Two new modifications of the virus WannaCry appeared over the weekend, and, presumably, have created them not the authors of the original virus-the extortioner. This was announced on Monday, may 15, in a press-service IT company “Kaspersky Lab”.
“The total number of variations of malware circulating on the Internet on Monday, may 15, is still unknown. However, in the 13 and 14 may there were two significant modifications”, – said the employee of the press service of the company.
“Kaspersky lab” believes that none of these options were created by the authors of the original extortionist – most likely, they have other players cybercriminal world who have decided to use the situation to their advantage,” added the company.
A company representative reported that the first of the two modifications of the virus WannaCry began to spread on Sunday, around 4:00 in Kiev.
“He was connected to another domain. At the moment, “Kaspersky Lab” has detected three victims of this variant of extortion in Russia and Brazil” – said the press officer.
“The second option that appeared the other day, apparently able to circumvent the so-called Killswitch (killswitch) – that feature in the program code, which helped to stop the first wave of attacks. However, that’s not the variant became widespread, possibly due to error in code”, – he said.
We will remind, on Friday, may 12 it became known about the large-scale cyber attack. Hospitals and telecommunication companies worldwide have become victims of hacker-extortionists.
It was reported that institutions only have three days to send the payment to the hackers. After that the computers “will put the meter on”: the price for the return of the files will double. But if the victim of a hacker attack do not pay within seven days, you will lose your files forever.
In this case withthe builders of the virus-the extortioner WannaCry bypassed its stop limit. Informed by one of the users managed to stop the spread of the virus. He registered a domain name iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com the name of which was contained in the code of the virus.