According to Positive Technologies, over 80 organizations in Russia and Ukraine have been affected by Petya's actions. Compared to WannaCry, this virus is considered more destructive, as it is spread by several methods - using Windows Management Instrumentation, PsExec, and the EternalBlue exploit. In addition, the free utility Mimikatz is embedded in the encryptor.
“This set of tools allows Petya to remain operational even in those infrastructures where the WannaCry lesson was taken into account and the appropriate security updates were installed, which is why the ransomware is so effective,” Positive Technologies said.
As the head of the threat response department told Gazeta.Ru information security company Elmar Nabigaev,
If we talk about the causes of the current situation, then the problem is again in a careless attitude to the problems of information security.
The head of the Avast virus laboratory, Yakub Kroustek, in an interview with Gazeta.Ru, said that it was impossible to establish for certain who exactly was behind this cyber attack, but it was already known that the Petya virus was distributed on the darknet using the RaaS (malicious software as a service) business model.
“Thus, the share of distributors of the program reaches 85% from the ransom, 15% goes to the authors of the ransomware virus,” Croustek said. He noted that the authors of Petya provide all the infrastructure, C&C servers and systems money transfers, which helps to attract people to spread the virus, even if they do not have programming experience.
In addition, Avast told which operating systems were most affected by the virus.
Windows 7 took the first place — 78% of all infected computers. This is followed by Windows XP (18%), Windows 10 (6%) and Windows 8.1 (2%).
Kaspersky Lab considered that although the virus is similar to the Petya family, it still belongs to a different category, and gave it a different name - ExPetr, that is, "former Peter".
Dmitry Khomutov, Deputy Director for Development at Aideco, explained to a Gazeta.Ru correspondent that cyberattacks with WannaCry and Petya viruses led to what I had been warning about for a long time, that is, to a global vulnerability of information systems used everywhere.
“Loopholes left by American corporations for the intelligence services became available to hackers and were quickly crossed with the traditional arsenal of cybercriminals — ransomware, botnet clients, and network worms,” Khomutov said.
Thus, WannaCry practically did not teach the world community anything - computers remained unprotected, systems were not updated, and efforts to release patches even for outdated systems simply went to waste.
Experts urge not to pay the required ransom in bitcoins, as the mailing address that the hackers left for communication was blocked by a local provider. Thus, even in the case of "honest and good intentions" of cybercriminals, the user will not only lose money, but also will not receive instructions to unlock their data.
Most of all, Petya harmed Ukraine. Among the victims were Zaporozhyeoblenergo, Dneproenergo, Kiev Metro, Ukrainian mobile operators Kyivstar, LifeCell and Ukrtelecom, Auchan store, Privatbank, Boryspil airport and others.
The Ukrainian authorities immediately blamed Russia for the cyberattack.
"War in cyberspace, spreading fear and horror among millions of users personal computers and causing direct material damage due to the destabilization of the work of business and government agencies - this is part of the overall strategy of the hybrid war of the Russian empire against Ukraine, ”said the deputy of the Rada from the Popular Front.
Ukraine could have suffered more than others due to the initial distribution of Petya through the automatic update of M.E.doc, an accounting software program. This is how Ukrainian departments, infrastructure facilities and commercial companies were infected - they all use this service.
The press service of ESET Russia explained to Gazeta.Ru that in order to infect the Petya virus corporate network one vulnerable computer that does not have security updates installed is sufficient. With his help malware will get into the network, get administrator rights and spread to other devices.
However, M.E.doc issued an official refutation of this version.
“The discussion of the sources of the emergence and spread of cyber attacks is actively carried out by users in social networks, forums and other information resources, in the wording of which one of the reasons indicates the installation of updates to the M.E.Doc program. M.E.Doc development team refutes this information and declares that such conclusions are unequivocally erroneous, because the developer of M.E.Doc, as a responsible supplier software product, monitors the safety and cleanliness of its own code, ”says the
A few months ago, we and other IT Security specialists discovered a new malware - Petya (Win32.Trojan-Ransom.Petya.A). In the classical sense, it was not a ransomware, the virus simply blocked access to certain types of files and demanded a ransom. The virus modified the boot record on the hard drive, forcibly rebooted the PC and showed a message that “the data is encrypted - chase your money for decryption”. In general, the standard scheme of ransomware viruses, except that the files were NOT actually encrypted. Most popular antiviruses started identifying and removing Win32.Trojan-Ransom.Petya.A within a few weeks of its release. In addition, there are instructions for manual removal. Why do we think that Petya is not a classic ransomware? This virus makes changes to the Master Boot Record and prevents the OS from booting, and also encrypts the Master File Table (master file table). It does not encrypt the files themselves.
However, a more sophisticated virus emerged a few weeks ago. mischa, apparently written by the same scammers. This virus ENCRYPTS files and requires you to pay $500 - $875 for decryption (in different versions 1.5 - 1.8 bitcoins). Instructions for "decryption" and payment for it are stored in the files YOUR_FILES_ARE_ENCRYPTED.HTML and YOUR_FILES_ARE_ENCRYPTED.TXT.
Mischa virus - contents of the YOUR_FILES_ARE_ENCRYPTED.HTML file
Now, in fact, hackers infect users' computers with two malware: Petya and Mischa. The first one needs administrator rights in the system. That is, if a user refuses to give Petya admin rights or removes this malware manually, Mischa gets involved. This virus does not need administrator rights, it is a classic ransomware and really encrypts files using the strong AES algorithm without making any changes to the Master Boot Record and the file table on the victim's hard drive.
Mischa malware encrypts not only standard file types (videos, pictures, presentations, documents), but also .exe files. The virus does not affect only the directories \Windows, \$Recycle.Bin, \Microsoft, \ Mozilla Firefox, \Opera, \ Internet Explorer, \Temp, \Local, \LocalLow, and \Chrome.
Infection occurs mainly through e-mail, where a letter arrives with an attached file - a virus installer. It can be encrypted as a letter from the Tax Office, from your accountant, as enclosed receipts and purchase receipts, etc. Pay attention to the file extensions in such letters - if it is an executable file (.exe), then with a high probability it can be a container with the Petya\Mischa virus. And if the modification of the malware is fresh, your antivirus may not react.
Update 06/30/2017: June 27, a modified version of the Petya virus (Petya.A) massively attacked users in Ukraine. The effect of this attack was enormous and the economic damage has not yet been calculated. In one day, the work of dozens of banks, retail chains, government agencies and enterprises of various forms of ownership was paralyzed. The virus spread mainly through a vulnerability in the Ukrainian MeDoc accounting system with the latest automatic update of this software. In addition, the virus has also affected countries such as Russia, Spain, Great Britain, France, Lithuania.
An extremely effective method of dealing with malware in general and ransomware in particular. The use of a proven protective complex guarantees the thoroughness of the detection of any virus components, their complete removal with one click. Note, we are talking about two different processes: uninstalling the infection and restoring files on your PC. However, the threat is certainly subject to removal, since there is information about the introduction of other computer Trojans with her help.
As noted, the Mischa ransomware locks files with a strong encryption algorithm so that the encrypted data cannot be restored with a wave of a magic wand - unless you take into account the payment of an unheard-of ransom (sometimes up to $ 1,000). But some methods can really become a lifesaver that will help you recover important data. Below you can familiarize yourself with them.
Automatic file recovery program (decryptor)
A very unusual circumstance is known. This infection erases the original files in unencrypted form. The extortionate encryption process thus targets copies of them. This makes it possible for software tools such as the recovery of deleted objects, even if the reliability of their removal is guaranteed. It is strongly recommended to resort to the file recovery procedure, its effectiveness is beyond doubt. 
Volume Shadow Copies
The approach is based on Windows procedure file backup that repeats at each restore point. An important condition for this method to work: the “System Restore” function must be activated before the infection. However, any changes made to the file after the restore point will not be reflected in the restored version of the file.
Backup
This is the best among all non-buyout methods. If the procedure for backing up data to an external server was used before the ransomware attacked your computer, to restore encrypted files, you simply need to enter the appropriate interface, select the necessary files and start the data recovery mechanism from the backup. Before performing the operation, you need to make sure that the ransomware is completely removed.
Cleaning in manual mode is fraught with omission of individual fragments of ransomware that can avoid removal in the form of hidden objects of the operating system or registry entries. To eliminate the risk of partial preservation of individual malicious elements, scan your computer using a reliable security software package that specializes in malware.
Virus "Petya": how not to catch it, how to decipher where it came from - the latest news about the Petya ransomware virus, which by the third day of its "activity" hit about 300 thousand computers in different countries world, and so far no one has stopped him.
Petya virus - how to decrypt, latest news. After attacking a computer, the creators of the Petya ransomware demand a ransom of $300 (in bitcoins), but there is no way to decrypt the Petya virus even if the user pays the money. Kaspersky Lab experts, who saw differences from Petya in the new virus and named it ExPetr, claim that a unique identifier for a specific Trojan installation is needed to decrypt it.
In previously known versions of similar Petya/Mischa/GoldenEye ransomware, the installation identifier contained the information necessary for this. In the case of ExPetr, this identifier does not exist, RIA Novosti writes.
Virus "Petya" - where did it come from, the latest news. German security experts put forward the first version of where this ransomware got its way from. In their opinion, the Petya virus began to roam computers from the opening of M.E.Doc files. This is an accounting program used in Ukraine after the 1C ban.
Meanwhile, Kaspersky Lab says that it is too early to draw conclusions about the origin and source of the spread of the ExPetr virus. It is possible that the attackers had extensive data. For example, e-mail addresses from the previous newsletter or some other effective ways penetration into computers.
With their help, the "Petya" virus hit with all its might on Ukraine and Russia, as well as other countries. But the real scale of this hacker attack will be clear in a few days - reports.
Virus "Petya": how not to catch, how to decipher, where it came from - latest news about the Petya ransomware virus, which has already received a new name from Kaspersky Lab - ExPetr.
The attack of the "Petya" virus was an unpleasant surprise for the inhabitants of many countries. Thousands of computers have been infected, as a result of which users have lost important data stored on their hard drives.
Of course, now the excitement around this incident has subsided, but no one can guarantee that this will not happen again. That is why it is very important to protect your computer from a possible threat and not take unnecessary risks. How to do this most effectively, and will be discussed below.
First of all, we should remember the consequences of Petya.A's short activity. In just a few hours, dozens of Ukrainian and Russian companies suffered. In Ukraine, by the way, the work of the computer departments of such institutions as Dniproenergo, Novaya Pochta and Kiev Metro was almost completely paralyzed. Moreover, some state organizations, banks and mobile operators did not protect themselves from the Petya virus.
In the countries of the European Union, the ransomware also managed to do a lot of trouble. French, Danish, British and international companies have reported temporary outages related to the Petya computer virus attack.
As you can see, the threat is really serious. And even despite the fact that the attackers chose large financial institutions as their victims, ordinary users suffered no less.
To understand how to protect yourself from the Petya virus, you must first understand how it works. So, once on a computer, the malware downloads a special encryptor from the Internet that infects the Master Boot Record. This is a separate area on the hard drive, hidden from the user's eyes and designed to boot the operating system.
For the user, this process looks like the standard operation of the Check Disk program after a sudden system crash. The computer restarts abruptly, and a verification message appears on the screen hard drive for errors and please do not turn off the power.
As soon as this process comes to an end, a screen saver appears with information about locking the computer. The creators of the Petya virus require the user to pay a ransom of $300 (more than 17.5 thousand rubles), promising in return to send the key needed to resume the PC.
It is logical that it is much easier to prevent infection with the Petya computer virus than to deal with its consequences later. To secure your PC:
Leading Developers antivirus programs figured out how to remove the Petya virus. More precisely, thanks to the conducted research, they managed to understand that the ransomware on early stages The infection tries to find a local file on the computer. If he succeeds, the virus stops its work and does not harm the PC.
Simply put, you can manually create a kind of stop file and thus protect your computer. For this:
Now the "Petya" virus, having got on your computer, will not be able to harm it. But keep in mind that attackers may modify the malware in the future and the stop file creation method will become ineffective.
When the computer goes to reboot on its own and Check Disk starts, the virus is just starting to encrypt files. In this case, you can still save your data by doing the following:
Also, you can try to use a special boot disk to cure the "Petya" virus. Kaspersky Anti-Virus, for example, provides the Kaspersky Rescue Disk program for these purposes, which works bypassing the operating system.
As mentioned earlier, the creators of Petya are demanding a $300 ransom from users whose computers have been infected. According to the extortionists, after paying the specified amount, the victims will be sent a key that removes the blocking of information.
The problem is that a user who wants to return his computer to a normal state needs to write to the attackers by e-mail. However, all E-Mail ransomware is promptly blocked by authorized services, so it is simply impossible to contact them.
Moreover, many leading developers of anti-virus software are sure that it is completely impossible to unlock a computer infected with Petya with any code.
As you probably understood, it is not worth paying extortionists. Otherwise, you will not only be left with a non-working PC, but also lose a large amount of money.
The Petya virus was first discovered in March 2016. Then security experts quickly noticed the threat and prevented its mass distribution. But already at the end of June 2017, the attack was repeated again, which led to very serious consequences.
It is unlikely that everything will end there. Ransomware attacks are not uncommon, so it's important to keep your computer protected at all times. The problem is that no one can predict what format the next infection will take. Be that as it may, it is always worth following the simple recommendations given in this article in order to reduce the risks to a minimum in this way.
Antivirus programs are installed on the computer of almost every user, but sometimes a Trojan or a virus appears that can bypass the most better protection and infect your device, or worse, encrypt your data. This time, the trojan encoder "Petya" or, as it is also called, "Petya" became such a virus. The rate of spread of this threat is very impressive: in a couple of days he was able to "visit" Russia, Ukraine, Israel, Australia, the USA, all major European countries and beyond. It mostly hit corporate users (airports, power plants, the tourism industry), but ordinary people also suffered. In terms of its scale and methods of influence, it is extremely similar to the recently sensational one.
You definitely need to protect your computer so that you don't fall victim to the new Petya ransomware. In this article, I will tell you what the Petya virus is, how it spreads, and how to protect yourself from this threat. In addition, we will touch upon the issues of removing the Trojan and decrypting information.
To begin with, we should understand what Petya is. Petya virus is a malicious software that is a trojan of the "ransomware" type (extortionist). These viruses are designed to blackmail the owners of infected devices in order to obtain a ransom from them for encrypted data. Unlike Wanna Cry, Petya does not bother to encrypt individual files - it almost instantly “takes away” the entire hard drive from you.
The correct name for the new virus is Petya.A. Besides, Kaspersky calls it NotPetya/ExPetr.
Once on your Windows computer, Petya encrypts the MFT(Master File Table - the main table of files). What is this table for?
Imagine that your hard drive is the largest library in the entire universe. It contains billions of books. So how do you find the right book? Only with the help of the library catalog. It is this directory that Petya destroys. Thus, you lose any possibility of finding any "file" on your PC. To be even more precise, after Petya's "work", your computer's hard drive will resemble a library after a tornado, with scraps of books flying around.
Thus, unlike Wanna Cry, which I mentioned at the beginning of the article, Petya.A does not encrypt individual files, spending an impressive amount of time on this - it simply takes away from you any opportunity to find them.
After all his manipulations, he demands a ransom from users - 300 US dollars, which must be transferred to a bitcoin account.
When creating the Petya virus, an exploit ("hole") in the Windows OS called "EternalBlue" was used. Microsoft released a patch that "closes" this hole a few months ago, however, not everyone uses the license a copy of Windows and installs all system updates, right?)
The creator of "Petya" was able to use the carelessness of corporate and private users wisely and make money on it. His identity is still unknown (and is unlikely to be known)
The Petya virus is most often spread under the guise of attachments to emails and in archives with pirated infected software. An attachment can contain absolutely any file, including a photo or mp3 (it seems so at first sight). After you run the file, your computer will restart and the virus will simulate a disk check for CHKDSK errors, and at that moment it will modify your computer's boot record (MBR). After that, you will see a red skull on your computer screen. By clicking on any button, you can access the text in which you will be asked to pay for the decryption of your files and transfer the required amount to a bitcoin wallet.
How to remove Petya.A virus from your hard drive? This is an extremely interesting question. The fact is that if the virus has already blocked your data, then there will, in fact, be nothing to delete. If you do not plan to pay extortionists (which you should not do) and will not try to recover data on the disk in the future, you just need to format the disk and reinstall the OS. After that, there will be no trace of the virus.
If you suspect that there is an infected file on your disk, scan your disk with one of them or install Kaspersky Anti-Virus and perform a full system scan. The developer assured that his signature database already contains information about this virus.
Petya.A encrypts your data with a very strong algorithm. On this moment there is no solution to decrypt the locked information. Moreover, you should not try to access data at home.
Undoubtedly, we would all dream of getting a miraculous decryptor (decryptor) Petya.A, but there is simply no such solution. A virus hit the world a few months ago, but no cure has been found to decrypt the data it encrypted.
Therefore, if you have not yet become a victim of the Petya virus, listen to the advice that I gave at the beginning of the article. If you still lost control over your data, then you have several ways.
In Russia and Ukraine, over 80 companies have been attacked and infected at the time of writing, including such large ones as Bashneft and Rosneft. The infection of the infrastructure of such large companies speaks of the seriousness of the Petya.A virus. There is no doubt that the ransomware Trojan will continue to spread throughout Russia, so you should take care of the security of your data and follow the advice given in the article.
Many users are worried - “can the Petya virus infect their devices under Android control and iOS. I hasten to reassure them - no, it can't. It is designed for Windows users only. The same applies to fans of Linux and Mac - you can sleep peacefully, nothing threatens you.
So today we discussed in detail new virus Petya A. We understood what this Trojan is and how it works, learned how to protect yourself from infection and remove the virus, where to get the Petya decryptor. I hope that the article and my tips were useful to you.
The Petya virus is a fast growing virus that killed almost all large enterprises in Ukraine on June 27, 2017. The Petya virus encrypts your files and offers a ransom for them later.
The new virus infects the computer's hard drive and works like a file encryptor virus. Through certain time, the Petya virus “eats” the files on your computer and they become encrypted (as if the files were archived and a heavy password was set)
Files that have been affected by the Petya ransomware virus cannot be recovered later (there is a percentage that you will recover them, but it is very small)
An algorithm that recovers files affected by the Petya virus - NO
With this short and MAXIMUM useful article, you can protect yourself from the #Petya virus
When downloading a file via the Internet, check it with an online antivirus. Online antiviruses can pre-detect the virus in the file and prevent infection with the Petya virus. All you have to do is check the downloaded file with VirusTotal, and then run it. Even if you DOWNLOAD THE PETYA VIRUS, but DO NOT run the virus file, the virus is NOT active and does no harm. Only after launching a harmful file do you launch a virus, remember this
USE EVEN ONLY THIS METHOD GIVES YOU ALL THE CHANCES TO NOT BE INFECTED WITH THE PETYA VIRUS
The Petya virus looks like this:
Company Symantec offered a solution that allows you to protect yourself from the Petya virus, pretending that you already have it - installed.
The Petya virus, when it enters a computer, creates in a folder C:\Windows\perfc file perfc or perfc.dll
To make the virus think that it is already installed and not continue its activity, create in the folder C:\Windows\perfc a file with empty content and save it by setting the edit mode to "Read Only"
Or download virus-petya-perfc.zip and unzip the folder perfc to a folder C:\Windows\ and set the change mode to "Read Only"
Download virus-petya-perfc.zip
Do not turn on a computer that has already infected you with the Petya virus. The Petya virus works in such a way that while the infected computer is turned on, it encrypts files. That is, as long as you keep the computer affected by the Petya virus turned on, more and more files can be infected and encrypted.
Winchester this computer worth checking out. You can check it using LIVECD or LIVEUSB with antivirus
Bootable flash drive with Kaspersky Rescue Disk 10
Bootable flash drive Dr.Web LiveDisk
Microsoft expressed its point of view on the account of the global infection of the network in large Ukrainian companies. The reason was an update to the M.E.Doc. M.E.Doc is a popular accounting program, which is why such a big blunder of the company as the virus got into the update and installed the Petya virus on thousands of PCs on which the M.E.Doc program was installed. And since the virus infects computers on the same network, it spread with lightning speed.
#: petya virus infects android, petya virus, how to detect and remove petya virus, petya virus how to treat, M.E.Doc, Microsoft, create a folder petya virus
Today, a ransomware virus attacked many computers in the public, commercial and private sectors of Ukraine
Unprecedented hacker attack knocked out many computers and servers in government agencies and commercial organizations across the country
A large-scale and carefully planned cyber attack today disabled the critical infrastructure of many state-owned enterprises and companies. This was reported by the Security Service (SBU).
Starting from lunch, the Internet snowballed into reports of computer infections in the public and private sectors. Representatives of government agencies have reported hacker attacks on their IT infrastructure.
According to the SBU, the infection was mainly due to the opening of word- and pdf-files, which the attackers sent via e-mail. Petya.A ransomware used network vulnerability V operating system Windows. To unlock the encrypted data, the cybercriminals demanded a payment in bitcoins in the amount of $300.
Secretary of the National Security and Defense Council Oleksandr Turchynov said that the government agencies that were included in the protected circuit - a special Internet site - were not damaged. Apparently, the Cabinet of Ministers did not properly implement the recommendations of the National Cyber Security Focal Point because government computers were affected by Petya.A. The Ministry of Finance, Chernobyl, Ukrenergo, Ukrposhta, Novaya Pochta and a number of banks could not resist today's attack.
For some time, the Internet pages of the SBU, the cyber police and the State Service for Special Communications and Information Protection (GSSSZI) did not even open.
As of Tuesday evening, June 27th, none of the law enforcement agencies charged with combating cyber-attacks have revealed where Petya.A came from or who is behind him. The SBU, the Cyber Police (whose website was down all day), and the SSISSI maintained Olympic silence on the extent of the harm caused by the ransomware virus.
The Computer Emergency Response Team (CERT-UA, part of the GISRS) has released tips for mitigating the effects of Petya Ransomware. For this technical specialists recommended to use ESET software. Later, the SBU also spoke about how to protect yourself or reduce harm from the virus.
Virus "Petya": how not to catch it, how to decipher where it came from - the latest news about the Petya ransomware virus, which by the third day of its "activity" had infected about 300 thousand computers in different countries of the world, and so far no one has stopped it.
Petya virus - how to decrypt, latest news. After attacking a computer, the creators of the Petya ransomware demand a ransom of $300 (in bitcoins), but there is no way to decrypt the Petya virus even if the user pays the money. Kaspersky Lab experts, who saw differences from Petya in the new virus and named it ExPetr, claim that a unique identifier for a specific Trojan installation is needed to decrypt it.
In previously known versions of similar Petya/Mischa/GoldenEye ransomware, the installation identifier contained the information necessary for this. In the case of ExPetr, this identifier does not exist, RIA Novosti writes.
Virus "Petya" - where did it come from, the latest news. German security experts put forward the first version of where this ransomware got its way from. In their opinion, the Petya virus began to roam computers from the opening of M.E.Doc files. This is an accounting program used in Ukraine after the 1C ban.
Meanwhile, Kaspersky Lab says that it is too early to draw conclusions about the origin and source of the spread of the ExPetr virus. It is possible that the attackers had extensive data. For example, e-mail addresses from a previous mailing or some other effective way to penetrate computers.
With their help, the "Petya" virus hit with all its might on Ukraine and Russia, as well as other countries. But the real scale of this hacker attack will be clear in a few days - reports.
Virus "Petya": how not to catch, how to decipher, where it came from - latest news about the Petya ransomware virus, which has already received a new name from Kaspersky Lab - ExPetr.
A brief excursion into the history of malware naming.
To bookmarks
Petya.A virus logo
On June 27, at least 80 Russian and Ukrainian companies were attacked by the Petya.A virus. The program blocked information on the computers of departments and enterprises and, like the well-known ransomware virus, demanded bitcoins from users.
Malicious programs are usually named by employees of antivirus companies. The exceptions are those cryptographers, extortionists, destroyers and thieves of personal data, which, in addition to computer infections cause media epidemics - increased hype in the media and active discussion on the network.
However, the Petya.A virus is a new generation. The name that he introduces himself to is part of the developers' marketing strategy aimed at increasing his recognition and growing popularity in the darknet market.
In those days when there were few computers and far from all of them were interconnected, self-propagating programs (not yet viruses) already existed. One of the first of these was the one who jokingly greeted the user and offered to catch him and delete him. Cookie Monster was next, demanding "give him a cookie" by entering the word "cookie".
Early malware also had a sense of humor, although it wasn't always in their names. So, Richard Skrant, designed for the Apple-2 computer, read a rhyme to the victim every 50 computer downloads, and the names of the viruses, often hidden in the code, and not on display, referred to jokes and subcultural catchwords common among geeks of that time. They could be associated with the names of metal bands, popular literature and tabletop role-playing games.
At the end of the 20th century, the creators of viruses did not hide much - moreover, often, when a program got out of control, they tried to take part in eliminating the harm caused to it. So it was with the Pakistani and destructive, created by the future co-founder of the Y-Combinator business incubator.
One of the Russian viruses mentioned by Evgeny Kaspersky in his 1992 book “ Computer viruses in MS-DOS. The Condom-1581 program from time to time showed the victim dedicated to the problems of clogging the world's oceans with human life products.
In 1987, the Jerusalem virus, also known as the Israeli Virus, was named after the place of its first discovery, and its alternative name Black Friday was due to the fact that it activated and deleted executable files if the 13th of the month fell on a Friday.
According to the calendar principle, the Michelangelo virus was also named, which caused a media panic in the spring of 1992. Then John McAfee, later famous for creating one of the most annoying antiviruses, during a Sydney conference on cybersecurity, journalists and the public: “If you boot an infected system on March 6, all the data on your hard drive will be corrupted.” And what about Michelangelo? On March 6, the Italian artist had a birthday. However, the horrors that McAfee predicted ended up being overly exaggerated.
The capabilities of the virus and its specificity often serve as the basis for the name. In 1990, one of the first polymorphic viruses was given the name Chameleon, and its powerful ability to hide its presence (and therefore belongs to the category of stealth viruses) was named Frodo, alluding to the hero of The Lord of the Rings and hiding from the eyes of those around the Ring . And, for example, the OneHalf virus of 1994 got its name due to the fact that it showed aggression only by infecting half of the disk of the attacked device.
Most viruses have long been named in laboratories, where they are taken apart by analytics.
Usually these are boring ordinal names and common "family" names that describe the category of the virus, what systems it attacks and what it does with them (like Win32.HLLP.DeTroie). However, sometimes, when hints left by developers can be detected in the program code, viruses get a little personality. This is how, for example, the MyDoom and KooKoo viruses appeared.
However, this rule does not always work - for example, the Stuxnet virus, which stopped the centrifuges enriching uranium in Iran, did not become Myrtus, although this word ("myrtle"), in the code, was almost a direct allusion to the participation of the Israeli special services in its development. IN this case won the name already known to the general public, assigned to the virus in the early stages of its discovery.
It often happens that viruses that require a lot of attention and effort to study receive beautiful names from antivirus companies that are easier to say and write down - this happened with Red October, diplomatic correspondence and data that can affect international relations, as well as IceFog , large-scale industrial espionage.
Another popular way of naming is by the extension that the virus assigns to infected files. So, one of the “military” Duqu viruses was named so not because of Count Dooku from Star Wars, but because of the ~DQ prefix, which marked the files he created.
The WannaCry virus, which made a splash this spring, also got its name, marking the data encrypted by it with the .wncry extension.
The earlier name of the virus, Wanna Decrypt0r, did not catch on - it sounded worse and had inconsistencies in writing. Not everyone bothered to put "0" as "o".
This is how today's most talked about malware appears to have completed the encryption of files on the attacked computer. The Petya A. virus has not only a recognizable name, but also a logo in the form of a pirate skull and crossbones, and a whole marketing promotion. Spotted along with his brother "Misha" yet, the virus attracted the attention of analysts precisely for this.
From a subcultural phenomenon, having gone through a period when quite serious technical knowledge was required for this kind of “hacking”, viruses turned into a weapon of a cyber-gop-stop. Now they have to play by the rules of the market - and who gets more attention, he brings his developers big profits.
