Romania is among the 10 most affected countries after the “WannaCry” cyber-attack, produced on Friday, which caused problems for several institutions and international organizations in 74 countries, Kaspersky Lab specialists said in a press release sent to AGERPRES.
“On May 12, a massive ransomware attack hit organizations around the world. Kaspersky Lab researchers have analyzed the data and are able to confirm that the company’s protection subsystems have detected at least 45,000 infection attempts in 74 countries, most of them in Russia. Romania is among the 10 most affected countries. The ransomware program infects victims by taking advantage of a Microsoft Windows vulnerability described and resolved in Microsoft Security Bulletin MS17-010. The exploited exploitation, “Eternal Blue,” was revealed in Shadowbrokers case on April 14. Once they get into the system, attackers install a rootkit, which allows them to download the program to encrypt the data. The malware encrypts files. Subsequently, there is a message asking for 600 USD in Bitcoin, and the wallet, and the ransom increases over time,” the quoted release said.
According to Kaspersky Lab experts, they are currently trying to determine if it is possible to decrypt encrypted data during the attack to develop a decryption tool as soon as possible.
In this context, the cyber security solution developer recommends a series of steps to reduce the risk of device malware such as: installing the official patch from Microsoft that solves the vulnerability used in this attack, activating security solutions at each network node, terminal scanning, system reboot procedure, if MEM is detected: Trojan.Win64.EquationDrug.gen and, last but not least, the use of threat reporting services available to clients.
The Romanian National Computer Security Incident Response Team (CERT-RO) announced on Saturday that a total of 10 Windows operating systems and servers are vulnerable to the new version of the “WannaCry” ransomware threat, which has led to numerous technical problems over the last 24 hours in several organizations and institutions around the world.
Dacia announces partial activity interruption in Mioveni due to cyberattack
Activity has been partially interrupted on Saturday at the Dacia plants of Mioveni, following a cyberattack that affected some of the information systems, according to a company release sent to AGERPRES on Saturday.
“Part of the production activity of Dacia plants of Mioveni has been affected by malfunctions of the information systems and several employees have been sent home, on Saturday morning, May 13. The measure was taken to prevent the expansion of malfunctions which, at a first glance, are a consequence of the global cyberattack,” reads the release of the Communication Department with the Renault Romania Group.
According to the same source, a task force group was setup at the Mioveni platform to monitor the development of the situation.