and millions of people in the world who know programming,” Kuzmich noted.