In “Kaspersky Lab”
Photo: Vladimir Astapkovich / RIA Novosti
Virus-extortionist WannaCry, which killed more than 200 thousand people and organizations in 150 countries, could create the North Korean hackers from the group of Lazarus, which is accused of organizing large-scale attacks on the Central Bank of Bangladesh and Sony Pictures Entertainment
The creators of the virus-the extortioner WannaCry, attacked in recent days, thousands of computers in over 150 countries, can be the hackers of the North Korean cybergraphic Lazarus, allegedly responsible for stealing $81 million from the Central Bank of Bangladesh in February 2016 and for the attack on the film company Sony Pictures Entertainment in 2014. Wrote about this on his page in Facebook the chief antivirus expert “Kaspersky Lab” Alexander Gostev.
According to the analyst, the code that was discovered in WannaCry coincides with the code of Trojan viruses which have used Lazarus before.
“Do you still remember our North Korean Bank robbers through SWIFT and lomatila Sony Pictures? Yes, the very Lazarus, which we so much (heard) lately. The detective twisted more and now the same code found in #WannaCry and Trojans from Lazarus. <…> I’m afraid that after North Korea on the Internet, we’ll see,” said Gostev.
The expert also applied to posting screenshots of two codes — one, according to Gospel belongs WannaCry, other viruses Lazarus, part of which coincides with each other.
We are talking about a massive hacker attack, which occurred on Friday, may 12, in at least 150 countries, according to estimates of the European police Agency, has covered the activities of more than 200 thousand people and organizations, including government agencies. Hackers used a virus-extortionist WannaCry: it installs on the computer a banner that blocks access to data and require it to pay for the restoration of access to them for $300 or $ 600 in bitcoins. Otherwise, the virus promises to delete files within three days.
Newspaper the Times, citing data from the payments indicated that as a result of global cyber attacks the creators of the virus WannaCry received a total of $42 thousand.
A new virus has affected the activities of the servers of the Russian law enforcement agencies and telecommunication companies, among which was the “MegaFon”, “VimpelCom”, computers, interior Ministry, Investigative Committee (SK denied this information), MOE, Ministry of health, Russian Railways, and a number of Russian banks.
Previously, “Kaspersky Lab” said that the attack occurred through the “known network vulnerability Microsoft Security Bulletin MS17-010”. After this “on your system” installed “rootkit”, using which, the attackers “launched the program-coder,” said the company.
The spread of the virus first, managed to block the British expert on cyber security who has registered a domain name iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com the name of which was contained in the code of the virus itself. The malware accessed at this address and, in the absence of a response, as inherent in its algorithm, has continued to spread and infect other computers. However, after you register a domain and opening his access to the Internet, the virus began to get resource response, therefore, was no longer distributed.
According to the publication Motherboard, then the creators of the virus had rewritten the code of the malware and restarted it, thereby bypassed the lock on its distribution.
Hackers from the group of Lazarus is accused of stealing $81 million from the accounts of the Central Bank of Bangladesh, which took place in February 2016. The staff of the regulator were not able to track the attack because of the fact that they have failed the printer alerts the international banking system SWIFT. The hackers transferred money to accounts in the Philippines and Sri Lanka. Six months later, the Bangladesh authorities managed to recover $15 million of the total.