The extortion virus called WannaCrypt has infected tens of thousands of computers around the world. It has paralyzed the work of British hospitals and Spanish companies, and then made its way to Russia, attacking the regional departments of the Ministry of Internal Affairs and the Investigative Committee.
Kaspersky reports that tens of thousands of computers in 74 countries were infected and this number continues to grow. Some experts say that the world may have witnessed the largest virus attack in history.
Cybersecurity specialists say that WannaCrypt is essentially a standard ransomware Trojan. Once on the victim’s computer, it encrypts all the data on the hard drive and requires 300 dollars in Bitcoins to be sent to the attackers. Victims are given three days, after which the ransom amount will be doubled, and in a week the files will remain encrypted forever.
Experts also note a well-developed and very “friendly” payment interface supporting dozens of languages, including English, Russian, Spanish, Chinese and even Romanian.
Another important feature is that this virus only infects Windows computers. Experts believe that users who did not install the latest operating system updates face the maximum risk.
The victims report that antivirus software can not detect WannaCrypt despite the fact that it takes about four hours to complete the full encryption cycle. There are also no third-party programs found in Windows Task Manager. Some victims tried to format the hard drive or reinstall Windows, but after a while, the screen reappeared with a request to pay the ransom.
Experts remind that ransomware usually hides in PDF-documents and are distributed by spam mail.
While experts do not know what kind of hacker group developed WannaCrypt and conducted such a massive attack. The attackers obviously took advantage of the fact that many users did not install the latest Windows updates.