Another attack of a cryptographer paralyzes large companies.
This afternoon, June 27, large Ukrainian companies have announced yet another problem caused by a new wave of extortion virus. Subsequently, reports of blocking began to come from Russia, the United States and Europe.
In the list of victims as of 17:00:
')
- Cabinet of Ministers of Ukraine;
- Ukrpochta and New Mail ;
- Mobile operators Vodafone and Kyivstar;
- Banks "Oschadbank" , "Ukrgasbank", "Pivdenny", "Takskombank", "OTP Bank";
- Publications "Correspondent", "24 channel"
- Kiev Metro;
- Ukrainian railways;
- Ukrtelecom;
- Epicenter.
The exact name of the virus has not yet been established, the most likely version is "Petya.A".
The virus requires the equivalent of $ 300 in bitcoins, the facts of unlocking files after making the payment has not yet been reported.
UPD1: Towards evening, there were reports that the virus spread to Russian companies, among them:
- Rosneft ;
- Home Credit Bank".
UPD2: Cybersecurity expert Vladimir Styran said that the initial infection occurs through phishing messages (file Peter.apx) or update the accounting program MEdoc. Then the virus spreads over the local network "through DoblePulsar and EternalBlue, similar to the WannaCry methods."
UPD3: Some ChNPP computers have been affected . Nothing wrong. Most of them have been disabled to avoid distribution. Electronic document management does not work. There is no radiation hazard , but it is not yet possible to send reports with indicators, since used email.
UPD4: Detailed article on Habré. In short: the decrypter is not yet available, the virus spreads throughout Europe if there are cases of infection in the United States.
Current list of companies affected by the virus
State structures:
Cabinet of Ministers of Ukraine
Ministry of the Interior
Ministry of Culture
Ministry of Finance
National Police (and regional sites)
Cyber ​​police
KSCA
Lviv City Council
Ministry of Energy
National Bank
Banks:
Oschadbank
Sberbank
TASKOMERTSBANK
Ukrgasbank
Pivdenny
OTR Bank
Kredobank.
Transport:
Borispol airport"
Kiev Metro
Ukrzaliznytsya
MASS MEDIA:
Radio Era-FM
Football.ua
STB
Inter
First national
TV channel 24
Radio "Lux"
Radio "Maximum"
"KP in Ukraine"
ATP Channel
"Correspondent.net"
Large companies:
"New mail"
Kyivenergo
"Naftogaz of Ukraine"
DTEK
Dniproenergo
"Kievvodokanal"
"Novus"
"Epicenter"
Arcellor Mittal
Ukrtelecom
"Ukrpochta"
Mobile operators:
Lifecell
Kyivstar
Vodafone Ukraine
The medicine:
"Farmak"
clinic Boris
Feofania Hospital
Arterium Corporation
Gas stations:
Shell
Wog
Klo
TNK
Cabinet of Ministers of Ukraine
Ministry of the Interior
Ministry of Culture
Ministry of Finance
National Police (and regional sites)
Cyber ​​police
KSCA
Lviv City Council
Ministry of Energy
National Bank
Banks:
Oschadbank
Sberbank
TASKOMERTSBANK
Ukrgasbank
Pivdenny
OTR Bank
Kredobank.
Transport:
Borispol airport"
Kiev Metro
Ukrzaliznytsya
MASS MEDIA:
Radio Era-FM
Football.ua
STB
Inter
First national
TV channel 24
Radio "Lux"
Radio "Maximum"
"KP in Ukraine"
ATP Channel
"Correspondent.net"
Large companies:
"New mail"
Kyivenergo
"Naftogaz of Ukraine"
DTEK
Dniproenergo
"Kievvodokanal"
"Novus"
"Epicenter"
Arcellor Mittal
Ukrtelecom
"Ukrpochta"
Mobile operators:
Lifecell
Kyivstar
Vodafone Ukraine
The medicine:
"Farmak"
clinic Boris
Feofania Hospital
Arterium Corporation
Gas stations:
Shell
Wog
Klo
TNK
UPD5: Found a way to stop encryption - a quote for those who have not read the post on the browser:
Positive Technologies specialists found a local “kill switch” for Petya, you can stop the cryptographer by creating the file “C: \ Windows \ perfc (perfc - file without extension)
There is also good news: if you saw the computer restart and the start of the “disk check” process, at that moment you should immediately turn off the computer and the files will remain unencrypted. Booting from a LiveCD or USB disk will give access to the files.
Source: https://habr.com/ru/post/357370/
All Articles