[ad_1]
When infected recipients opened infected messages, the virus entered the internal networks of the institutions. The infected computers, after downloading additional files, began to send fake emails or engage in other types of malicious activity, the media reported.
According to the data available to the NVSC, the false letters sent by the NVSC were received by representatives of the Government of the Republic of Lithuania, ministries and individuals with whom the NVSC specialists contacted during the epidemiological diagnosis.
“We warn you that not all computer viruses can be intercepted by the security systems used by organizations, because malicious code is distributed in various ways, such as archived, password protected, and the password itself is recorded in the letter.
Emails accessed in this way require user action: open the file, unzip it with a password. Therefore, we recommend email to everyone. Postal system operators must adjust their security rules and filters, ”says Rytis Rainys, Director of NKSC.
According to him, the first lyrics were recorded on Tuesday, around 10 pm in the morning. The malware was encrypted and password protected, so it was not detected by antivirus systems, and users had the impression, among other things, that the messages were part of correspondence with colleagues, that is, fragments of correspondence were used previous real.
The email sent also included a password that the user had to enter when opening the zip file.
R. Rainys confirmed that the letters were opened by “tens or perhaps hundreds” of employees of the National Center for Public Health and recipients related to the center, various municipalities and other institutions, including the health field.
With the help of specialists from the cybersecurity center, the virus’s effects have been wiped out since Tuesday, and final work is expected to be completed on Wednesday.
According to him, the main purpose of the virus was probably to spread spam and thus earn revenue for the attack organizers, but later it could also connect computers to a common botnet and thus exploit it for more complex cyber attacks.
“The virus can download new commands and do much more damage, so we recommend cleaning it. Modern antivirus systems detect the Emotet virus (…). The next minute, the virus can download new extensions and may be involved in some attacks DDoS, where information services on the Internet can be disabled, such as destructive attacks, ”said the director of the Cyber Security Center.
To stop the spread of the virus, NVSC’s email operation was temporarily restricted on Tuesday. The institution’s information technology specialists, along with specialists from the National Cyber Security Center and the Central State Telecommunications Center, are making efforts to remove the virus in order to safely retrieve NVSC emails. postal activities.
NVSC representative Austina Vžesniauskaitė told BNS that the center’s email on Wednesday morning is not yet operational and this complicates the center’s work.
“Email is not working yet, it is being viewed due to other information systems. (…) Basically, it is one of the means of communication, data collection is now complicated, every minute is very expensive for us, those few hours will really get in the way, ”said the NVSC representative.
The National Cyber Security Center promises more information on the incident later on Wednesday.
This is the second major wave of infected mail this fall, recorded by the National Center for Cyber Security. The first attempt to use Trojan.Emotet infected emails was registered in October this year.
Rainys also said that it could be clarified at a later stage whether the incident could be related to cyberattacks against the European Medicines Agency and Pfizer and BioNTech, the first European suppliers of coronavirus vaccines, a few weeks ago to seize COVID. 19 related facts.
“Rebuilding postal systems is a task of the first order. By dealing with it, it would be possible to correlate times and events in the world. I would not rule it out,” he said.
The NKSC recalls that to protect their computer from malicious viruses, users should keep their security systems up to date, regularly perform a full virus scan of their computer, stay up-to-date with the latest operating system and software, and avoid suspicious emails or dark. Suspicious content on web pages.
Many antivirus programs remove the malicious Trojan.Emotet virus.
[ad_2]